Skip to content

terry2012/EhTrace

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits

Acleanout

Acleanout

 
 

Dia2Sharp

Dia2Sharp

 
 

EhTrace

EhTrace

 
 

TestDump2

TestDump2

 
 

prep/Aprep

prep/Aprep

 
 

support

support

 
 

vis/WPFx

vis/WPFx

 
 

.gitattributes

.gitattributes

 
 

.gitignore

.gitignore

 
 

README.md

README.md

 
 

Repository files navigation

Eh'Trace (pronounced ATrace) is a binary tracing tool for Windows.

Implemented in C but has some interesting properties that may make it suitable for tracing binaries when other methods are not sufficient, in particular EhTrace does not require changes to a binary to enable traces, despite being able to collect the same information as hooker type instrumentation, zero knowledge is needed to inspect complete code coverage and binary execution flow, register state and more.

We maintain high performance using an adaption of some known methods for high performance tracing, yet there is no requirement to use a debugger or enable debug/trace MSR capabilities.

I'll be presenting/releasing the first release @ CanSecWest this year, updates to follow.

Associated projects

  • C# Symbol management
  • C# GUI

About

ATrace is a tool for tracing execution of binaries on Windows.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C++ 55.3%
  • C# 23.1%
  • C 21.6%