search

illera88 / Ponce

IDA 2016 plugin contest winner! Symbolic Execution just one-click away!
https://docs.idaponce.com
Other
1.48k stars 72 forks source link

Is tracing the best option? #20

Closed 0ca closed 8 years ago

0ca commented 8 years ago

We are using tracing to automate the process of stopping in every instruction and instrument it. But tracing is also storing in IDA a trace log with all the registers/memory modified and their original values: image

Maybe has better performance use step_into() or step_over().

0ca commented 8 years ago

I think we should use step into or step over and let the user to choose which one use. But also we should let the user to step manually. So we could add a menu with the option:

> Run program instrumenting instructions...
>> using step into
>> using step over

(>>) are submenus

And internally we set a flag "Automatically_continue_after_step" to true. And in the debugger callbacks for every step_into or over continue the execution transparently.

illera88 commented 8 years ago

We should check how to use the PIN tracing because it will be way faster than any other option

0ca commented 8 years ago

Semtrax was using PIN: https://www.reddit.com/r/ReverseEngineering/comments/2x3heq/semtrax_data_tracking_for_binary_software/?st=ist5cmel&sh=b7699964

In the future we should try it.