Locked Tenet v0.2 - Trace Explorer for Reverse Engineers

[itsMe]

This is the hidden content, please

• Sign In
• or
• Sign Up

Tenet – A Trace Explorer for Reverse Engineers

Tenet is an IDA Pro plugin for exploring execution traces. The goal of this plugin is to provide more natural, human controls for navigating execution traces against a given binary. The basis of this work stems from the desire to research new or innovative methods to examine and distill complex execution patterns in software.

For more context about this project, please read the blogpost about its initial release.

Changelog v0.2

+ Features
|- Overhauled Tenet’s breakpoint / selection / navigation model to be more explicit
|- Tenet will now attempt to automatically resolve ASLR mappings with basic trace analysis
|- Added a cell-based drawing mode that is used when zoomed in far enough on the tracebars
|- Added !last command to the ‘timestamp shell’ to jump to the last ‘navigable’ trace address
|- What The Fuzz (https://github.com/0vercl0k/wtf) added native support for Tenet traces

+ Minor Changes
|- Tracebars now draw ‘un-navigable’ regions of the trace grey (such as library/external calls)
|- Tenet will now stay on the last ‘navigable’ mapped address when stepping through unmapped regions
|- Improved the selection behavior and interaction with ‘zooming’ on tracebars
|- Improved the selection behavior in the memory dump view (stack still needs work…)
|- Both ‘code’ and ‘memory’ breakpoints can be active at the same time now, not just one
|- Added more fine-grained right-click controls for interacting with ‘region’ breakpoints
|- Added various right-click ‘Clear … breakpoints’ to the mem, trace, and reg views
|- Highlighting and double clicking a region of memory will now set a region access breakpoint
|- Double clicking ’empty’ space in the mem / reg views can be used to automatically clear breakpoints
|- Updated theme subsystem and colors a little bit to be more consistent
|- A little bit of code and comment cleanup, but not a lot

+ Bugfixes
|- Tenet now ensures a selected text trace will be parsed if a packed trace does not actually match it
|- A bug could cause Tenet to show wrong register values towards the end of a trace segment
|- Step-over / reverse step-over could fail near the start/end of the trace
|- Fixed a bug that could cause the sample pin tracer to crash from uninitialized memory
|- mrexodia fixed a bug that could cause the pin tracer to crash on the fxsave instruction
|- Fixed / eliminated several misc UI / selection bugs through simple refactoring

This is the hidden content, please

• Sign In
• or
• Sign Up