Kernel Driver Execution Flow ( Faster Than IDA or BinNavi )

Question

Is there any tool help my to draw kernel-mode execution flow graph (basic block based or function based) ?

My exact problem is slow speed.

To clear my question lets ask this way: Is there any fast way to draw kernel-mode execution ?

I use IDA 6.2 pro and BinNavy 5 to generate EF-Graph. They are so slow and have many problems with loops and rep-prefixed.

As I mentioned in my comment the driver initializing tracing wast 30 min (I want to draw each IOCtl graph).

Again as I mentioned in my comment I use Virtual-KD and VMWare (Is it any faster configuration ?).

1.I'm not in user mode.

2.problem is slow speed.

There are many many kernels out there. I think tagging this as Windows would be a good idea. — 0xC0000022L, May 12 '14 at 13:09

score 2 · Answer 1 · answered May 11 '14 at 10:13

2

You can give a try to IDA, since it supports kernel-mode debugging, and has a trace feature.

answered May 11 '14 at 10:13

jvoisin

Testing IDA with VirtualKD and trying to trace initial phase left about 30 min. is it Normal or any better tool chain I should use? – sealed... May 11 '14 at 14:33

1 Answers1