hasherezade / tiny_tracer

A Pin Tool for tracing API calls etc
1.29k stars 141 forks source link

.NET framework build exe file #4

Open gjxo12 opened 4 years ago

gjxo12 commented 4 years ago

Hi, I tried to this project and make exe file, Visual studio 2015 with .NET framework 4.5.2 Build Realese x64 and x86

allowedly, I set C:pin, source\tools\tiny-tracer and so on, using your youtube tutorial.

but my exe file result is empty. here is example

image

output,out file is empty.

and I tried other project exe file, Visual studio project 2015 build with C++ win32 project Relases x64 and x86 the Result is good. I get output.out with API Called.

is this any issue using .NET framework exe file or any Requirement using this project?

and Thank you for using your good project.

hasherezade commented 4 years ago

Hi! Indeed, this tool is dedicated to trace native modules only, and doesn't work for .NET executables. You can trace some DLLs within the .NET managed process though.

gjxo12 commented 4 years ago

Oh, I got it! Thank you for your rapid response.

if you don't mind, close this issue.

Have a nice day!

AndyWatterman commented 3 years ago

Hello! It might be an interesting idea to analyze .NET malwares with PIN. I've just find out that PIN tool supports managed platforms. It seems you could specify the option "-support_jit_api", which will help trace only JITted code. Later you could filter such code like:

VOID Instruction(INS ins, VOID *v)
{
    RTN rtn = INS_Rtn(ins);
    if (!RTN_Valid(rtn))
    {
        INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)InsNoRtnCount, IARG_END);
    }
}

So, as the result your tool will log only necessary code. This is in theory :-) In practice, I could not make it works.

hasherezade commented 3 years ago

@crowman2 - thank you for the heads-up, I will check it and maybe add the support in the future