OpenRCE_Sirmabus
November 24th, 2007, 18:50
My little real time code tracing tool is really taking off.
See for some basic info on using the CPU trace mechanism:
http://www.openrce.org/blog/view/535/Branch_Tracing_with_Intel_MSR_Registers
I've had an idea to track in real time what a process is doing in it's code space for around three years now, and have been playing with technology to do it.
Basically something to help a reverse engineer locate specific code inside of a process.
Using a simple KMD I've got the flexibility and speed (speed could be better) to do what I need now.
The real acid test is the ability to load in a modern game, like "WOW", "LOTRO", etc., and trace all threads in real time. Something I can now do. And that's no simple feat.
At least not with out some sort of ICE. Is you have $20,000+ hardware you can do this already, but this CPU feature and software setup anyone with a modern PC can do it.
These types of process (current games and multimedia application) hog most of the system resources when they are active.
Try tracing a running game, or any other near real time software using the debugging APIs. An "exercise in futility"..
Playing with the simple UI I've got going, and some current tests show that I might have something useful. If it all works right, it will be something that people haven't really seen before.
Besides my intended use, there are a number of other possibilities to do with this technology.
Such as real time code coverage tools, malware/security tracing, performance profiling, etc.
Hopefully I will have a demo (pictures, video, working tool) of it soon. And I intend to share the knowledge.
Be interesting to see what (if at all) people will do with it and if they find it useful or not..
https://www.openrce.org/blog/view/838/Real_Time_Tracing
See for some basic info on using the CPU trace mechanism:
http://www.openrce.org/blog/view/535/Branch_Tracing_with_Intel_MSR_Registers
I've had an idea to track in real time what a process is doing in it's code space for around three years now, and have been playing with technology to do it.
Basically something to help a reverse engineer locate specific code inside of a process.
Using a simple KMD I've got the flexibility and speed (speed could be better) to do what I need now.
The real acid test is the ability to load in a modern game, like "WOW", "LOTRO", etc., and trace all threads in real time. Something I can now do. And that's no simple feat.
At least not with out some sort of ICE. Is you have $20,000+ hardware you can do this already, but this CPU feature and software setup anyone with a modern PC can do it.
These types of process (current games and multimedia application) hog most of the system resources when they are active.
Try tracing a running game, or any other near real time software using the debugging APIs. An "exercise in futility"..
Playing with the simple UI I've got going, and some current tests show that I might have something useful. If it all works right, it will be something that people haven't really seen before.
Besides my intended use, there are a number of other possibilities to do with this technology.
Such as real time code coverage tools, malware/security tracing, performance profiling, etc.
Hopefully I will have a demo (pictures, video, working tool) of it soon. And I intend to share the knowledge.
Be interesting to see what (if at all) people will do with it and if they find it useful or not..
https://www.openrce.org/blog/view/838/Real_Time_Tracing