Learn, hack!

Hacking and security documentation: slides, papers, video and audio recordings. All in high-quality, daily updated, avoiding security crap documents. Spreading hacking knowledge, for free, enjoy. Follow on .

Helios - a fast, portable and transparent instruction tracer

code analysis, debugger, debugging
Stefan Bühlmann
Hashdays 2010
Indexed on
Mar 27, 2013
File name
File size
1.1 MB

An instruction trace is the sequence of instructions executed when running a program. Instruction traces have a large number of applications in malware analysis. Examples of such applications are detection of self-modifying code, automated unpacking, code-similarity analysis, reverse engineering of cryptographic code, vulnerability analysis, etc. It is thus not astonishing that we have recently seen considerable interest in instruction traces in the malware research community. Accordingly, there already exists a range of instruction tracers such as Ether, Temu and Pin. An ideal tracer will be efficient (support analysis of large numbers of malware), transparent (hard to detect and evade), and portable to different versions of the Windows operating system and shall run on virtual and physical machines. None of the current tracers features all of these properties. We have developed a novel tracer dubbed "Helios", which overcomes these limitations. To this end Helios uses several advanced and novel techniques. Our talk will first introduce to the topic of tracing and its applications, followed by a detailed discussion of Helios. In particular, we will demonstrate Joedoc a novel tool for detecting exploits in documents (e.g. PDFs) which is based on instruction traces.

About us

Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.


Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.


To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.

Flattr this Click here to lend your support to: Keep live SecDocs for an year and make a donation at www.pledgie.com !