tracectory is a tool to analyze and visualize x86 instruction traces (of Windows executables, currently). The tool preprocesses an instruction trace using the miasm reverse engineering framework, and enables the user then to
- graph memory accesses
- show CPU state at arbitrary points in time
- show memory contents at arbitrary points in time (locations whose value can easily be deduced from the trace)
- trace data flow to see how the value of a certain memory write was derived
The use of the tool is done in two phases:
|Preprocessing phase||Analysis phase|
|The source files (OllyDbg run trace and a memory snapshot) are processed and indexed into a database. For information on how to add new traces to the tool see page OllyDbgImport||The user can interact with the UI and make queries into the DB. For more information, see BrowserGUI|
The following script can be used to install the tool along with its dependencies to a Ubuntu installation.
#!/bin/bash # mongodb apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10 echo 'deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen' | tee /etc/apt/sources.list.d/10gen.list apt-get update apt-get -y install libtool autoconf g++ git python-dev build-essential python pkg-config mongodb-10gen python-pymongo service mongodb stop echo "bind_ip = 127.0.0.1" >> /etc/mongodb.conf service mongodb start # miasm apt-get -y install mercurial python-cherrypy3 python-numpy python-ply screen python-zmq libzmq-dev hg clone https://code.google.com/p/smiasm/ smiasm cd smiasm; cd elfesteem; python setup.py install cd ../..; hg clone -r 6b7d38539248 https://code.google.com/p/miasm/ miasm cd miasm; sudo python setup.py install apt-get -y install python-simplejson vim cd .. #tracectory git clone https://bitbucket.org/oebeling/tracectory.git
After installing the tool, you can import your first trace.