orangetw starred tiny

orangetw starred tiny_tracer
2021-07-17 14:48:43 Author: github.com(查看原文) 阅读量:86 收藏

Bypasses the anti-tracing check based on RDTSC.

i.e.

345c2;section: .text
58069;called: C:\Windows\SysWOW64\kernel32.dll.IsProcessorFeaturePresent
3976d;called: C:\Windows\SysWOW64\kernel32.dll.LoadLibraryExW
3983c;called: C:\Windows\SysWOW64\kernel32.dll.GetProcAddress
3999d;called: C:\Windows\SysWOW64\KernelBase.dll.InitializeCriticalSectionEx
398ac;called: C:\Windows\SysWOW64\KernelBase.dll.FlsAlloc
3995d;called: C:\Windows\SysWOW64\KernelBase.dll.FlsSetValue
49275;called: C:\Windows\SysWOW64\kernel32.dll.LoadLibraryExW
4934b;called: C:\Windows\SysWOW64\kernel32.dll.GetProcAddress
...

🚧 To compile the prepared project you need to use Visual Studio >= 2012. It was tested with Intel Pin 3.19 and 3.20.
Clone this repo into \source\tools that is inside your Pin root directory. Open the project in Visual Studio and build. Detailed description available here.

In order for Pin to work correctly, Kernel Debugging must be DISABLED.

文章来源: https://github.com/hasherezade/tiny_tracer
如有侵权请联系:admin#unsafe.sh