Project Description
XapSpyAnalysis is an extension to Behrang Fouladis excellent XapSpy tool. XapSpy enables you to debug method calls and variables for Windows Phone 7 XAP packages on the device emulator. XapSpyAnalysis uses exported data from XapSpy and displays them graphically over time. This way you can see what methods and variables are used during execution of an Windows Phone application. This works also with obfuscated packages, however it will show only method names like A, B, C etc. XapSpyAnalysis was developed during my Master thesis on Windows Phone 7 Security. Its graphic analysis design is based upon DroidBox.





XapSpyAnalysis consists of two parts. I had to rewrite Behrangs XDEMonitor (the part of XapSpy that tracks the method calls and variables from the console window) so that I can save the recorded values in a CSV format. This exported/saved file can be loaded into XapSpyAnalysis for further analysis.



XapSpyAnalysis can run on any Windows, as long as it supports .net V4. You do not require the Windows Phone SDK to run XapSpyAnalysis, however you will need it if you want to use XapSpy and to create the data you want to analyse. It is recommended, that you use the most current version of SDK. Between WP7 and WP7.5 exists a small but important different in how the emulator is started. In WP7 it is called "Windows Phone 7 Emulator", while in WP7.5 it is called "Windows Phone Emulator". This has effects on the XDEMonitor and needs adjustments in the source code (see the comments in this blog post). Because of the used EasyHook library, you can only use 32bit Windows versions for running the Windows Phone Emulator in combination with XapSyp.

Last edited Oct 10, 2011 at 4:01 PM by rudelm, version 8