2.3.0

Highlights

Ever been frustrated by those missing 32-bit symbols in a REVEN 2.2 trace? Here it is: REVEN 2.3 offers new support for Windows 32-bit OS-Specific Information (OSSI) whether in a 64-bit or a 32-bit scenario.

Ever wanted to easily get the OS process an instruction belongs to? REVEN 2.3 also refines the new APIs brought by REVEN 2.2, adding current process information to the OSSI. Besides, a new status bar in the Trace widget offers detailed contextual OSSI information about the active transition.

OSSI for 32-bit Windows systems

It is now possible to obtain 32-bit symbol information for Windows traces:

  • OSSI support for 32-bit DLL in Windows 10 (x64) and Windows 7 (x64) has been added.
  • OSSI support for Windows 10 (x86) and Windows 7 (x86) has been added.

Current process information

REVEN 2.3 offers an easy access to the process information associated to a transition in the trace:

  • In Axion, in the Trace widget, a new status bar provides detailed OSSI information (process, ring, symbol and binary information) about the active transition. A tooltip with detailed information is provided for each item.
  • Process related information is now available through the Analysis API with Context.ossi.process().

New Guided Tour tutorial of the Axion GUI

REVEN 2.3 comes with a new Guided Tour tutorial of the Axion GUI. Connect to a REVEN scenario with Axion and take the tour!

Axion Menu Overhaul

REVEN 2.3 introduces a brand new menu bar in Axion to make the widgets more readily accessible.

Improvements

Analysis Python API

  • Taint API preview: for better compatibility with Axion, marker names created by preview.taint.simple_taint are changed from e.g. tag0 to Tag0.

Workflow Python API (preview)

  • Added ProjectManager.connect to connect to a REVEN project from its name.
  • Added ProjectManager.hostname and ProjectManager.port properties.

Automatic scenario recording

  • The autorecord of binary now checks that the required PDBs exist or can be downloaded before launching the recording.
  • The recorder logs are now available in the autorecord detail task view, in the Project Manager Tasks and Sessions tab.
  • The autorecord of x86 binaries on x64 Windows now generally results in trace starting at the first instruction of the binary (on the entry point) rather than the CreateProcessInternalW function.
  • The overall reliability has been improved.

Project Manager

  • Colored dots are now displayed next to the scenario status in the Scenario Manager tab.
    • Red dots indicate resources that are out-of-date and must be replayed again so that their dependent features work with the current version.
    • Orange dots indicate resources that are out-of-date, but compatible with the current version.
  • The kernel_description is now replayed during the 'Replay' step when the OSSI feature is selected, rather than generated in the 'Prepare' step of the snapshot. This allows to see the current version of the kernel_description resource.
  • Projects now start faster.

Axion

  • When the Symbol Call Search (which is fast) is available, the Symbol Search (which is slow) is now disabled. In other words, the slower Symbol Search is only enabled when the binary_ranges and pc_ranges resources are not available.
  • The backtrace widget is now faster when the binary_ranges resource is available.

Fixed issues

Project Manager

  • Fixed an issue that prevented having more than one started Axion session in the browser.

Axion

  • Search widget: Fixed an issue where selecting an item in the completion list would sometimes result in a different item appearing in the search symbol field.