GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → melynx → peekaboo

melynx / peekaboo

Licence: Apache-2.0 license
An standalone execution trace library built on DynamoRIO.

Programming Languages

c
50402 projects - #5 most used programming language
python
139335 projects - #7 most used programming language
Makefile
30231 projects
rust
11053 projects
shell
77523 projects
CMake
9771 projects

Labels

dynamicx86-64tracex86traceramd64aarch64pindynamoriox86-32aarch32dynamorio-client

Projects that are alternatives of or similar to peekaboo

Remill
Library for lifting of x86, amd64, and aarch64 machine code to LLVM bitcode
Stars: ✭ 633 (+3623.53%)
Mutual labels:  x86-64, x86, aarch64
Unisimd Assembler
SIMD macro assembler unified for ARM, MIPS, PPC and x86
Stars: ✭ 63 (+270.59%)
Mutual labels:  x86-64, x86, aarch64
Rappel
A linux-based assembly REPL for x86, amd64, armv7, and armv8
Stars: ✭ 818 (+4711.76%)
Mutual labels:  x86-64, x86, aarch64
fadec
A fast and lightweight decoder for x86 and x86-64 and encoder for x86-64.
Stars: ✭ 44 (+158.82%)
Mutual labels:  x86-64, x86, x86-32
Bdvl
LD_PRELOAD Linux rootkit (x86 & ARM)
Stars: ✭ 232 (+1264.71%)
Mutual labels:  dynamic, x86-64, x86
Asmdb
Instructions database and utilities for X86/X64 and ARM (THUMB/A32/A64) architectures.
Stars: ✭ 258 (+1417.65%)
Mutual labels:  x86-64, x86, aarch64
ArvernOS
💾 A minimal, experimental and "toy" monolithic kernel to learn about OS development // Work In Progress
Stars: ✭ 313 (+1741.18%)
Mutual labels:  x86-64, aarch64, aarch32
Fukuro
Simple microkernel (early stage)
Stars: ✭ 18 (+5.88%)
Mutual labels:  x86, aarch64, x86-32
Asmjit
Machine code generation for C++
Stars: ✭ 2,874 (+16805.88%)
Mutual labels:  x86-64, x86, aarch64
Mandibule
linux elf injector for x86 x86_64 arm arm64
Stars: ✭ 171 (+905.88%)
Mutual labels:  x86-64, x86, aarch64
x86-Assembly-Reverse-Engineering
🛠 Knowledge about the topic of x86 assembly & disassembly 🛠
Stars: ✭ 27 (+58.82%)
Mutual labels:  x86-64, x86, x86-32
oberon-07-compiler
Oberon-07 compiler for x64 (Windows, Linux), x86 (Windows, Linux, KolibriOS), MSP430x{1,2}xx, STM32 Cortex-M3
Stars: ✭ 45 (+164.71%)
Mutual labels:  x86-64, x86, amd64
x86e
A simple x86 emulator, debugger, and editor in JavaScript.
Stars: ✭ 89 (+423.53%)
Mutual labels:  x86-64, x86, amd64
profiler-api
The portable version of JetBrains profiler API for .NET Framework / .NET Core / .NET / .NET Standard / Mono
Stars: ✭ 21 (+23.53%)
Mutual labels:  x86-64, x86, aarch64
pinktrace
Pink's Tracing Library
Stars: ✭ 20 (+17.65%)
Mutual labels:  x86-64, x86, aarch64
Reko
Reko is a binary decompiler.
Stars: ✭ 942 (+5441.18%)
Mutual labels:  x86-64, x86, aarch64
opcodesDB
x86-64 | ARM (AArch32/AArch64/THUMB) full instruction set.
Stars: ✭ 49 (+188.24%)
Mutual labels:  x86, aarch64, aarch32
Mcsema
Framework for lifting x86, amd64, aarch64, sparc32, and sparc64 program binaries to LLVM bitcode
Stars: ✭ 2,198 (+12829.41%)
Mutual labels:  x86-64, x86, aarch64
lsp-dsp-lib
DSP library for signal processing
Stars: ✭ 37 (+117.65%)
Mutual labels:  x86-64, aarch64, x86-32
bmod
bmod parses binaries for modification/patching and disassembles machine code sections.
Stars: ✭ 12 (-29.41%)
Mutual labels:  x86-64, x86, x86-32
View All Similar Projects ➔

Peekaboo

deepcode

Peekaboo is an attempt to provide an easily extensible and usable dynamic trace format. Peekaboo provides definitions for typical properties expected for dynamic traces like instruction addresses, memory operand info, register info, etc. The trace is structured as a collection of files each corresponding to some piece of information which the trace support. Currently, peekaboo has a execution tracer that is built on top of DynamoRIO. There are future plans for a PIN execution tracer and different conversion tools to convert traces obtained from other tools to peekaboo format.

Architectures

Currently Support

AMD64, X86

Going to Support

AARCH64, AARCH32

C/C++ library: libpeekaboo

How to build

cd libpeekaboo
make

How to install

This is for your easy deployment, not required for the tracer or the trace reader.

sudo make install

How to uninstall

sudo make uninstall

Tracer (DynamoRIO)

Dependency

How to build

Before building the tracer, you need to build libpeekaboo in libpeekaboo directory.

cd peekaboo_dr
mkdir build
cd build
DynamoRIO_DIR=($DynamoRIO_PATH) cmake ..
make

Then you will have a file named 'libpeekaboo_dr.so' under the build folder.

How to start tracing

Say, you want to run with command ls in 64-bit mode:

($DynamoRIO_PATH)/bin64/drrun -c ($Peekaboo_PATH)/peekaboo_dr/build/libpeekaboo_dr.so -- ls

What you can get

You should get a folder in the current directory like this:

ls-31401
├────insn.bytemap
├────process_tree.txt
└────31401
      ├────insn.trace
      ├────memfile
      ├────memrefs
      ├────metafile
      ├────proc_map
      └────regfile

If the application forked during tracing, there will be other sub folders. The structure will be like this (child PID is 32109):

fork-32105
├────insn.bytemap
├────process_tree.txt
├────32105
|     ├────insn.trace
|     ├────memfile
|     ├────memrefs
|     ├────metafile
|     ├────proc_map
|     └────regfile
└────32109
      ├────insn.trace
      ├────memfile
      ├────memrefs
      ├────metafile
      ├────proc_map
      └────regfile

Trace Reader (C/C++)

Dependency

(Optional) For disassembly function

  • (Recommended) libcapstone-dev
  • (Alternative) binutils-dev>=2.29

How to build

In the project home directory:

make

How to use

Usage: ./read_trace [Options] path_to_trace_dir
Options:
  -r                    Print register values.
  -m                    Print memory values.
  -y                    Print syscalls. Not compatible with -p.
  -s <instr id>         Print trace starting from the given id. Below zero for reversed order.
  -e <instr id>         Print trace till the given id.
  -a <memory addr>      Search for all instructions accessing given memory address.
  -p <pattern file>     Search for instruction patterns in trace. See pattern.txt for samples. Not compatible with -c.
  -h                    Print this help.

Example 1: Print all instructions inside the trace

./read_trace ./ls-31401/31401

Example 2: Print those instructions from the 100th to the 200th

./read_trace -s 100 -e 200 ./ls-31401/31401

Example 3: Print instructions with their memory access address and register values

./read_trace -mr ./ls-31401/31401

Example 4: Search for instruction patterns in the trace

Let's say you want to search for a code snippet with following instructions:

  • ...
  • push rbp
  • mov rbp,rsp
  • ...

You can create a pattern.txt with their rawbytes:

55       # push  rbp
48 89 e5 # mov   rbp,rsp

Then use pattern.txt to search:

./read_trace -p pattern.txt ./ls-31401/31401

We have created a pattern.txt as an example.

Example 5: Search for instructions which accessed a specific address

If you want to get all instructions that read/write 0x7fbfc3c3ccde:

./read_trace -a 0x7fbfc3c3ccde ./ls-31401/31401

Example 6: Show all system calls inside the trace

./read_trace -c ./ls-31401/31401
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].