Tracing shellcodes

By default, Tiny Tracer traces the main executable. However, sometimes the main executable (especially if it is a malware or a protected application) may allocate additional memory pages and unpack there some code.

Usually we want to trace what happens there too. That's why TinyTracer has the option FOLLOW_SHELLCODES enabled (see run_me.bat).

set FOLLOW_SHELLCODES=1

In some cases you may want to disable it, then just change the value to 0.

set FOLLOW_SHELLCODES=0

Example

To test what is the difference between those two settings, you may try to run this example.

Tiny Tracer Wiki, by hasherezade

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Tracing shellcodes

Example

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally