drakvuf icon indicating copy to clipboard operation
drakvuf copied to clipboard

Published 20 hours ago verified publisher icon tklengyel

need guidance towards drakvuf tracing

Open mohitbhatt-du opened this issue 3 years ago • 1 comments

Dear Tamas K. Lengyel Sir,

From previous instructions by you, we have successfully generated some logs.

In logs we found some extra features like -

  1. Syscall Time
  2. Sysret Time
  3. Delayintervals
  4. Process Handler
  5. Process Information Class
  6. Process Information
  7. Return Length
  8. CR3 Value
  9. Procmon
  10. Filetracer
  11. Sysnet
  12. File Extractor
  13. Syscall
  14. Poolmon
  15. Delaymon
  16. Objmon

We now request you to guide us by providing any documentation or description of these features and what they are indicating.

Kindly provide your guidance so that we can move ahead further. Thanks

Regards Mohit

mohitbhatt-du avatar Jan 06 '22 16:01 mohitbhatt-du

e.g. https://learn.microsoft.com/en-us/windows/win32/api/ https://learn.microsoft.com/en-us/sysinternals/resources/windows-internals https://learn.microsoft.com/en-us/sysinternals/resources/

hexrays4711 avatar Aug 01 '23 15:08 hexrays4711