Alexey975 Posted June 6, 2021 Share Posted June 6, 2021 Personally I prefer to use emEditor for really huge traces, what's your choice ? Link to comment Share on other sites More sharing options...
Progman Posted June 7, 2021 Share Posted June 7, 2021 Aren't there better ways to visualize an execution trace? I think most serious work is done using valgrind and some linux tools. I know WinDbg has Time Travel Debugging. But for doing stuff like attacking white box crypto Ove yet to see good tools on Windows. That said my favorite text editor is Notepad++ but emEditor has the edge in performance Link to comment Share on other sites More sharing options...
Alexey975 Posted June 8, 2021 Author Share Posted June 8, 2021 (edited) Just now, Progman said: Aren't there better ways to visualize an execution trace? I think most serious work is done using valgrind and some linux tools. I know WinDbg has Time Travel Debugging. But for doing stuff like attacking white box crypto Ove yet to see good tools on Windows. That said my favorite text editor is Notepad++ but emEditor has the edge in performance emEditor and SVG in firefox were the only ones I could work with. Time Travel Debugging -- the question was about trace viz so you can easily extract patterns from, for example, 10GB trace. notepad++ cannot even open 10 GB+ file for time-travel debugging and perfect work with traces/taint there is https://www.tetrane.com. if you decide to buy it, please ping me) Edited June 8, 2021 by Alexey975 addition Link to comment Share on other sites More sharing options...
deepzero Posted June 8, 2021 Share Posted June 8, 2021 Look into https://panda.re/ for a free tetrane alternative. Also, what do you use for creating those traces? Link to comment Share on other sites More sharing options...
Alexey975 Posted June 8, 2021 Author Share Posted June 8, 2021 1 hour ago, deepzero said: Look into https://panda.re/ for a free tetrane alternative. Also, what do you use for creating those traces? hmm, ty. extract vm handlers, follow some obj in memory during execution( imagine you have some MyCoolCssSpanLifespanObj and you want to follow all possible paths of allocation -> deallocation -> use sequences, would need to work with code trace/etc ), just quick look what some program is doing to know where to dig (only syscall trace on hands), etc Link to comment Share on other sites More sharing options...
kao Posted June 8, 2021 Share Posted June 8, 2021 I don't think anyone is actually reading trace file from start to end. The trick is to separate useful information from all the noise in the trace file. For that, I'm using grep + whatever text editor comes in handy. Or make a custom parsing script in C# and then open results in a text editor. It always depends on the problem I'm trying to solve. 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now