Wiki
Clone wikitracectory / Home
tracectory
tracectory is a tool to analyze and visualize x86 instruction traces (of Windows executables, currently). The tool preprocesses an instruction trace using the miasm reverse engineering framework, and enables the user then to
- graph memory accesses
- show CPU state at arbitrary points in time
- show memory contents at arbitrary points in time (locations whose value can easily be deduced from the trace)
- trace data flow to see how the value of a certain memory write was derived
General structure
The use of the tool is done in two phases:
Preprocessing phase | Analysis phase |
---|---|
The source files (OllyDbg run trace and a memory snapshot) are processed and indexed into a database. For information on how to add new traces to the tool see page OllyDbgImport | The user can interact with the UI and make queries into the DB. For more information, see BrowserGUI |
Installation
The following script can be used to install the tool along with its dependencies to a Ubuntu installation.
Installation script
#!/bin/bash
# mongodb
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10
echo 'deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen' | tee /etc/apt/sources.list.d/10gen.list
apt-get update
apt-get -y install libtool autoconf g++ git python-dev build-essential python pkg-config mongodb-10gen python-pymongo
service mongodb stop
echo "bind_ip = 127.0.0.1" >> /etc/mongodb.conf
service mongodb start
# miasm
apt-get -y install mercurial python-cherrypy3 python-numpy python-ply screen python-zmq libzmq-dev
hg clone https://code.google.com/p/smiasm/ smiasm
cd smiasm; cd elfesteem; python setup.py install
cd ../..; hg clone -r 6b7d38539248 https://code.google.com/p/miasm/ miasm
cd miasm; sudo python setup.py install
apt-get -y install python-simplejson vim
cd ..
#tracectory
git clone https://bitbucket.org/oebeling/tracectory.git
After installing the tool, you can import your first trace.
Updated