NT system call tracing?

John Lusk lusk at dg-rtp.dg.com
Thu Oct 15 14:00:23 GMT 1998

This isn't exactly a Samba question, but I heard Luke Leighton say
something at LISA NT that I'd like to know a little more about.

In reference to gina.dll and user authentication, Luke said that NT
makes a call to something along the lines of "LogonUserEx()", which
isn't documented (although "LogonUser()" is).  What I'd like to know
is:  how did he know?  Is there some tool that allows one to "sniff"
system calls?  (Even better, might it possible to puzzle out what's
going on in the kernel while it's processing a system call, perhaps by
seeing other system calls cascading off the original?)


More information about the samba mailing list