Open gjxo12 opened 4 years ago
Hi! Indeed, this tool is dedicated to trace native modules only, and doesn't work for .NET executables. You can trace some DLLs within the .NET managed process though.
Oh, I got it! Thank you for your rapid response.
if you don't mind, close this issue.
Have a nice day!
Hello! It might be an interesting idea to analyze .NET malwares with PIN. I've just find out that PIN tool supports managed platforms. It seems you could specify the option "-support_jit_api", which will help trace only JITted code. Later you could filter such code like:
VOID Instruction(INS ins, VOID *v)
{
RTN rtn = INS_Rtn(ins);
if (!RTN_Valid(rtn))
{
INS_InsertCall(ins, IPOINT_BEFORE, (AFUNPTR)InsNoRtnCount, IARG_END);
}
}
So, as the result your tool will log only necessary code. This is in theory :-) In practice, I could not make it works.
@crowman2 - thank you for the heads-up, I will check it and maybe add the support in the future
Hi, I tried to this project and make exe file, Visual studio 2015 with .NET framework 4.5.2 Build Realese x64 and x86
allowedly, I set C:pin, source\tools\tiny-tracer and so on, using your youtube tutorial.
but my exe file result is empty. here is example
output,out file is empty.
and I tried other project exe file, Visual studio project 2015 build with C++ win32 project Relases x64 and x86 the Result is good. I get output.out with API Called.
is this any issue using .NET framework exe file or any Requirement using this project?
and Thank you for using your good project.