Clone wiki

tracectory / Home

tracectory

Screenshot

tracectory is a tool to analyze and visualize x86 instruction traces (of Windows executables, currently). The tool preprocesses an instruction trace using the miasm reverse engineering framework, and enables the user then to

  • graph memory accesses
  • show CPU state at arbitrary points in time
  • show memory contents at arbitrary points in time (locations whose value can easily be deduced from the trace)
  • trace data flow to see how the value of a certain memory write was derived

General structure

The use of the tool is done in two phases:

Preprocessing phaseAnalysis phase
The source files (OllyDbg run trace and a memory snapshot) are processed and indexed into a database. For information on how to add new traces to the tool see page OllyDbgImportThe user can interact with the UI and make queries into the DB. For more information, see BrowserGUI

Installation

The following script can be used to install the tool along with its dependencies to a Ubuntu installation.

Installation script

#!/bin/bash
# mongodb
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 7F0CEB10
echo 'deb http://downloads-distro.mongodb.org/repo/ubuntu-upstart dist 10gen' | tee /etc/apt/sources.list.d/10gen.list
apt-get update
apt-get -y install libtool autoconf g++ git python-dev build-essential python pkg-config mongodb-10gen python-pymongo
service mongodb stop
echo "bind_ip = 127.0.0.1" >> /etc/mongodb.conf
service mongodb start
# miasm
apt-get -y install mercurial python-cherrypy3 python-numpy python-ply screen python-zmq libzmq-dev
hg clone https://code.google.com/p/smiasm/ smiasm
cd smiasm; cd elfesteem; python setup.py install
cd ../..; hg clone -r 6b7d38539248 https://code.google.com/p/miasm/ miasm
cd miasm; sudo python setup.py install
apt-get -y install python-simplejson vim
cd ..
#tracectory
git clone https://bitbucket.org/oebeling/tracectory.git

After installing the tool, you can import your first trace.

Updated