Jump to content
Tuts 4 You
Benjamin

Tracer for DnSpy

Recommended Posts

Benjamin

I am looking for any tracer plugins for DnSpy? I am aware of an old plugin from 2015 but it does not seem to be compatible with the latest versions of DnSpy. My apologies  if I am stupid and missed any obvious tools already available but I couldn't find any when I searched.

It would be lovely if someone could recommend a way through which I could trace the methods executed in a target (.NET) executable while debugging it. So in other words, I am looking for some sort of a method logger which logs all the names of the various called methods in DnSpy.

I am aware of the standalone tool by Kurapica but I am looking for an open-source version if possible so that I can customize the features and also add stealth and other features as required.

So I am okay with even a standalone tool as long as it is open-source.

Share this post


Link to post
Kurapica

What features do you miss in my old tool ?

creating a tracer for .NET requires knowledge in C++/COM technologies so it's not fun at all

you can find several base projects on the web to build on but be ready for some fun with COM and interfaces :D

  • Like 1

Share this post


Link to post
Benjamin
1 hour ago, Kurapica said:

What features do you miss in my old tool ?

Thanks @Kurapica Your tool is excellent, but it would be nicer if these features could be incorporated:

- Right now, when tracing, there is no option to select trace only for certain modules and to skip system assemblies for example. Even if I am interested in tracing the functions just in the main executable, the logger logs all the methods in all the modules. This obviously makes the trace record quite bulky and also the execution would be slower. It would be good to have an option to select logging only for the modules of interest.

- I would like the execution (when tracing) to break when a certain method is called in the target. Right now, short of manually editing and adding a breakpoint in the target (which of course breaks most executables due to CRC and other checks) there is no such function available in the tool. Would be good if could select a certain point (or points) in the executables where the execution should break while tracing with the tool.

- I would like in some cases to just log the methods that are called without any extra parameters (or even the addresses called from). This could be used to easily construct a flowchart of the execution pattern. Right now, the tool logs a lot more stuff that we may or may need. Right now, I need to manually clean the output every single time. If we are given more choice so that there is much more granularity as regards to what should logged and what is not, it would be very useful.

- The tool crashes when tracing very large files. This is not surprising since the tool was created almost 5 years ago and now the file sizes are much larger (leading to much larger log file sizes)

- A feature to log the parameters and/or even locals ( for the methods of interest at least) would be good. Right now it is not available and logs only very limited parameters.

- Stealth features are outdated. Please do not get me wrong. The tool is around 5 years old and so this is to be expected. Due to this, quite a number of protected executables do not run, or just crash after running for a few seconds. If it is open source, we can at least manually make a few edits.

 

1 hour ago, Kurapica said:

creating a tracer for .NET requires knowledge in C++/COM technologies so it's not fun at all

I agree wholeheartedly with you. That is why I am hoping that you could add the features requested above, to your tool, if possible.

 

If there is a good tracer for DnSpy it would be best though. Would be very convenient to decompile, trace and edit, all in one tool.

Share this post


Link to post
Kurapica

I think you are right, but most of these features can be easily added via the GUI, which I already made public long time ago

I created the tool in a way that makes customizing it easy, the ugly hard side which is C++ is not open source and I believe

it's not necessary to modify it in order to get those features, those features can be added if you know some C#

Search the forum and you will find the GUI project for the tracer and do your magic :D

Share this post


Link to post
Benjamin

You are right @Kurapica but as mentioned in the title, I am mainly looking for any plugins for DnSpy that can trace the execution flow. Since then we would be able to check out the decompiled code as we trace.

If anyone knows of any such plugins, please suggest. They should actually work with the present version of DnSpy.

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...