gaasedelen
commented
3 years ago First, the problem here is most likely that the imagebase of the calc.exe that you traced does not match the calc.exe that you have loaded in IDA. You either need to rebase the executable in IDA to match that of your trace, and / or disable ASLR on the target binary so all traces will yield the same imagebase going forward.
Second, it is pretty easy to end up off in 'limbo' like you picture above when exploring an unfiltered trace. What is happening here is that Tenet is trying to navigate IDA to an address that is not actually loaded in the database. This is what happens when you try to 'step' into a function call to kernel32.exe, for example. Since that code / library is not mapped into the database, Tenet can't really 'navigate' to a suitable location.
There's definitely ways I can improve both of these behaviors by default, but they did not make it into the initial release. The project will need some time to mature before some of the rough edges like this can be smoothed out.
NarutoGit
maskelihileci
Hello, thanks for the amazing workš
I use pintenet to generate trace.log for calc.exe, but the trace.log looks like can't work. I did the following:
ps: windows 10 + IDA 7.5 + pin 3.18 1ćdownload pin and pintenet.dll/pintenet64.dll; 2ćin a CMD execute: pin\pin.exe -t pintenet.dll -w calc.exe -o "calc" -- "C:\Users\ml\Desktop\software\pin\calc.exe" After successful execution, nothing is displayed on the CMD 3ća file named calc.0.log generated,the size of it is 988k 4ćload the calc.0.log in IDA, The interface looks like thisļ¼
when I scroll while hovering over the timeline on the right side of the disassemblerļ¼ The code doesn't move forward or backward with it.
I did the same thing for BoomBox.exe, and it's trace file is available. so I thought maybe there was something wrong with the trace files for calc.exe.