[Owasp-o2-platform] Code tracing

Dinis Cruz dinis at ddplus.net
Mon Jul 26 18:36:17 EDT 2010

That is REALY interesting Colin, nice catch :)

These guys should really be moving into the security space since, if that
actually works the way it looks, it could really help with security

It looks like their (closed-source tool) works by instrumenting code (i.e.
using Aspect technology) to grab the call-flow data. I have played a bit
with similar concepts in some previous O2 modules, and a lot of the building
blocks to create something like this (at least for .NET) are already in

For example the '_CSharpScripts (O2 Tool).exe' module (which consumes the
'O2_Debugger_Mdbg.exe' module) already has 'recording' and 'animate trace'
features which would allow the storage of detailed information of ALL
instructions executed (It even includes a PoC to create O2Findings from
execution Flow :) ).

Another module that has something similar is the '_O2_Scanner_DotNet.exe'
which was a PoC that I wrote a while back that used PostSharp to instrument
a specific method,class or dll with .NET Aspect calls (on function enter and
function leave). I used this module to log execution flow and to apply
dynamic patches to vulnerable methods (i.e. dynamic patch/fix of known

Let me know if anybody is interrested in these PoCs and I'll create a quick
video showing it in action.

Dinis Cruz

On Mon, Jul 26, 2010 at 11:36 AM, Colin Watson <colin.watson at owasp.org>wrote:

> I stumbled across this "PurePath" for Java/.Net which seems to offer
> tracing of the "complete execution path" "through all tiers including
> remoting calls and external services"
> http://www.youtube.com/watch?v=qJ96PaILU-M
> Although it relates to an application performance testing product, I
> though the similarity with O2's code transaction views was
> interesting.  It uses "lightweight agents" deployed through the
> infrastructure, extending the information sources into the database
> for example.  They say "patent pending trace and capture technology we
> call PurePath".  Not open source then :-(
> Colin
> _______________________________________________
> Owasp-o2-platform mailing list
> Owasp-o2-platform at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-o2-platform
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-o2-platform/attachments/20100726/4900a97e/attachment.html 

More information about the Owasp-o2-platform mailing list