Results 1 to 14 of 14

Thread: DotNET Tracer

  1. #1
    Blacklist Hunter Kurapica's Avatar
    Join Date
    Jun 2008
    Location
    JIT compiler
    Posts
    102

    Smile DotNET Tracer

    This is a simple tool that has a similar functionality to RegMon or FileMon but it's designed to trace events in .NET assemblies in runtime, many events can be reported so you can understand what's going on in the background.

    1- Select the assembly you want to analyze
    2- Set the Events Mask, i.e Events you want to catch
    3- Click "Start"

    I hope it's useful and as always bug reports are welcome.

    http://www.sendspace.com/file/tuzs5i
    Life can only be understood backwards but It must be read forwards

    http://board.b-at-s.info
    http://portal.b-at-s.info/news.php

  2. #2
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,204
    Blog Entries
    5
    Very nice Kurapica, keep the good tools coming.

    CRCETL:
    http://www.woodmann.com/collaborative/tools/index.php/DotNET_Tracer
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  3. #3
    Blacklist Hunter Kurapica's Avatar
    Join Date
    Jun 2008
    Location
    JIT compiler
    Posts
    102

    Updated 0.2

    What's new ?

    1- Minor bugs fixed
    2- Added 14 NEW Exception events, useful shit
    3- New cool skin !!
    Attached Files Attached Files
    Life can only be understood backwards but It must be read forwards

    http://board.b-at-s.info
    http://portal.b-at-s.info/news.php

  4. #4
    Blacklist Hunter Kurapica's Avatar
    Join Date
    Jun 2008
    Location
    JIT compiler
    Posts
    102

    Updated again !! 0.3

    I guess I was hyper today to release this twice in one day , this is the final release of this tracing tool

    What's NEW ?

    1- Enhanced scrolling in Events listview using mouse wheel
    2- Ability to save events log to (*.log) files for later analysis
    3- Every event has a special icon so that you can understand the list more easily
    4- Removed skin to reduce flickering and enhance performance

    I hope it's useful.

    Attached Files Attached Files
    Life can only be understood backwards but It must be read forwards

    http://board.b-at-s.info
    http://portal.b-at-s.info/news.php

  5. #5
    Kurapica:

    I'm not sure if there has been an error or I don't understand what has occurred. I have attempted to update your CRCETL entry with your latest verson, but there is a substantial size difference between the 0.2 and 0.3 versions you have attached.

    The 0.2 version appears to be the same approximate size as the "locally archived" version of your original post at around 829 Kb. However, the 0.3 version you have attached is only 133 Kb. Was there a problem with your upload???

    I have updated the CRCETL with the date of the latest version, but you need to check the file you uploaded.

    Regards,
    JMI

  6. #6
    Blacklist Hunter Kurapica's Avatar
    Join Date
    Jun 2008
    Location
    JIT compiler
    Posts
    102
    It's ok because I ripped the skin from version 0.3 so it's smaller but faster.

    Thanks alot for the upload.
    Life can only be understood backwards but It must be read forwards

    http://board.b-at-s.info
    http://portal.b-at-s.info/news.php

  7. #7
    Thanks. That would explain the difference in size. I'll upload the new version and link it to the CRCETL now.

    Regards,
    JMI

  8. #8
    damn nice.. tool.. thx for sharing..

    i think we got new NET guru like daniel:P

  9. #9
    Blacklist Hunter Kurapica's Avatar
    Join Date
    Jun 2008
    Location
    JIT compiler
    Posts
    102
    I think this is too much ! I'm just a noob compared to daniel !

    Thanks
    Life can only be understood backwards but It must be read forwards

    http://board.b-at-s.info
    http://portal.b-at-s.info/news.php

  10. #10
    ::[ Reverse Engineer ]:: OHPen's Avatar
    Join Date
    Nov 2002
    Location
    .text
    Posts
    399
    Blog Entries
    5
    Anyway, the tool is useful, keep on

    OHPen
    - Reverse Enginnering can be everything, but sometimes it's more than nothing. Really rare moments but then they appear to last ages... -

  11. #11
    Blacklist Hunter Kurapica's Avatar
    Join Date
    Jun 2008
    Location
    JIT compiler
    Posts
    102
    This is an update to this useful tool :

    1 - Minor bugs fixed.
    2 - "Reset" function added to reset the tracer if the process exits upnormally.
    3 - Custom font can be selected for listview to handle unicode characters in obfuscated assemblies.
    4 - Drag and drop assembly file for lazy people.

    All comments are welcome.

    you can get the tool from our portal and so many other useful stuff
    http://portal.b-at-s.info/download.php
    Life can only be understood backwards but It must be read forwards

    http://board.b-at-s.info
    http://portal.b-at-s.info/news.php

  12. #12
    Nice tools.Thanks.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  13. #13
    The only item on my .NET wishlist these days is the ability to identify the methods in a mixed mode assembly. So that when a managed app invokes a method in the unmanaged side, you get the address of the method.

    That would remove that as a benefit used by some authors to obfuscate their code.

  14. #14
    Blacklist Hunter Kurapica's Avatar
    Join Date
    Jun 2008
    Location
    JIT compiler
    Posts
    102

    dotNET Tracer 2.0

    Name:  KDT20.jpg
Views: 926
Size:  47.1 KB

    What's NEW :

    1 - Reverse engineering oriented which means that only important events will be logged

    2 - much faster than before

    3 - Richer data output

    4 - well-hidden from common protection techniques

    5 - Finally you can double click any method and you will be driven to Reflector to see the code

    6 - I may add plugins support later

    7 - You can toggle tracing ON/OFF in runtime, until you open the registration window for example

    8 - You can save results to Microsoft excel *.xls file for better analysis later

    9 - Double click orange rows to be taken to the loaded module location in Windows Explorer

    10 - Double Click the "Parent Class" to be taken to the Class that invoked the method in reflector

    11 - Double Click the blue row to be taken to the Method that was called in Reflector

    12 - VM Compatible

    13 - may require a certain setup on Windows Vista and later due to UAC

    * Reflector Support is still buggy but it's not my fault
    ** Make sure you loaded the needed assemblies in Reflector before using the double clicking feature
    *** Thanks to whoknows and 0xd4d for testing and bug reports

    http://portal.b-at-s.net/download.php?view.53
    Life can only be understood backwards but It must be read forwards

    http://board.b-at-s.info
    http://portal.b-at-s.info/news.php

Similar Threads

  1. dotNET Tracer 1.1 Stealth
    By Kurapica in forum Tools of Our Trade (TOT) Messageboard
    Replies: 3
    Last Post: March 2nd, 2011, 07:15
  2. dotNET Tracer 0.6
    By Kurapica in forum Tools of Our Trade (TOT) Messageboard
    Replies: 3
    Last Post: June 17th, 2009, 05:20
  3. dotNET Tracer 0.5
    By Kurapica in forum Tools of Our Trade (TOT) Messageboard
    Replies: 0
    Last Post: June 14th, 2009, 15:37
  4. FPU Tracer v0.0.1 released
    By OpenRCE_j00ru in forum Blogs Forum
    Replies: 0
    Last Post: January 28th, 2008, 22:11
  5. RV Tracer (not for the apis...)
    By Manko in forum Tools of Our Trade (TOT) Messageboard
    Replies: 4
    Last Post: December 4th, 2002, 02:27

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •