Notices: This section not yet converted to new layout. Download stats are rolling back out.




Downloads of v


Last update


Package test results are passing.

This package was submitted prior to moderation and has not been approved. While it is likely safe for you, there is more risk involved.

Warning: the author does not guarantee this tool to work on x64.

This tool is a Windows NT native application, designed to trace system calls (Native API) and portions of RTL, just like Unix strace, without installing device driver (which is sometimes used to monitor system services table) and yet allowing trace calls at the lowest available for user-mode level.

Tool creates target process and inserts wrappers for ntdll functions before first thread is executed. On every such call wrapper code is launched, writing known information to standard output handle inherited from parent ntstrace process. This even allows monitoring loader initialization, which is quite hard to do with average user-mode debugger.

To install ntstrace, run the following command from the command line or from PowerShell:

C:\> choco install ntstrace

To upgrade ntstrace, run the following command from the command line or from PowerShell:

C:\> choco upgrade ntstrace


  • This package was created prior to July 2014 - when package content started being included on the site. You can download and unzip the package or use Nuget Package Explorer to see the contents.

Virus Scan Results

In cases where actual malware is found, the packages are subject to removal. Software sometimes has false positives. Moderators do not necessarily validate the safety of the underlying software, only that a package retrieves software from the official distribution point and/or validate embedded software against official distribution point (where distribution rights allow redistribution).

Chocolatey Pro provides runtime protection from possible malware.


This package has no dependencies.

Package Maintainer(s)

Software Author(s)

  • Vasily Tarasov


Copyright 2011-2012 Vasily Tarasov


Version History

Version Downloads Last updated Status
ntstrace 250 Wednesday, June 5, 2013  

Discussion for the ntstrace Package

Ground rules:

  • This discussion is only about ntstrace and the ntstrace package. If you have feedback for Chocolatey, please contact the google group.
  • This discussion will carry over multiple versions. If you have a comment about a particular version, please note that in your comments.
  • The maintainers of this Chocolatey Package will be notified about new comments that are posted to this Disqus thread, however, it is NOT a guarantee that you will get a response. If you do not hear back from the maintainers after posting a message below, please follow up by using the link on the left side of this page or follow this link to contact maintainers. If you still hear nothing back, please follow the package triage process.
  • Tell us what you love about the package or ntstrace, or tell us what needs improvement.
  • Share your experiences with the package, or extra configuration or gotchas that you've found.
  • If you use a url, the comment will be flagged for moderation until you've been whitelisted. Disqus moderated comments are approved on a weekly schedule if not sooner. It could take between 1-5 days for your comment to show up.

comments powered by Disqus uses cookies to enhance the user experience of the site.