Augmenting Static Reverse Engineering with Dynamic Analysis and Instrumentation
A tool that I wrote to help reversing on Windows. Also proof that I am bad at coming up with catchy names.
See the presentation in
slides/for some examples on the sample application. I've also included an
.idbthat shows some of the features. All comments are auto-generated by the tool. The only input I provided was to give the structures a name, and to select various interesting instructions.
%PIN_HOME%points to an installation of Intel's Pin.
build.batfrom a MSVC 2010 console
gflags /i test.exe +hpa)
release.batto trace the test.exe program in release mode
demo.exe.pyto import the traces
py\idapython_script.pyfrom within IDA
ida-splodeshould automatically recognize all traces for the open binary from the database, and present a list of options.
Ctrl+Shift+Hreprints the help message
+hpa), it will waste a lot of time looking for heap metadata at instrumentation-time.
SYM*paths versus just local paths, it won't find PDBs and you'll only get exports. Use
-m foo.exe -m bar.dlland is case-insensitive.
-roption to limit instrumentation to inside the scope of a particular routine (so you can skip all the start-up stuff). For example,
This is pulled from a working copy, so some things may not work properly. If you run into any issues, feel free to contact me at @ebeip90 or ebeip90 on Freenode.net.