{"id":13574152,"url":"https://github.com/hasherezade/tiny_tracer","last_synced_at":"2026-05-28T01:10:51.719Z","repository":{"id":43807430,"uuid":"141471197","full_name":"hasherezade/tiny_tracer","owner":"hasherezade","description":"A Pin Tool for tracing API calls etc","archived":false,"fork":false,"pushed_at":"2025-04-26T18:40:22.000Z","size":1165,"stargazers_count":1414,"open_issues_count":9,"forks_count":149,"subscribers_count":40,"default_branch":"master","last_synced_at":"2025-04-26T19:34:51.317Z","etag":null,"topics":["api-trace","dbi","intel-pintools","malware-analysis","reverse-engineering"],"latest_commit_sha":null,"homepage":"","language":"C++","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hasherezade.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2018-07-18T17:58:20.000Z","updated_at":"2025-04-26T18:40:26.000Z","dependencies_parsed_at":"2023-01-31T12:01:55.308Z","dependency_job_id":"85cb5b02-f8fd-4b25-a891-a7d18d7e9117","html_url":"https://github.com/hasherezade/tiny_tracer","commit_stats":{"total_commits":497,"total_committers":10,"mean_commits":49.7,"dds":0.0523138832997988,"last_synced_commit":"d3426ba4f2ab23b377ec827886a3b43d9bd4cb17"},"previous_names":[],"tags_count":29,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hasherezade%2Ftiny_tracer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hasherezade%2Ftiny_tracer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hasherezade%2Ftiny_tracer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hasherezade%2Ftiny_tracer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hasherezade","download_url":"https://codeload.github.com/hasherezade/tiny_tracer/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254169152,"owners_count":22026208,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api-trace","dbi","intel-pintools","malware-analysis","reverse-engineering"],"created_at":"2024-08-01T15:00:47.255Z","updated_at":"2026-05-28T01:10:51.711Z","avatar_url":"https://github.com/hasherezade.png","language":"C++","funding_links":[],"categories":["C++","C++ (225)"],"sub_categories":[],"readme":"# tiny_tracer\n[![Codacy Badge](https://app.codacy.com/project/badge/Grade/f988180bfb4d45ebbe4764bde1058c2f)](https://app.codacy.com/gh/hasherezade/tiny_tracer/dashboard?utm_source=gh\u0026utm_medium=referral\u0026utm_content=\u0026utm_campaign=Badge_grade)\n[![Commit activity](https://img.shields.io/github/commit-activity/m/hasherezade/tiny_tracer)](https://github.com/hasherezade/tiny_tracer/commits)\n[![Last Commit](https://img.shields.io/github/last-commit/hasherezade/tiny_tracer/master)](https://github.com/hasherezade/tiny_tracer/commits)\n[![Build status](https://ci.appveyor.com/api/projects/status/543ql60gxxuri9j2?svg=true)](https://ci.appveyor.com/project/hasherezade/tiny-tracer)\n\n[![GitHub release](https://img.shields.io/github/release/hasherezade/tiny_tracer.svg)](https://github.com/hasherezade/tiny_tracer/releases)\n[![GitHub release date](https://img.shields.io/github/release-date/hasherezade/tiny_tracer?color=blue)](https://github.com/hasherezade/tiny_tracer/releases)\n\n\nA Pin Tool for tracing:\n+ API calls, including [input and output of selected functions](https://github.com/hasherezade/tiny_tracer/wiki/Tracing-function-input-and-output)\n+ [defined local functions](https://github.com/hasherezade/tiny_tracer/wiki/Tracing-defined-local-functions)\n+ selected instructions: [RDTSC](https://c9x.me/x86/html/file_module_x86_id_278.html), [CPUID](https://c9x.me/x86/html/file_module_x86_id_45.html), [INT](https://c9x.me/x86/html/file_module_x86_id_142.html)\n+ [inline system calls, including parameters of selected syscalls](https://github.com/hasherezade/tiny_tracer/wiki/Tracing-syscalls)\n+ transition between sections of the traced module (helpful in finding OEP of the packed module)\n+ [executed instructions in defined code fragments](https://github.com/hasherezade/tiny_tracer/wiki/Tracing-with-disassembly)\n\nEvades some of the known [anti-debug](https://github.com/hasherezade/tiny_tracer/wiki/The-INI-file#antidebug) and [anti-VM](https://github.com/hasherezade/tiny_tracer/wiki/The-INI-file#antivm) techniques\n\nGenerates a report in a `.tag` format (which can be [loaded into other analysis tools](https://github.com/hasherezade/tiny_tracer/wiki/Using-the-TAGs-with-disassemblers-and-debuggers)):\n\n```txt\nRVA;traced event\n```\ni.e.\n\n```txt\n345c2;section: .text\n58069;called: C:\\Windows\\SysWOW64\\kernel32.dll.IsProcessorFeaturePresent\n3976d;called: C:\\Windows\\SysWOW64\\kernel32.dll.LoadLibraryExW\n3983c;called: C:\\Windows\\SysWOW64\\kernel32.dll.GetProcAddress\n3999d;called: C:\\Windows\\SysWOW64\\KernelBase.dll.InitializeCriticalSectionEx\n398ac;called: C:\\Windows\\SysWOW64\\KernelBase.dll.FlsAlloc\n3995d;called: C:\\Windows\\SysWOW64\\KernelBase.dll.FlsSetValue\n49275;called: C:\\Windows\\SysWOW64\\kernel32.dll.LoadLibraryExW\n4934b;called: C:\\Windows\\SysWOW64\\kernel32.dll.GetProcAddress\n...\n```\n\n## šŸš§ How to build\n\nIt was tested with [Intel Pin 4.2](https://software.intel.com/en-us/articles/pin-a-binary-instrumentation-tool-downloads).\n\nYou can build it [on Windows](https://github.com/hasherezade/tiny_tracer/wiki/Installation#on-windows) or [on Linux](https://github.com/hasherezade/tiny_tracer/wiki/Installation#on-linux). Detailed descriptions available [here](https://github.com/hasherezade/tiny_tracer/wiki/Installation).\n\n*If you have any problems with building the project on Windows, you can use the test builds from the [AppVeyor server](https://ci.appveyor.com/project/hasherezade/tiny-tracer). Select the platform, and then 'Artifacts'. Check the 'Console' output to see what version of Pin is required to use them. Then, follow the [installation instructions](https://github.com/hasherezade/tiny_tracer/wiki/Installation).*\n\n## āš™ Usage\n\nšŸ“– Details about the usage you will find on [the project's Wiki](https://github.com/hasherezade/tiny_tracer/wiki).\u003cbr/\u003e\n\n## šŸ›  Helpers\n\nFor automatic generation of [`params.txt` for API arguments tracing](https://github.com/hasherezade/tiny_tracer/wiki/Tracing-parameters-of-functions), try [IAT-Tracer](https://github.com/YoavLevi/IAT-Tracer) by [YoavLevi](https://github.com/YoavLevi)\n\n\n## WARNINGS\n\n+ In order for Pin to work correctly, Kernel Debugging must be **DISABLED**.\n+ In [`install32_64`](https://github.com/hasherezade/tiny_tracer/tree/master/install32_64) you can find a utility that checks if Kernel Debugger is disabled (`kdb_check.exe`, [source](https://github.com/hasherezade/pe_utils/tree/master/kdb_check)), and it is used by the Tiny Tracer's `.bat` scripts. This utility sometimes gets flagged as a malware by Windows Defender (it is a known false positive). If you encounter this issue, you may need to [exclude](https://support.microsoft.com/en-us/windows/add-an-exclusion-to-windows-security-811816c0-4dfd-af4a-47e4-c301afe13b26) the installation directory from Windows Defender scans.\n+ Since the version 3.20 Pin has dropped a support for **old versions of Windows**. If you need to use the tool on Windows \u003c 8, try to compile it with Pin 3.19.\n\n\n---\n\nšŸ¤” Questions? Ideas? Join [Discussions](https://github.com/hasherezade/tiny_tracer/discussions)!\n\n---\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhasherezade%2Ftiny_tracer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhasherezade%2Ftiny_tracer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhasherezade%2Ftiny_tracer/lists"}