Time Table

The initial phase of binary analysis-understanding “what a program actually does”-is fundamentally broken. Static analysis shows code that might run, while debuggers offer a slow, step-by-step view of a single execution path, failing to capture the dynamic, multi-threaded reality of modern software. This creates a critical bottleneck for triage and incident response.

We present BIN2TL, a lightweight, high-level execution tracer, not another debugger. Using Intel Pin, it captures key events (function calls, thread activity) from concrete execution and converts them into a standard Perfetto timeline. The result is a complete, interactive, high-level map of the program’s behavior over time.

This approach provides what other tools cannot: a rapid, holistic overview. We will demonstrate how BIN2TL makes complex analysis intuitive. See how ransomware encryption threads operate in parallel, or instantly identify the code regions used by a specific feature.