How is Vtune useful?

How is it useful?

What can it do that IDA/Olly cannot do?

[gabri3l]

From the information about it, it seems like it works more in tandem with development of source code rather than disassembling. Helps you eliminate processor hungry areas of your code.

Quote:

What can it do that IDA/Olly cannot do?

• IDA a disassembler. It tries to retrive the code, data and flow from the binary dump of an executable format. It does it with a "dead" program i.e. without executing it.
• Olly (like SoftIce) is a low-level interactive debugger. It works on the "alive" program that is you have full control while the program is running.
• Vtue is profiling tool. It gives you a detailed report that how many times each line of the code in your program has been executed and how much CPU time was consumed. This program also works with an "alive" program i.e. it extracts this information while the program is running.

Quote:

Originally Posted by Rhodium

How is it useful?

What can it do that IDA/Olly cannot do?

VTune can be incredibly useful, if you are programming in Java or C/C++/Asm. It can identify bottlenecks in code by sampling where in you program the processor is every n ns as well as performing static analysis of the output of your compiler to help tune important sections of code.

As far as a debug/crack/hack tool, it is not particularly useful. It does disassemble on the fly to show the 'hot spots' of the target code, but there is no useful way to save this information, let alone stop it an examine registers/codeflow/etc.

But as they say, if all you have is a hammer, everything else is a nail (paraphrase)

VTune is intel's optimizing program, similarily AMD has a program to optimize to the AMD processor. Depending on who your target audience is might depend on what you are optimizing for. VTune is simply a program to find "hotspots" in your program, it works in conjunction with VS.

It suggests ways to optimize certain parts of your code and shows you execution paths and more. Kris Kaspersky also wrote a book on optimizing code, unrolling loops, aligning data for cache, ram timing, called Code Optimization: Effective Memory Usage. It shows you how to use the basics of VTune and optimizing code, its a must if you are are learning about the subject.

Intel has VTune, AMD has CodeAnalyst. VTune is pretty pricey, while CodeAnalyst is free. If your goal is optimizing for AMD, CodeAnalyst can be quite useful.

While VTune isn't a great "cracking" tool, it's VERY useful in reversing. Lets say your target is a bloated pig-ware program with nearly 100 dlls (not named DLL, but instead goofy extensions that probably had some humorous relevance to the original authors). Now lets say you need to figure out its API so you can perform some cool new functionality. The problem with using Olly on Pig-Ware is that their is just so much code that you would need to be looking at.

In comes VTune.

Launch VTune (with no app, just monitor everything), run target and do action your interested in, and voila, you have the pieces of code to concentrate on. Now you load up Olly and IDA on just that sub-set.

It is worth noting that most protection routines, especially dongle routines, are convoluted and very inefficient. They are written to not be easily understood, and this usually involves lots of busy loops, jumps to pointers, etc., that all appear as hot spots in VTune.

The downside is that VTune dis's from disk image, so if the module in question is encrypted, you'll get pointers to what appears to be garbage.

But for reversing bloated Pig-Ware, it's a god send.