Functrace is a tool that helps to analyze a binary file with dynamic instrumentation using DynamoRIO. These are some implemented features (based on DynamoRIO):
Setup
$ wget https://github.com/DynamoRIO/dynamorio/releases/download/release_7_0_0_rc1/DynamoRIO-Linux-7.0.0-RC1.tar.gz
$ tar xvzf DynamoRIO-Linux-7.0.0-RC1.tar.gz
Or
$ wget https://github.com/DynamoRIO/dynamorio/releases/download/cronbuild-7.91.18047/DynamoRIO-x86_64-Linux-7.91.18047-0.tar.gz
$ tar xvzf DynamoRIO-x86_64-Linux-7.91.18047-0.tar.gz
You can also clone and compile directly DynamoRIO:
$ git clone https://github.com/invictus1306/functrace
$ mkdir -p functrace/build
$ cd functrace/build
$ cmake .. -DDynamoRIO_DIR=/full_DR_path/cmake/
$ make -j4
Also Read – SharpHide : Tool To Create Hidden Registry Keys
Simple DEMO
Using Functrace
$ drrun -c libfunctrace.so -report_file report — target_program [args]
Options
The following [functrace](https://github.com/invictus1306/functrace) options are supported:
-disassembly-> disassemble all the functions
-disas_func function_name -> disassemble only the function function_name
-wrap_function function_name-> wrap the function function_name
-wrap_function_args num_args-> number of arguments of the wrapped function
-cbr-> remove the bb from the cache (in case of conditional jump)
-report_file file_name-> report file name (required)
-verbose-> verbose]
Simple Usage
Option -verbose
$ drrun -c libfunctrace.so -report_file report -verbose — target_program [args]
Option -Disassemby
$ drrun -c libfunctrace.so -report_file report -disassembly — target_program [args]
Option -Disas_Func
$ drrun -c libfunctrace.so -report_file report -disas_func name_function — target_program [args]
$ drrun -c libfunctrace.so -report_file report -wrap_function name_function -wrap_function_args num_args — target_program [args]
Option -CBR
$ drrun -c libfunctrace.so -report_file report -cbr — target_program [args]
CVE-2018-4013 – Vulnerability Analysis
A vulnerability on the LIVE555 RTSP server library. This is the description.
Introduction to the Model Context Protocol (MCP) The Model Context Protocol (MCP) is an open…
While file extensions in Linux are optional and often misleading, the file command helps decode what a…
The touch command is one of the quickest ways to create new empty files or update timestamps…
Handling large numbers of files is routine for Linux users, and that’s where the find command shines.…
Managing files and directories is foundational for Linux workflows, and the mv (“move”) command makes it easy…
Creating directories is one of the earliest skills you'll use on a Linux system. The mkdir (make…