Implement delete cache button
siarsky opened this issue · 0 comments
siarsky commented
Cryptoshark caches data (at least on Mac), so that if you restart the cryptoshark, already scanned functions/injected code are stored. This is a nice feature, but in the case a patched binary should be traced again, Cryptoshark still displays old data - and the GUI has no "Clear cache" button or information were cached data are stored so that they can be deleted manually.
I tried:
- deletion of /Users/user/Library/Caches/Cryptoshark/qmlcache/*.qmlc files, but after restart of Cryptoshark the files got restored magically again
- analyze cryptoshark access to files (Active Monitor => View => Inspect Process => Open files)
Nothing useful found - searching for a line from an instrumentation:
grep -iR "corefoundation_1bb450" * 2>/dev/null
brought at last:
Binary file /Users/user/Desktop/AppName.db3 matches
So in order to get rid of all Cryptoshark cached data on Mac just use:
rm /Users/user/Desktop/*.db3
or search for *.db3 on Windows/Linux.
REQUIREMENT
Please introduce an "Clear cache" button or add information in GUI were the sqlite DB3 files are stored.