We are proud to announce that today we are releasing Tycho 1.1. This release features USB 3 Debug Port Support, System Call Interpretation, and a plugin for IDA Pro that shows memory information directly within IDA.
USB 3 Debug Port Support
With the new support for USB 3 Debug Cables the communication between Tycho and the virtualization platform on the target is now significantly faster. This enables large memory dumps and features that transfer a lot of data between the two components, such as System Call Interpretation.
Every USB 3 port on every machine can be used as a USB 3 Debug port. This enables us to expand to platforms that do not have Intel's vPro or a serial port in the future.
System Call Interpretation
With Tycho 1.0 we introduced the system call semantic breakpoint. This feature
allows a user to stop the execution of a sample at any system call it executes.
Even if the sample goes around the Windows low level libraries and executes the
sycall instruction directly.
System Call Interpretation gives you full control over any executed system calls. System call breakpoints without any interpretation left you with just the register state and a lot of work to make sense of the system call parameters, or follow pointers. With Tycho's System Call Interpretation you have rich semantic information right at your fingertips. For each system call you can now view and modify parameters, follow pointers, and view and modify buffer contents. You can also modify any return values.
IDA Memory Information Plugin
Tycho can now provide IDA Pro with information about the memory structure of your sample. This greatly simplifies using Tycho with IDA Pro:
Learn More or Get a Demo
Learn more about Tycho on our Tycho product page. If you have any questions you can also contact us via e-mail at service@cyberus-technology.de or call us at +4935127501484.
