问题
Reading Monitoring certain system calls done by a process in Windows I'm wondering about a Windows equivalent to the ptrace syscall or a programatically workaround.
回答1:
You can use ETW to trace system calls. When starting the trace, in EVENT_TRACE_PROPERTIES, you can add EVENT_TRACE_FLAG_SYSTEMCALL flag to EnableFlags. This enables SysCallEnter and SysCallLeave events, as described here.
来源:https://stackoverflow.com/questions/865106/is-there-something-like-linux-ptrace-syscall-in-windows