Create an executable for testing of TraceAndWatch

There should be an executable to test existing functionalities, and that test can be regularly executed.

Id #2022 | Release: None | Updated: Aug 12, 2014 at 1:17 PM by AttilaSuszter | Created: Aug 12, 2014 at 1:17 PM by AttilaSuszter

Instrument CPUID instructions

Add the ability to instrument CPUID in the way to change the return value to clear certain feature information flags when it's used with eax=1. More on this: http://reversingonwindows.blogspot.com...

Id #2021 | Release: None | Updated: Aug 12, 2014 at 1:12 PM by AttilaSuszter | Created: Aug 12, 2014 at 1:12 PM by AttilaSuszter

Log image information

By logging image information it's possible to tell what image a given address, such as EIP, belongs to.

Id #2019 | Release: None | Updated: Aug 12, 2014 at 12:44 PM by AttilaSuszter | Created: Aug 12, 2014 at 12:44 PM by AttilaSuszter

Move global variables to thread context

Moving global variables to thread context gives the benefit to distinguish the result of instrumentation as per threads.

Id #2018 | Release: None | Updated: Aug 12, 2014 at 12:24 PM by AttilaSuszter | Created: Aug 12, 2014 at 12:24 PM by AttilaSuszter

Improve performance by using image load callback

It's expected that the performance can be greatly improved by registering a filter-function that is to be called when on image-load. The instrumentation should be called from that function.

Id #2017 | Release: None | Updated: Aug 12, 2014 at 12:21 PM by AttilaSuszter | Created: Aug 12, 2014 at 12:21 PM by AttilaSuszter

Pre-allocate memory page at -v <value>

There should be a command line argument to make the address that coincides with the value provided via -v <value> unavailable for memory allocation. This may lead to produce a clearer log in case t...

Id #2015 | Release: None | Updated: Aug 4, 2014 at 11:54 AM by AttilaSuszter | Created: Aug 4, 2014 at 11:54 AM by AttilaSuszter

Create signature based on execution of EIPs

It would be useful to have the ability to create a signature of each execution. This could be based on the order of matched EIPs. This would give us the benefit to filter out duplicated executions.

Id #2014 | Release: None | Updated: Aug 2, 2014 at 4:11 PM by AttilaSuszter | Created: Aug 2, 2014 at 4:11 PM by AttilaSuszter

Show memory content next to the instruction

Currently if the instruction has a reference to a memory address the content of the memory location is not shown but it would be useful to see, for example, if there is comparison like below. eax=0...

Id #2011 | Release: None | Updated: Aug 1, 2014 at 7:33 PM by AttilaSuszter | Created: Aug 1, 2014 at 7:33 PM by AttilaSuszter

  • 1-8 of 8 Work Items
    • Previous
    • 1
    • Next
    • Showing
    • All
    • Work Items