search

mxmssh / drltrace

Drltrace is a library calls tracer for Windows and Linux applications.
BSD 3-Clause "New" or "Revised" License
387 stars 65 forks source link

Starter script for Windows #23

Closed merces closed 4 years ago

merces commented 4 years ago

In my understanding drltrace 32-bits can only trace PE32 files and drltrace 64-bits should be used with PE32+ files. For people that have 64-bit Windows, it'd be handy to have the ability to run drltrace <file> from anywhere in the system. I've thought about putting both the content of bin folder from drltrace_win32.7z and bin64 folder from drltrace_win64.7z under the same folder and add its full path to PATH environment variable, but lots of files have the same name. The workaround I found is to use a PowerShell script called drltrace and put it within a folder structure like this:

c:\tools\bin>dir
 Volume in drive C has no label.
 Volume Serial Number is 5CE4-F9DE

 Directory of c:\tools\bin

17/03/2020  23:36    <DIR>          .
17/03/2020  23:36    <DIR>          ..
18/03/2020  00:59             1,647 drltrace.ps1
14/03/2020  05:10    <DIR>          drltrace_win32
14/03/2020  05:12    <DIR>          drltrace_win64
08/05/2017  08:14         8,438,645 floss.exe
23/01/2020  17:56           412,672 upx.exe
13/11/2019  19:06           434,068 xorsearch-x64.exe

The script checks if the PE file given is compiled to 32 or 64-bits and call the right drltrace version to run it. If you add it to PATH, then you can call it from PowerShell shell this way:

drltrace-powershell

Or using cmd:

drltrace-cmd

The idea is to make things easier when using it in a VM to analyse both 32 and 64-bits binaries.

If you think it's useful for other drltrace users, just point me out where I should put it in your directory tree and I can send a PR.

Thanks for your great tool!

mxmssh commented 4 years ago

I think it is usefull. Go ahead! We have special folder for scripts here: https://github.com/mxmssh/drltrace/tree/master/drltrace_src/scripts