Converts .tag file produced by tiny_tracer to Cutter annotation script.
The tags generated by the Tiny Tracer are helpful in deobfuscating obfuscated API calls or when functions are link at runtime.
This script will annotate the code with tags produced by tool Tiny Tracer.
Tiny Tracer repo: https://github.com/hasherezade/tiny_tracer.
Tested on Tiny_tracer version 1.4
How to use:
You can use python script tiny_tracer_tag_to_cutter.py (Python 3+) or you can use standalone binary for Windows 64bit Here: https://github.com/Dump-GUY/tiny_tracer_tag_to_cutter/releases/tag/ver1.0
Simply drag and drop .tag file produced by tiny_tracer or run script:
Example: tiny_tracer_tag_to_cutter.py Malware.exe.tag
Example: tiny_tracer_tag_to_cutter.py "C:\Users\XXX\Desktop\TAG_TO_CUTTER\Malware.exe.tag"
Cutter .r2 script will be created in same directory as .tag file is located.
Run Cutter, load relevant sample and run the .r2 script produced by tool tiny_tracer_tag_to_cutter. You can run the .r2 script via advanced options during sample loading.
Advanced options during sample loading:
Or you can run .r2 script from Cutter view. If you run script from Cutter view - you MUST refresh view with F5 or in View Tab/Refresh Contents to see modified contents.
Running Cutter script from Cutter view:
Tiny_tracer integration to Cutter - Annotated Disassembly view, Annotated Decompile view, Annotated Graph view and Comments view.
Tiny_tracer integration to Cutter - Annotated Disassembly view, Annotated Graph view, Comments view end excelent new feature in Cutter 1.11.0 - Global Callgraph.