Questions tagged [tracing]
The tracing tag has no usage guidance.
32
questions
2
votes
2
answers
105
views
Tracing all functions in executable conditionally, to find function of interest
I would like to alter the behavior of some executable (in my case, a videogame). One way of doing this is to hook function calls (e.g., a function like Player::ReceiveDamage) and adjust parameters/...
- 125
0
votes
0
answers
76
views
Intel Pin Tool : Memory Trace of a function and all the functions called by it
I want a memory (read) trace of a function and all the functions called by the function I wish to trace.
This is the code I wrote.
#include "pin.H"
#include <cstdint>
#include <...
0
votes
0
answers
547
views
Failed to attach: unable to connect to remote frida-server: closed
I'm trying to bypass Frida (Android) local port scanning detection, so I followed this guide. The sequence of commands I used are : (magic_man is alias for frida_server)
adb root
adb push magic_man /...
- 101
0
votes
0
answers
87
views
Reverse engineering Microsoft Teams web invisible incoming messages
I'm currently looking to inspect the network traffic in Chrome when I receieve incoming messages in microsoft teams, but i can't point out where or how is Teams getting the messages from.
When I load ...
- 101
0
votes
0
answers
38
views
How can I make a quick tracer for a PE file?
INTRODUCTION:
I made my tracer on the event debug loop, but after I compared its speed characteristics with the same PinTool or similar tools, I realized that my tracer is several dozen times slower ...
- 11
0
votes
1
answer
368
views
How learn which functions are called in .so library at Android?
I want to learn how listen certain .so files. I mean what is the way to know which fuctions are called which body of code executed in shared library at Android? I just wanted mofify stock camera on my ...
3
votes
0
answers
75
views
Tracing without breakpoints
I need:
To start tracing without breakpoints.
To do something in a program.
To stop tracing. This step may be replaced with a breakpoint but not the first step.
The thing is I need to do some ...
- 173
1
vote
0
answers
155
views
IDA tracing not working
I remotely debug a process with IDA Pro, and I want to print to file all the functions that are called.
I have tried to use IDA Tracing, but it doesn't print to file.
- 183
0
votes
1
answer
222
views
Trace back regularly used .data variable in IDA
I am reversing Cryptex.exe 1.0 from Eldad.
There is unknown-data buffer address stored in edx which gets used as parameter for CryptHashData, which will hash 20 Bytes from there. Now I want to find ...
- 115
1
vote
0
answers
136
views
Memory modified at jump far
Observing a trace of Wow64 switching on Windows 7, the following situation makes me confused
...
0x77491dbe 64 ff 15 c0 00 00 00 call fs:[0xc0] ; syswow64\ntdll.dll
0x74632320 ea 1e 27 63 ...
- 1,410
0
votes
2
answers
937
views
How to compare two different executions of the same file?
When i start the program by just double clicking the .exe, it has a certain behavior. This behavior differs when i start the program from running the launcher provided. I’d like to figure out how to ...
- 1
1
vote
1
answer
205
views
How to track/debug/manipulate Windows processes in a VM?
I am trying to make some deep-level windows debuggig/tracing, utilizing virtualization.
Considering that if a Windows runs in a virtual machine, theoretically I have total power over it - I could ...
- 179
0
votes
1
answer
54
views
IDA - How can I get a list of differing instructions from 2 recorded instruction traces?
I have 2 recorded IDA pro instruction traces, how can I get a list of differing instructions?
I am able to load the diffs as overlays but there are a large amount of instructions recorded that are ...
- 203
1
vote
0
answers
393
views
Is there a way to trace the differences of a software in x64dbg?
Why does Immunity Debugger unable to start my application? I want to compare the differences of a software: Immunity Debugger can trace all assembly instruction with the Add entries of all procedures ...
1
vote
1
answer
320
views
'local call from' in x64dbg
In OllyDbg there was a thing called "local call from xxx,xxx,xxx,xxx ... " which helps me know from where a function is being called in the entire module. Does such a feature exist in x64dbg as well?
- 163