Tracing¶
A core reason for creating revenge
was to make tracing applications easier.
With that in mind, there will be a few different built-in tracers to run.
Note
You can only have one trace running per-thread at a time! This is a function of of DBI works, and not a limitation with revenge specifically.
Tracing is now considered a Technique
. See Techniques for more
information
Instruction Tracing¶
It’s often interesting to simply trace an execution path. To do this with
revenge
, you can use the instruction tracing method to get a Tracer object
and view your results. You can trace at different levels of granularity by
specifying what you want to trace in the keyword arguments.
Examples¶
# Possible tracing options are: call, ret, block, exec, compile
# Default is False for all of them, so specify any combination
trace = process.techniques.NativeInstructionTracer(call=True, ret=True)
# Since trace is a technique, you must apply it
# By default, trace will apply to all threads if not given any arguments
trace.apply()
t = list(trace)[0]
print(t)
"""
call ls:_init+0x211c libc-2.27.so:__libc_start_main 0
call libc-2.27.so:__libc_start_main+0x47 libc-2.27.so:__cxa_atexit 1
call libc-2.27.so:__cxa_atexit+0x54 libc-2.27.so:on_exit+0xe0 2
ret libc-2.27.so:on_exit+0x1a7 libc-2.27.so:__cxa_atexit+0x59 3
ret libc-2.27.so:__cxa_atexit+0xb4 libc-2.27.so:__libc_start_main+0x4c 2
call libc-2.27.so:__libc_start_main+0x76 ls:_obstack_memory_used+0xc30 1
call ls:_obstack_memory_used+0xc5c ls:_init 2
ret ls:_init+0x16 ls:_obstack_memory_used+0xc61 3
call ls:_obstack_memory_used+0xc79 ls:_init+0x21f8 2
ret ls:_init+0x21a9 ls:_obstack_memory_used+0xc7d 3
ret ls:_obstack_memory_used+0xc94 libc-2.27.so:__libc_start_main+0x78 2
call libc-2.27.so:__libc_start_main+0x9a libc-2.27.so:_setjmp 1
ret libc-2.27.so:__sigsetjmp+0x83 libc-2.27.so:__libc_start_main+0x9f 2
call libc-2.27.so:__libc_start_main+0xe5 ls:_init+0x738 1
<clipped>
"""
# Loop through each instruction in the trace
for i in t:
print(i)
# Remove the trace so you can run a different one
trace.remove()
# Take a slice of the trace
t2 = t[12:24]
Timeless Tracing¶
revenge
has a technique for timeless tracing. For more information, see
NativeTimelessTracer.