Process Stalker

From pedram.redhive.com,
Process Stalking is a term coined to describe the combined process of run-time profiling, state mapping and tracing. Consisting of a series of tools and scripts the goal of a successful stalk is to provide the reverse engineer with a intuitive interface to run-time block-level trace data.

The Process Stalking suite is broken into three main components; an IDA Pro plug-in, a stand alone tracing tool and a series of Python scripts for instrumenting intermediary and GML graph files. The generated GML graph definitions were designed for usage with a freely available interactive graph visualization tool.

A complete usage and script development manual for Process Stalker is available here.

An article detailing a step-by-step application of Process Stalker vs. the MS05-030 Microsoft Security bulletin is available at OpenRCE.org.
read more ...