You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm attempting to fuzz a wow64 application with wtf - my traces end up 64bit but tenet on ida with a 32bit binary is able to load only 32bit traces. It would be nice if tenet was able to load these as well.
I guess another option would be for wtf to support 32bit trace output? That would leave out some steps that happen in 64bit land tho.
I'm currently using a hacky script to convert the 64bit trace to 32. It simply drops anything 64bit related and converts r[xx] to e[xx]. Seems to somewhat work in most cases. Adding it below if anyone needs it.
<?php$infile = $argv[1];
$out = [];
foreach (file($infile, 6) as$line)
{
$items = [];
foreach (explode(',', $line) as$item)
{
if (preg_match('#0x[\da-f]{9}#', $item)) // drop anything that looks 64bitcontinue;
list($key, $value) = explode('=', $item);
if (preg_match('#r\d+#', $key)) // drop r8-r15continue;
if (preg_match('#r\w\w#', $key)) // rxx -> exx$item = 'e'.substr($key,1).'='.$value;
$items[] = $item;
}
$out[] = implode(',', $items);
}
file_put_contents($infile.'.wow64', implode("\n", array_filter($out)));
The text was updated successfully, but these errors were encountered:
Hello, thanks for the awesome project!
I'm attempting to fuzz a wow64 application with wtf - my traces end up 64bit but tenet on ida with a 32bit binary is able to load only 32bit traces. It would be nice if tenet was able to load these as well.
I guess another option would be for wtf to support 32bit trace output? That would leave out some steps that happen in 64bit land tho.
I'm currently using a hacky script to convert the 64bit trace to 32. It simply drops anything 64bit related and converts r[xx] to e[xx]. Seems to somewhat work in most cases. Adding it below if anyone needs it.
The text was updated successfully, but these errors were encountered: