This IDA Plugin is instrumenting the binary using the DynamoRIO framework. It can resolve most of the dynamic values for registers and memory locations which are usually missed in a static analysis. It can help to find jump locations e.g. call eax or interesting strings e.g. “PE” which are decoded at runtime. You can also instrument the binary in a way that it can dump interesting buffers and last but not least you have several options to patch the binary at runtime to avoid anti-analyzing functions.
The talk would first describe the basics about the DynamoRIO instrumentation framework and then the capabilities, architecture and features of the plugin, followed by a live demo. The plugin can significantly improve the analyzing time of malware samples.