Import Traceline, a Windows performance trace event logger.

tools/traceline/traceline/dump_syscalls_idarub.rb

Index: tools/traceline/traceline/dump_syscalls_idarub.rb
diff --git a/tools/traceline/traceline/dump_syscalls_idarub.rb b/tools/traceline/traceline/dump_syscalls_idarub.rb
new file mode 100755
index 0000000000000000000000000000000000000000..6e0fb8fe9d73625c2b2bbaca76ad0aab60e9c1fe
--- /dev/null
+++ b/tools/traceline/traceline/dump_syscalls_idarub.rb
@@ -0,0 +1,32 @@
+#!/usr/bin/env ruby
+
+# Copyright (c) 2009 The Chromium Authors. All rights reserved.
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+# This is an idarub script for extracting system call numbers from a DLL that
+# has been loaded into the IDA disassembler.  The interesting system call stubs
+# are contained in ntdll.dll, user32.dll, gdi32.dll, and imm32.dll.
+
+require 'idarub'
+
+ida, = IdaRub.auto_client
+
+curea = 0
+
+filename = ida.get_root_filename
+
+while true
+  curea = ida.find_binary(
+      curea, ida.BADADDR, 'ba 00 03 fe 7f', 16, ida.SEARCH_DOWN)
+  break if curea == ida.BADADDR
+
+  raise "z" if ida.get_byte(curea - 5) != 0xb8
+
+  syscall = ida.get_long(curea - 4)
+  # Remove the IDA _ prefix and the @argsize trailing decorator...
+  funcname = ida.get_func_name(curea).split('@', 2)[0].split('_', 2)[-1]
+  puts '%d: "%s!%s",' % [syscall, filename, funcname]
+
+  curea += 1
+end