I tried to trace some known network API functions in some Sysinternals tools in order to observe/capture the interaction between a process and a driver (say for example arp.exe interaction with the network adapter driver?, what IOCTL is used etc.. ) I was wondering if there is any suitable way to do that besides debugging a program
thanks in advance!
You can use IRP Logger of Windows Driver verifier to get basic information about IRP coming to the driver. (Including from user space)