This is a simple tool that has a similar functionality to RegMon or FileMon but it's designed to trace events in .NET assemblies in runtime, many events can be reported so you can understand what's going on in the background.

1- Select the assembly you want to analyze
2- Set the Events Mask, i.e Events you want to catch
3- Click "Start"

I hope it's useful and as always bug reports are welcome.

http://www.sendspace.com/file/tuzs5i

Very nice Kurapica, keep the good tools coming.

CRCETL:
http://www.woodmann.com/collaborative/tools/DotNET_Tracer

What's new ?

1- Minor bugs fixed
2- Added 14 NEW Exception events, useful shit
3- New cool skin !!

I guess I was hyper today to release this twice in one day , this is the final release of this tracing tool

What's NEW ?

1- Enhanced scrolling in Events listview using mouse wheel
2- Ability to save events log to (*.log) files for later analysis
3- Every event has a special icon so that you can understand the list more easily
4- Removed skin to reduce flickering and enhance performance

I hope it's useful.

http://img300.imageshack.us/img300/8364/66726322io3.jpg

Kurapica:

I'm not sure if there has been an error or I don't understand what has occurred. I have attempted to update your CRCETL entry with your latest verson, but there is a substantial size difference between the 0.2 and 0.3 versions you have attached.

The 0.2 version appears to be the same approximate size as the "locally archived" version of your original post at around 829 Kb. However, the 0.3 version you have attached is only 133 Kb. Was there a problem with your upload???

I have updated the CRCETL with the date of the latest version, but you need to check the file you uploaded.

Regards,

It's ok because I ripped the skin from version 0.3 so it's smaller but faster.

Thanks alot for the upload.

Thanks. That would explain the difference in size. I'll upload the new version and link it to the CRCETL now.

Regards,

damn nice.. tool.. thx for sharing..

i think we got new NET guru like daniel:P

I think this is too much ! I'm just a noob compared to daniel !

Thanks

Anyway, the tool is useful, keep on

OHPen

This is an update to this useful tool :

1 - Minor bugs fixed.
2 - "Reset" function added to reset the tracer if the process exits upnormally.
3 - Custom font can be selected for listview to handle unicode characters in obfuscated assemblies.
4 - Drag and drop assembly file for lazy people.

All comments are welcome.

you can get the tool from our portal and so many other useful stuff
http://portal.b-at-s.info/download.php

Nice tools.Thanks.

The only item on my .NET wishlist these days is the ability to identify the methods in a mixed mode assembly. So that when a managed app invokes a method in the unmanaged side, you get the address of the method.

That would remove that as a benefit used by some authors to obfuscate their code.

2538

What's NEW :

1 - Reverse engineering oriented which means that only important events will be logged

2 - much faster than before

3 - Richer data output

4 - well-hidden from common protection techniques

5 - Finally you can double click any method and you will be driven to Reflector to see the code

6 - I may add plugins support later

7 - You can toggle tracing ON/OFF in runtime, until you open the registration window for example

8 - You can save results to Microsoft excel *.xls file for better analysis later

9 - Double click orange rows to be taken to the loaded module location in Windows Explorer

10 - Double Click the "Parent Class" to be taken to the Class that invoked the method in reflector

11 - Double Click the blue row to be taken to the Method that was called in Reflector

12 - VM Compatible

13 - may require a certain setup on Windows Vista and later due to UAC

* Reflector Support is still buggy but it's not my fault
** Make sure you loaded the needed assemblies in Reflector before using the double clicking feature
*** Thanks to whoknows and 0xd4d for testing and bug reports

http://portal.b-at-s.net/download.php?view.53