KaKeeware Tracer free download, KaKeeware Tracer download on software download

It's surprising to learn that a lot of people assume that using x86 single-stepping is no longer possible without debugging functions (available in Win32 API). The KaKeeware Tracer application was designed to be a small tool that shows that setting TF flag works the same old way as in DOS era. Apart from debugging, single-stepping can help to detect the fact that certain APIs have been intercepted (hooked). When you execute any Windows API, its executions path is quite predictable - it will start within your code, then it will go through system modules to end up (usually) with a SYSENTER (SYSCALL or int 2Eh) instruction that will transfer the control to a Kernel mode. Now... If the API is hooked (in User mode), it will (at some stage) usually go through the detours-like dispatching function that is usually put in a memory block allocated with VirtualAllocEx and basically, doesn't belong to any module. So... by tracing the execution of the function that is potentially hooked, we may discover that the program is being analyzed f.ex. with API monitor.

KaKeeware Tracer Related Software