https://github.com/revsic/branchtracer

Branch based windows debugger
https://github.com/revsic/branchtracer

branch-tracer cpp dll-injection exception-handler veh

Last synced: 7 months ago
JSON representation

Branch based windows debugger

• Host: GitHub
• URL: https://github.com/revsic/branchtracer
• Owner: revsic
• License: mit
• Created: 2017-01-13T05:39:22.000Z (about 9 years ago)
• Default Branch: master
• Last Pushed: 2019-07-30T19:11:44.000Z (over 6 years ago)
• Last Synced: 2025-05-05T18:06:00.287Z (10 months ago)
• Topics: branch-tracer, cpp, dll-injection, exception-handler, veh
• Language: C++
• Homepage:
• Size: 125 KB
• Stars: 21
• Watchers: 4
• Forks: 5
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# BranchTracer

C++ Implementation of Branch Tracer.

- Copyright (c) 2019 YoungJoong Kim. tf-branch-malware is licensed under the [MIT license](./LICENSE).

- This repository aims to write branch based windows debugger.

## Tested Environments

- Windows 10

- Visual Studio 2019

## Usage

Compile solution with visual studio or msbuild.

```

msbuild .\Brancher\Brancher.sln /p:configuration=Debug

```

Make log file on C:\dbg

```

mkdir C:\dbg

echo "" > C:\dbg\log.txt    # branch tracer open existing log file not creating new

```

Default is debug mode and it will run internet explorer as sample.

CTRL + F5 to run Helper on visual studio, or run on cmd.

```

cd .\Brancher\Brancher

..\x64\Debug\Helper.exe     # Helper run branch tracer based on relative path

```

On release mode, place Brancher.dll on C:\dbg\Brancher64.dll and target program on C:\dbg\sample.exe.

```

msbuild .\Brancher\Brancher.sln /p:configuration=Release

mv .\Brancher\x64\Release\Brancher.dll C:\dbg\Brancher64.dll

cp C:\Windows\notepad.exe C:\dbg\sample.exe

echo "" > C:\dbg\log.txt                                        # reinitialize log

.\Brancher\x64\Release\Helper.exe

```

Sample log file.

```

+00007FF730C9B842,00007FFF4E004CC0,msvcrt.dll,memset

+00007FF730C84279,00007FFF4D83E420,KERNEL32.DLL,GetCommandLineW

+00007FF730C84289,00007FF730C81130,,

+00007FF730C8117C,00007FFF4F6CCDE0,ntdll.dll,EtwEventRegister

+00007FF730C811A9,00007FFF4F6F3720,ntdll.dll,EtwEventSetInformation

+00007FF730C811B9,00007FF730C9AEC0,,

+00007FF730C84298,00007FFF4DC0DE40,combase.dll,CoCreateGuid

+00007FF730C84331,00007FFF4D83EEB0,KERNEL32.DLL,HeapSetInformation

+00007FF730C8433E,00007FFF4DBBF1A0,combase.dll,CoInitializeEx

+00007FF730C84354,00007FF730C9A8B0,,

+00007FF730C9A8DE,00007FFF4DC5C850,combase.dll,RoInitialize

+00007FF730C9A903,00007FFF4DBC9260,combase.dll,WindowsCreateStringReference

+00007FF730C9A94E,00007FFF4DBC3FC0,combase.dll,RoGetActivationFactory

+00007FF730C9A971,00007FFF4F70FC10,ntdll.dll,RtlRetrieveNtUserPfn

+00007FF730C9AAD7,00007FFF4F70FC10,ntdll.dll,RtlRetrieveNtUserPfn

+00007FF730C9AAE6,00007FF730C9AEC0,,

```