Re-implementation of funcap as a pintool. This poses some chalenges but I think it is worth the effort, especially for things like obfuscated code where standard debugger breakpoints mess up with the code and traditional trace is just too slow. I am unsure if it would work for ARM, and sure that it won't support kernel mode so it has some drawbacks ...
Re-implementation of funcap as a pintool. This poses some chalenges but I think it is worth the effort, especially for things like obfuscated code where standard debugger breakpoints mess up with the code and traditional trace is just too slow. I am unsure if it would work for ARM, and sure that it won't support kernel mode so it has some drawbacks ...