Releases: hasherezade/tiny_tracer
3.0
π README.md
BUGFIX
- Fixed crashes on tracing some of the functions arguments (changed method of pointer verification)
- In case of following a child process: create a TAG file using the actual name of the traced executable (rather than assuming it is the same as the parent)
FEATURE
- Trace function output, and the modified arguments ( Issue #63 ; #75 )
- Trace local functions provided by custom definitions
- Allow to manually load APIs from exports *
- Allow to set a custom Volume ID *
- Anti-Anti Debug: allow to accelerate
GetTickCount/GetTickCount64- ifANTIDEBUG=2was enabled * - Added new definitions of anti-debug methods *
*-Windows only
Requires Intel Pin 3.26 or above.
I am sorry but Intel does not allow for distribution of compiled Pin Tools. So, you need to compile them from the sources.
Follow the instructions to build and install.
2.9.5
π README.md
FEATURE
- Allow to follow the child process (can be enabled in the INI file - option:
FOLLOW_CHILDPROCESSES) - (Issue #68)
BUGFIX
- Fixed emulation of the Trap Flag: improved support for tracing VMProtect protected executables - (Issue #69)
Requires Intel Pin 3.26 or above.
I am sorry but Intel does not allow for distribution of compiled Pin Tools. So, you need to compile them from the sources.
Follow the instructions to build and install.
2.9
π README.md
FEATURE
- Allow to dump the context of the disassembled fragments
- Trace indirect syscalls
REFACT
- Small fixes and refactoring
Requires Intel Pin 3.26 or above.
I am sorry but Intel does not allow for distribution of compiled Pin Tools. So, you need to compile them from the sources.
Follow the instructions to build and install.
2.8.2
π README.md
REFACT
- Optimizations: increased speed of tracing, lowered memory consumption
Requires Intel Pin 3.26 or above.
I am sorry but Intel does not allow for distribution of compiled Pin Tools. So, you need to compile them from the sources.
Follow the instructions to build and install.
2.8
π README.md
FEATURE
- Added Stop Offsets
- Added Tracing with Disassembly
- Detection of Heaven's Gate
- Added new AntiVm bypasses, allowing to trace some of the VMProtect variants (#61, #26)
Requires Intel Pin 3.26 or above.
I am sorry but Intel does not allow for distribution of compiled Pin Tools. So, you need to compile them from the sources.
Follow the instructions to build and install.
2.7.1
π README.md
BUGFIX
- Fixed
ANTIDEBUG=2not working for 32-bit applications (wrong size of the passed argument) - Fixed backward compatibility with older Pin versions (use
INS_OperandWidthinstead ofINS_OperandSize)
Requires Intel Pin 3.26 or above.
I am sorry but Intel does not allow for distribution of compiled Pin Tools. So, you need to compile them from the sources.
Follow the instructions to build and install.
2.7
π README.md
FEATURE
- Allow to select whether or not debug symbols should be used for name resolution - can be enabled/disabled via INI file ( Issue #39 ) [ details ]
- Bypass AntiDebug technique basing on Trap Flag. Resolved problems with tracing applications protected by VMProtect with Debugger Detection enabled (bypassed mode: "Debugger: User-mode + Kernel-mode") ( Issue #26 )
- Support detecting some of the AntiVM techniques ( WMI query parameters tracing ) - can be enabled/disabled via INI file [ details ]
- Support detecting more AntiDebug techniques ( i.e. searching for Software Breakpoints )
REFACT
- Removed dependency from
windows.h
Requires Intel Pin 3.26 or above.
I am sorry but Intel does not allow for distribution of compiled Pin Tools. So, you need to compile them from the sources.
Follow the instructions to build and install.
2.6.1
π README.md
BUGFIX
- Use export symbols only ( Issue #39 )
Requires Intel Pin 3.26 or above.
I am sorry but Intel does not allow for distribution of compiled Pin Tools. So, you need to compile them from the sources.
Follow the instructions to build and install.
2.6
π README.md
BUGFIX
- Fixed Tracer crashing while trying to dump some Unicode strings ( Issue #38 )
FEATURE
- Added an option of tracking common Antidebug techniques. Bypass Trap Flag. (Issue #32) [details]
- Added an option to track interrupts (Issue #34) [details]
- Added functions filtering (Issue #33) [details]
Requires Intel Pin 3.26 or above.
I am sorry but Intel does not allow for distribution of compiled Pin Tools. So, you need to compile them from the sources.
Follow the instructions to build and install.
2.3
π README.md
FEATURE
- Added a possibility to map syscalls to functions, using supplied table. Automatic syscalls to function name resolution on Windows. (More info: Wiki )
- When syscalls table is loaded, parameters of the syscalls can be traced also by the corresponding function's name.
- Print function's name before listing the parameters (a workaround against some concurrency issues, causing the function's parameters to be printed not immediately after the logged call)
- Enabled syscalls logging by default
Requires Intel Pin 3.26 or above.
I am sorry but Intel does not allow for distribution of compiled Pin Tools. So, you need to compile them from the sources.
Follow the instructions to build and install.