You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
Sharing the D: Getting started in new lang is never easy, but dtrace on win is exceptionally hard due to missing basic features, bad samples and very little documentation. To ease the pain- please share if you make something that could be usefull for other people.pic.twitter.com/BFEc08CnoZ
You can see the source for that output here: https://initialrepo.visualstudio.com/15f0c23e-745c-44e0-a5c5-223c432b118c/_apis/git/repositories/d219e8f3-2cd8-416a-83a5-89f9b3e1e5f7/items?path=%2Fhook.d&versionDescriptor%5BversionOptions%5D=0&versionDescriptor%5BversionType%5D=0&versionDescriptor%5Bversion%5D=master&resolveLfs=true&%24format=octetStream&api-version=5.0&download=true …
dtrace allows real syscall hooking, even modification of arguments. No BSOD problems- dynamic hooks, speculative tracing. Bad support for wide strings, no functions, no loops.
Some ideas that could be posted here: Logging of named pipe data IOCTL data ALPC recording COM calls, resolved interfaces and signatures Process launching
Download it here: https://www.microsoft.com/download/details.aspx?id=100441 … Requires: bcdedit /debug on bcdedit /set dtrace on bcdedit /set testsigning on disable secure boot REG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\ /v EnableVirtualizationBasedSecurity /t REG_DWORD /d 1 boot
What is speculative tracing?
you start tracing when X happens, when Y happens you decide if the recorded data is thrown away or became usefull.
Maybe it would be nice if the output a given .d gives is pipeable into powershell for further filtering? Like- better with printing too much then let users filter away I will try to do it that way I also embed key structures as comments for easy lookup
a bit about how to code it: you cannot cast to array of wide char- so wrap with: struct ustr{ uint16_t buffer[1024]; }; its never instanced- just type info used for wide char access. hook with: syscall:name: entry/return / predicate here- hook only called if eval true /
I inject info about syscalls args as comment in the predicate not primitive data types you wanna inspect you have to copy first in. on copy the cast decides the copied in data type
dtrace have great potential - with a bit extra work it can become really nice. its possible to use c++ preprocessor - so boost like macro metaprogramming should be doable. this could enable enumeration like loops and some kinds of functions.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
