I need to capture the DeviceIoControl() system calls of an application. On linux, strace can be used to analyze all ioctl calls. Is there any similar functionality on windows?
MSDN website recommends a program called "Process Monitor" to analyze the real-time activities of executables. However, "Process Monitor" does not show anything about DeviceIoControl calls.
Have you tried OSR's IRPTracker?
IrpTracker allows you to monitor all I/O request packets (IRPs) on a system without the use of any filter drivers and with no references to any device objects, leaving the PnP system entirely undisturbed. In addition to being able to see the path the IRP takes down the driver stack and its ultimate completion status, a detailed view is available that allows you to see the entire contents of static portion of the IRP and an interpreted view of the current and previous stack locations.
To capture the DeviceIoControl() function you can use an API hook. My company provides Deviare, a hook engine with a high level interface. You don't need to know a lot about hooking it can be used freely (just display a dialog saying unregistered version). It includes a hook console with source code.
Recently discovered Rohitab's API Monitor It hasn't been updated for 2 years, but it does work on my Win7 x64. It has very good API filtering capabilities.
The Dr. Memory (http://drmemory.org) tool comes with a system call tracing tool called drstrace that lists all system calls made by a target application, including NtDeviceIoControlFile, along with their arguments: http://drmemory.org/strace_for_windows.html
