SpyStudio Interpreting Tracing Output

SpyStudio Tutorials Home

When a process is intercepted you will see it here in the Intercepted group:

The number after the '/' indicates the number of active hooks in the process.

Interpreting results

Entries: each field in trace control means a specific call. In the other controls calls are represented in different ways.

Red color: call failed.
Black color: call succeed.
Time: time that took the call/s in milliseconds.
Color intensity: indicates the relevance of the event. The "Relevance" column also indicates this.

You can see all the operations together:

Event Summary (and scrollbar) on the left:

On the left you can see the summary of the whole trace and you can use the mouse to scroll the control to the meaningful events. 

You can see COM objects instanced:

You can see Windows created:

You can browse files that the process/es opened:

You can browse the Registry that the process/es opened:

Get any item 'Properties' to see related events and navigate from one tab to the other:

Apply Filter

You can apply a filter from 'Edit' menu, click 'Filter' item or just press CTRL-L. In this example you can see calls filtered to see only those entries whose Path contains iexplore.exe