I'm attempting to fuzz a wow64 application with wtf - my traces end up 64bit but tenet on ida with a 32bit binary is able to load only 32bit traces. It would be nice if tenet was able to load these as well.
I guess another option would be for wtf to support 32bit trace output? That would leave out some steps that happen in 64bit land tho.
I'm currently using a hacky script to convert the 64bit trace to 32. It simply drops anything 64bit related and converts r[xx] to e[xx]. Seems to somewhat work in most cases. Adding it below if anyone needs it.
<?php
$infile = $argv[1];
$out = [];
foreach (file($infile, 6) as $line)
{
$items = [];
foreach (explode(',', $line) as $item)
{
if (preg_match('#0x[\da-f]{9}#', $item)) // drop anything that looks 64bit
continue;
list($key, $value) = explode('=', $item);
if (preg_match('#r\d+#', $key)) // drop r8-r15
continue;
if (preg_match('#r\w\w#', $key)) // rxx -> exx
$item = 'e'.substr($key,1).'='.$value;
$items[] = $item;
}
$out[] = implode(',', $items);
}
file_put_contents($infile.'.wow64', implode("\n", array_filter($out)));
Hello, thanks for the awesome project!
I'm attempting to fuzz a wow64 application with wtf - my traces end up 64bit but tenet on ida with a 32bit binary is able to load only 32bit traces. It would be nice if tenet was able to load these as well.
I guess another option would be for wtf to support 32bit trace output? That would leave out some steps that happen in 64bit land tho.
I'm currently using a hacky script to convert the 64bit trace to 32. It simply drops anything 64bit related and converts r[xx] to e[xx]. Seems to somewhat work in most cases. Adding it below if anyone needs it.