Wrap an executable to diagnose it's invocations

Question

I have a Windows executable (whoami) which is crashing every so often. It's called from another process to get details about the current user and domain. I'd like to know what parameters are passed when it fails.

Does anyone know of an appropriate way to wrap the process and write it's command line arguments to log while still calling the process?

Say the command is used like this: 'whoami.exe /all'

I'd like a script to exist instead of the whoami.exe (with the same filename) which will write this invocation to log and then pass on the call to the actual process.

Answer 1

You didn't note which programming language. It is not doable from a .bat file if that's what you wanted, but you can do it in any programming language. Example in C:

int main(int argc, void **argv)
{
    // dump contents of argv to some log file
    int i=0;
    for (i=0; i<argc; i++)
        printf("Argument #%d: %s\n", argv[i]);
    // run the 'real' program, giving it the rest of argv vector (1+)
    // for example spawn, exec or system() functions can do it
    return 0; // or you can do a blocking call, and pick the return value from the program
}

Answer 2

Look for whoami.exe, BACK IT UP, replace it with your own executable and see do whatever you like with it's parameters (maybe save them in a text file).

Answer 3

I don't think using a "script" will work, since the intermediate should have a .exe extension for your ploy to work.

I would write a very small command line program to do this; something like the following (written in Delphi/Virtual Pascal so it will result in a Win32 executable, but any compiled language should do):

program PassThrough;

uses
  Dos; // Imports the Exec routine

const
  PassTo = 'Original.exe'; // The program you really want to call

var 
  CommandLine: String;
  i: Integer;
  f: Text;

begin
  CommandLine := '';
  for i := 1 to ParamCount do
    CommandLine := CommandLine + ParamStr(i) + ' ';

  Assign(f,'Passthrough.log');
  Append(f);
  Writeln(f, CommandLine);      // Write a line in the log
  Close(f);


  Exec(PassTo, CommandLine);    // Run the intended program
end.

Answer 4

Can't you just change the calling program to log the parameters it used to call the process, and the exit code? This would be way easier than trying to dig into whoami.exe

Answer 5

From a batch file:

echo Parameters: %* >> logfile.txt
whoami.exe %*

With the caveat that you can have problems if the parameters contain spaces (and you passed the in escaping with "), because the command-line parser basically de-escapes them and they should be re-escaped before passed to an other executable.

Answer 6

If you can reproduce the crash, use Process Explorer before crashed process is terminated to see its command line.

http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx