Skip to content

Analyze a trace

Tenet uses the same core and analysis passes across Desktop, TUI, CLI, RPC, and MCP entry points. Choose a topic below for the full guide.

Topic Goal
Recover program structure Functions, CFG, XRefs, loops, call graph
Taint and data flow Forward taint, backward taint, critical path, dataflow graph
Memory, strings and value search Snapshots, search, entropy, YARA, string discovery
Algorithm and pattern recognition Pattern scan, constants, loop semantics, algorithm summary
ObjC, syscalls and platform API ObjC messages, system calls, C API intercepts
Trace tools Fold, diff, profile, window stats
Virtual machine analysis VM handler identification, dispatch recovery, state mapping

Every analysis is a pass. Default-on passes run automatically; others are started on demand. See the Pass catalog for the complete list with CLI flags and dependencies.

  1. Open a trace and let default passes complete.
  2. Inspect recovered functions, CFG and XRefs to locate the region of interest.
  3. Run targeted passes: forward/backward taint, pattern, memory search.
  4. Combine evidence: algorithm summary cross-references pattern + constant + loop + call-graph.
  5. Export results: DOT graphs, JSON reports, profile data.