Skip to content

Excluding selected functions

Jump to bottom
hasherezade edited this page Aug 11, 2023 · 11 revisions

In some cases, we want to exclude specific functions from tracing, in order to reduce the noise. We can do it by defining a list of such functions in excluded.txt.

The exclusions need to be defined in the following format (; is the delimiter):

{module};{function}

Example:

kernelbase;InitializeCriticalSectionEx

If the function is excluded, the call to it will not be listed in the .tag file. Also, the parameters of the function will not be dumped (even if it was defined in params.txt).

Demo

  1. The tracelog of a demo application, before the exclusions were defined:
7f56c;section: [.text]
7f5a4;CPUID:0
7f602;CPUID:1
7f69d;CPUID:7
82c4c;kernel32.LoadLibraryExW
82ce3;kernel32.GetProcAddress
GetProcAddress:
	Arg[0] = ptr 0x00007ff81b340000 -> {MZ\x90\x00\x03\x00\x00\x00}
	Arg[1] = ptr 0x00007ff621e5a5d8 -> "InitializeCriticalSectionEx"

82c4c;kernel32.LoadLibraryExW
82ce3;kernel32.GetProcAddress
GetProcAddress:
	Arg[0] = ptr 0x00007ff81b340000 -> {MZ\x90\x00\x03\x00\x00\x00}
	Arg[1] = ptr 0x00007ff621e5a5a0 -> "FlsAlloc"

82da7;kernelbase.FlsAlloc
[...]
  1. We exclude function GetProcAddress from tracing.

excluded.txt:

kernel32;GetProcAddress

The tracelog:

7f56c;section: [.text]
7f5a4;CPUID:0
7f602;CPUID:1
7f69d;CPUID:7
82c4c;kernel32.LoadLibraryExW
82c4c;kernel32.LoadLibraryExW
82da7;kernelbase.FlsAlloc

Tiny Tracer Wiki, by hasherezade

Clone this wiki locally