DynamoRIO API
Library Tracing Tool

drltrace is a DynamoRIO client tool that records calls to shared libraries. It reports all invocations of exported functions in all shared libraries loaded into the target process.

The runtime options for this tool include:

  • -only_from_app: Only reports library calls from the application itself, as opposed to all calls even from other libraries or within the same library.
  • -logdir dir: Sets the log directory, which by default is "-". If set to "-", the tool prints to stderr.
  • -ignore_underscore: Ignores library routine names starting with "_".

Here is an example:

bin32/drrun -t drltrace -only_from_app -- hello.exe

Here is a portion of the output from the above command:

~~~~ ntdll.dll!RtlDecodePointer
~~~~ ntdll.dll!RtlEnterCriticalSection
~~~~ ntdll.dll!RtlEnterCriticalSection
~~~~ ntdll.dll!RtlLeaveCriticalSection
~~~~ ntdll.dll!RtlEnterCriticalSection
~~~~ ntdll.dll!RtlEnterCriticalSection
~~~~ KERNEL32.dll!WriteFile
Hello world!
~~~~ ntdll.dll!RtlLeaveCriticalSection
~~~~ ntdll.dll!RtlLeaveCriticalSection
~~~~ ntdll.dll!RtlEnterCriticalSection
~~~~ ntdll.dll!RtlLeaveCriticalSection
~~~~ ntdll.dll!RtlLeaveCriticalSection
~~~~ KERNEL32.dll!HeapFree
~~~~ ntdll.dll!RtlLeaveCriticalSection
~~~~ KERNEL32.dll!GetModuleHandleW
~~~~ KERNELBASE.dll!GetModuleHandleW
~~~~ KERNEL32.dll!ExitProcess