Support wow64 traces?

[tostercx]

Hello, thanks for the awesome project!

I'm attempting to fuzz a wow64 application with wtf - my traces end up 64bit but tenet on ida with a 32bit binary is able to load only 32bit traces. It would be nice if tenet was able to load these as well.

I guess another option would be for wtf to support 32bit trace output? That would leave out some steps that happen in 64bit land tho.

I'm currently using a hacky script to convert the 64bit trace to 32. It simply drops anything 64bit related and converts r[xx] to e[xx]. Seems to somewhat work in most cases. Adding it below if anyone needs it.

<?php

$infile = $argv[1];
$out = [];

foreach (file($infile, 6) as $line)
{
    $items = [];
    foreach (explode(',', $line) as $item)
    {
        if (preg_match('#0x[\da-f]{9}#', $item)) // drop anything that looks 64bit
            continue;
        
        list($key, $value) = explode('=', $item);
        
        if (preg_match('#r\d+#', $key)) // drop r8-r15
            continue;
        
        if (preg_match('#r\w\w#', $key)) // rxx -> exx
            $item = 'e'.substr($key,1).'='.$value;
        
        $items[] = $item;
    }
    
    $out[] = implode(',', $items);
}

file_put_contents($infile.'.wow64', implode("\n", array_filter($out)));