This tool was introduced at the RECon conference recently, and could be of great use for reversing software for different purposes:

http://pedram.redhive.com/research/process_stalking/

I recommend that you check it out.

I've been looking for something like this for a while. Devpartner Studio has exactly this feature for large C/C++ projects, it's invaluable once you get used to using it. Thanks!

I don't see a download link to try it out. Supposedly it's coming out next month?

Process Stalker URL

http://www.idefense.com/iia/labs-software.jsp

/hobferret

Anybody tried its graphing feats?? I do not have python installed, so I could not fully evaluate it....

There is no "direct" graphics "engine". You need to do produce the graphs by hand and then you are able to view and compare them static. Pedram uses an external viewer to visualize the graphs, however this is no magic in visualization, just a pre-made graph viewer.

Process Stalker itself seems to be an interesting tool, however I encountered several problems with it. I was able to trace some apps which used DLLs. Simple EXEs like crackmes did not worked.

I will play with it more, it is promising, even it is not perfect yet.

The tracer will dump the *.gdl graph, BUT in order to get significant graphing output (like merging interesting parts) you must use the python scripts that modify the original gdl files:


"A number of Python utilities are provided for the instrumentation of breakpoint lists, recordings, statistics and graphs. Note, the utilities that deal with recordings expect processed recordings (see ps_process_recording)."

...

"A plethora of visualizations can be generated using a combination of filtering and graph instrumentation with the above described utilities"

Have you tried those?