Generate Nt* system call sequence

I have managed to run the code after which we have some doubts. Please clear some of those. The primary motive is to get a list of sequence Nt* calls as you have used in your paper System Call-Based Detection of Malicious Processes. 

1. The database generated contains only the processes and their path such as chrome.exe etc. How should we extract the 'Nt*' process calls from the same?
![db](https://user-images.githubusercontent.com/22795943/50811093-f0c14000-1332-11e9-8777-52bedc02af28.jpg)

2. debug_log.txt contains too many lines mentioning something like this but with different addresses 'UNKNOWN System Call Enter NT FFFFF802702D11D4 on core 3. '  What is this address pointing?

![debug_log-2](https://user-images.githubusercontent.com/22795943/50811087-ebfc8c00-1332-11e9-8d22-f7b51be2c3e4.jpg)
![debug_log-1](https://user-images.githubusercontent.com/22795943/50811090-edc64f80-1332-11e9-9ae7-286467727dcd.jpg)


3.   100s of *_trace files generated with the size of 0 kb. How did you use them?
![image](https://user-images.githubusercontent.com/22795943/50811135-2534fc00-1333-11e9-95f7-03a8ad38dabb.png)

**EDIT:**
1.  In one of our Windows 7 systems, we have got ```*_trace``` file with some size. Since they are binary files written using ```BinaryWriter```, how should I open it and read it's content? (Same is the case with ```host_trace_data```

2. When executing the tool in the util directory, it is generating an empty symbol file.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Generate Nt* system call sequence #1

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Generate Nt* system call sequence #1

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions