search

hasherezade / tiny_tracer

A Pin Tool for tracing API calls etc
1.25k stars 138 forks source link

check that INS_IsControlFlow is true #53

Closed maskelihileci closed 3 days ago

maskelihileci commented 8 months ago 
Excluded 0 functions
Watch 0 functions
Watch 0 syscalls
SyscallTable size: 1589
===============================================
This application is instrumented by TinyTracer v.2.7.1
Tracing module: G:\PR\Compiled_IntelPt\gtnszz.exe
See file G:\PR\Compiled_IntelPt\gtnszz.exe.tag for analysis results
===============================================
E: G:\FL\TRACER\tiny_tracer-2.7.1\TinyTracer.cpp:750: Cannot use IARG_BRANCH_TARGET_ADDR with instruction at 0xb1fd7f: jmp far 0xb59fc7, 0x33
E:  check that INS_IsControlFlow is true

Windows ver ; Windows 10 1607 İntel Pin : 3.26

Tracer.ini 

ENABLE_SHORT_LOGGING=True
USE_DEBUG_SYMBOLS=False
FOLLOW_SHELLCODES=1
;FOLLOW_SHELLCODES:
; 0 : trace only the main target module
; 1 : follow only the first shellcode called from the main module
; 2 : follow also the shellcodes called recursively from the the original shellcode
; 3 : follow any shellcodes
TRACE_RDTSC=False
TRACE_INT=False
TRACE_SYSCALL=True
LOG_SECTIONS_TRANSITIONS=True
LOG_SHELLCODES_TRANSITIONS=True
HEXDUMP_SIZE=8
HOOK_SLEEP=False
SLEEP_TIME=10
; ANTIDEBUG: (Windows only)
; 0 : Disabled
; 1 : Standard
; 2 : Deep (may lead to some false positives)
ANTIDEBUG=1
ANTIVM=0
hasherezade commented 8 months ago

hi @maskelihileci I fixed it: https://github.com/hasherezade/tiny_tracer/commit/df38621465c023a174b8fa026800533fe22480dc Check it out and let me know if everything is fine now.