Analyze a trace
Tenet uses the same core and analysis passes across Desktop, TUI, CLI, RPC, and MCP entry points. Choose a topic below for the full guide.
Guides
Section titled “Guides”| Topic | Goal |
|---|---|
| Recover program structure | Functions, CFG, XRefs, loops, call graph |
| Taint and data flow | Forward taint, backward taint, critical path, dataflow graph |
| Memory, strings and value search | Snapshots, search, entropy, YARA, string discovery |
| Algorithm and pattern recognition | Pattern scan, constants, loop semantics, algorithm summary |
| ObjC, syscalls and platform API | ObjC messages, system calls, C API intercepts |
| Trace tools | Fold, diff, profile, window stats |
| Virtual machine analysis | VM handler identification, dispatch recovery, state mapping |
Quick reference
Section titled “Quick reference”Every analysis is a pass. Default-on passes run automatically; others are started on demand. See the Pass catalog for the complete list with CLI flags and dependencies.
Analysis workflow
Section titled “Analysis workflow”- Open a trace and let default passes complete.
- Inspect recovered functions, CFG and XRefs to locate the region of interest.
- Run targeted passes: forward/backward taint, pattern, memory search.
- Combine evidence: algorithm summary cross-references pattern + constant + loop + call-graph.
- Export results: DOT graphs, JSON reports, profile data.