tiny_tracer icon indicating copy to clipboard operation
tiny_tracer copied to clipboard

Published 20 hours ago verified publisher icon hasherezade

Is there a way to track created processes?

Open Ou7law007 opened this issue 3 years ago • 4 comments

My sample calls CreateProcessInternalW to create a new process, is there a way track it without attaching a debugger or hooking the function?

Ou7law007 avatar Sep 04 '21 20:09 Ou7law007

Sorry but currently TinyTracer does not provide following children processes. However, as far as I know Pin gives such option, so I will check if I can add it.

hasherezade avatar Sep 07 '21 13:09 hasherezade

Thank you. I was able to run the child process on its own but it requires specific arguments. Is there a way to maybe pass arguments to tiny tracer?

Ou7law007 avatar Sep 08 '21 14:09 Ou7law007

I was able to run the child process on its own but it requires specific arguments. Is there a way to maybe pass arguments to tiny tracer?

Yes. You just need to add the parameter in the run_me.bat, just after the "%TARGET_APP%" https://github.com/hasherezade/tiny_tracer/blob/a38128de2aba8996ce84cc394370ded5987700bb/install32_64/run_me.bat#L79

hasherezade avatar Sep 08 '21 20:09 hasherezade

Awesome. Thank you

Ou7law007 avatar Sep 09 '21 09:09 Ou7law007