Add support for win32k syscalls

microsoft / DTrace-on-Windows

Code for the cross platform, single source, OpenDTrace implementation

Other

473 stars 42 forks source link

Add support for win32k syscalls #23

Open sklaw opened 2 years ago

sklaw commented 2 years ago

It would be nice if win32k syscalls can also be instrumented like ntos syscalls.

stevemk14ebr commented 1 year ago

Any updates here? NtUserFindWindowEx is the specific call I need.

KiServicesTab referenced in KiGetSystemServiceTraceTable just needs to be extended so that KeSetSystemServiceCallback matches the hash loop comparison and sets the probes.

CodeMaxx commented 1 year ago

@stevemk14ebr @sklaw We don't have plans to implement this currently. I'll keep this issue open and update here in case things change in the future.

stevemk14ebr commented 1 year ago

I am sorry to hear that and hope it changes, thanks for the update!