Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 02-18-2018, 21:25
phono phono is offline
Friend
 
Join Date: May 2016
Posts: 17
Rept. Given: 0
Rept. Rcvd 5 Times in 3 Posts
Thanks Given: 5
Thanks Rcvd at 44 Times in 10 Posts
phono Reputation: 5
Visualizing memory accesses of an executable

I read this blog post his weekend, might be of interest for some here:

Visualizing memory accesses of an executable

Links

Example Image

tracectory is a tool to analyze and visualize x86 instruction traces (of Windows executables, currently). The tool preprocesses an instruction trace using the miasm reverse engineering framework, and enables the user then to
  • graph memory accesses
  • show CPU state at arbitrary points in time
  • show memory contents at arbitrary points in time (locations whose value can easily be deduced from the trace)
  • trace data flow to see how the value of a certain memory write was derived
Reply With Quote
The Following 3 Users Say Thank You to phono For This Useful Post:
Stingered (03-02-2018), user1 (07-12-2018), zeffy (07-13-2018)
  #2  
Old 03-02-2018, 07:24
yologuy yologuy is offline
Friend
 
Join Date: Nov 2016
Posts: 18
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 5
Thanks Rcvd at 23 Times in 9 Posts
yologuy Reputation: 0
Now, let's map the memory in a special way, and hide some information in this picture.

Would be a funny challenge for a CTF
Reply With Quote
  #3  
Old 03-02-2018, 09:09
Stingered Stingered is offline
Friend
 
Join Date: Dec 2017
Posts: 256
Rept. Given: 0
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 296
Thanks Rcvd at 179 Times in 89 Posts
Stingered Reputation: 2
Quote:
Originally Posted by phono View Post
I read this blog post his weekend, might be of interest for some here:

Visualizing memory accesses of an executable

Links

Example Image

tracectory is a tool to analyze and visualize x86 instruction traces (of Windows executables, currently). The tool preprocesses an instruction trace using the miasm reverse engineering framework, and enables the user then to
  • graph memory accesses
  • show CPU state at arbitrary points in time
  • show memory contents at arbitrary points in time (locations whose value can easily be deduced from the trace)
  • trace data flow to see how the value of a certain memory write was derived
Read through this about a week ago. I could be missing the obvious, but I just don't see any real application for this based on how I debug. No issues with your post...
Reply With Quote
The Following User Says Thank You to Stingered For This Useful Post:
user1 (07-12-2018)
  #4  
Old 07-12-2018, 17:57
user1 user1 is offline
Family
 
Join Date: Sep 2012
Location: OUT
Posts: 1,041
Rept. Given: 547
Rept. Rcvd 120 Times in 67 Posts
Thanks Given: 695
Thanks Rcvd at 566 Times in 337 Posts
user1 Reputation: 41
@phono

yes it is.
like your work......

have a question, have an advice, maybe some good idea, src how to proper hide from any dll after load / injected in target app?

Last edited by user1; 07-13-2018 at 02:42.
Reply With Quote
Reply

Tags
memory, ollydbg, visualizing

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Dos executable cAtA General Discussion 3 05-20-2003 08:49


All times are GMT +8. The time now is 22:13.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )