Visualizing memory accesses of an executable

[phono]

I read this blog post his weekend, might be of interest for some here:

Visualizing memory accesses of an executable

Links

• Blog
• Wiki
• Source

Example Image

tracectory is a tool to analyze and visualize x86 instruction traces (of Windows executables, currently). The tool preprocesses an instruction trace using the miasm reverse engineering framework, and enables the user then to

• graph memory accesses
• show CPU state at arbitrary points in time
• show memory contents at arbitrary points in time (locations whose value can easily be deduced from the trace)
• trace data flow to see how the value of a certain memory write was derived

[yologuy]

Now, let's map the memory in a special way, and hide some information in this picture.

Would be a funny challenge for a CTF

[Stingered]

Quote:

Originally Posted by phono

I read this blog post his weekend, might be of interest for some here:

Visualizing memory accesses of an executable

Links

• Blog
• Wiki
• Source

Example Image

tracectory is a tool to analyze and visualize x86 instruction traces (of Windows executables, currently). The tool preprocesses an instruction trace using the miasm reverse engineering framework, and enables the user then to

• graph memory accesses
• show CPU state at arbitrary points in time
• show memory contents at arbitrary points in time (locations whose value can easily be deduced from the trace)
• trace data flow to see how the value of a certain memory write was derived

Read through this about a week ago. I could be missing the obvious, but I just don't see any real application for this based on how I debug. No issues with your post...

[user1]

@phono

yes it is.
like your work......

have a question, have an advice, maybe some good idea, src how to proper hide from any dll after load / injected in target app?