Exetools - Visualizing memory accesses of an executable

Exetools (https://forum.exetools.com/index.php)

- General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)

- - Visualizing memory accesses of an executable (https://forum.exetools.com/showthread.php?t=18667)

Visualizing memory accesses of an executable

I read this blog post his weekend, might be of interest for some here:

Visualizing memory accesses of an executable

Links

Example Image

tracectory is a tool to analyze and visualize x86 instruction traces (of Windows executables, currently). The tool preprocesses an instruction trace using the miasm reverse engineering framework, and enables the user then to

graph memory accesses
show CPU state at arbitrary points in time
show memory contents at arbitrary points in time (locations whose value can easily be deduced from the trace)
trace data flow to see how the value of a certain memory write was derived

Now, let's map the memory in a special way, and hide some information in this picture.

Would be a funny challenge for a CTF

Quote:

Originally Posted by phono (Post 112300)

I read this blog post his weekend, might be of interest for some here:

Visualizing memory accesses of an executable

Links

graph memory accesses
show CPU state at arbitrary points in time
show memory contents at arbitrary points in time (locations whose value can easily be deduced from the trace)
trace data flow to see how the value of a certain memory write was derived

Read through this about a week ago. I could be missing the obvious, but I just don't see any real application for this based on how I debug. No issues with your post...

@phono

yes it is.
like your work......

have a question, have an advice, maybe some good idea, src how to proper hide from any dll after load / injected in target app?