Ever been frustrated by those missing 32-bit symbols in a REVEN 2.2 trace? Here it is: REVEN 2.3 offers new support for Windows 32-bit OS-Specific Information (OSSI) whether in a 64-bit or a 32-bit scenario.
Ever wanted to easily get the OS process an instruction belongs to? REVEN 2.3 also refines the new APIs brought by REVEN 2.2, adding current process information to the OSSI. Besides, a new status bar in the Trace widget offers detailed contextual OSSI information about the active transition.
OSSI for 32-bit Windows systems
It is now possible to obtain 32-bit symbol information for Windows traces:
- OSSI support for 32-bit DLL in Windows 10 (x64) and Windows 7 (x64) has been added.
- OSSI support for Windows 10 (x86) and Windows 7 (x86) has been added.
Current process information
REVEN 2.3 offers an easy access to the process information associated to a transition in the trace:
- In Axion, in the Trace widget, a new status bar provides detailed OSSI information (process, ring, symbol and binary information) about the active transition. A tooltip with detailed information is provided for each item.
- Process related information is now available through the Analysis API with
New Guided Tour tutorial of the Axion GUI
REVEN 2.3 comes with a new Guided Tour tutorial of the Axion GUI. Connect to a REVEN scenario with Axion and take the tour!
Axion Menu Overhaul
REVEN 2.3 introduces a brand new menu bar in Axion to make the widgets more readily accessible.
Analysis Python API
- Taint API preview: for better compatibility with Axion, marker names created
preview.taint.simple_taintare changed from e.g.
Workflow Python API (preview)
ProjectManager.connectto connect to a REVEN project from its name.
Automatic scenario recording
- The autorecord of binary now checks that the required PDBs exist or can be downloaded before launching the recording.
- The recorder logs are now available in the autorecord detail task view,
in the Project Manager
Tasks and Sessionstab.
- The autorecord of x86 binaries on x64 Windows now generally results in trace starting at the first instruction of the
binary (on the entry point) rather than the
- The overall reliability has been improved.
- Colored dots are now displayed next to the scenario status in the
- Red dots indicate resources that are out-of-date and must be replayed again so that their dependent features work with the current version.
- Orange dots indicate resources that are out-of-date, but compatible with the current version.
kernel_descriptionis now replayed during the 'Replay' step when the
OSSIfeature is selected, rather than generated in the 'Prepare' step of the snapshot. This allows to see the current version of the
- Projects now start faster.
- When the Symbol Call Search (which is fast) is available, the Symbol Search
(which is slow) is now disabled. In other words, the slower Symbol Search is
only enabled when the
pc_rangesresources are not available.
- The backtrace widget is now faster when the
binary_rangesresource is available.
- Fixed an issue that prevented having more than one started Axion session in the browser.
- Search widget: Fixed an issue where selecting an item in the completion list would sometimes result in a different item appearing in the search symbol field.