资 源 简 介
This project is currently made of TraceSurfer, a self-modifying code analyzer coming with an IDA add-on.
It can:
* generate trace of memory references
* import these traces in the popular IDA Pro disassembler and tag the disassembled code with runtime information
* generate graphs showing a high-level analysis of the self-modifying behavior, useful for malware analysis
Getting Started
download and install the latest Pin kit for your system from http://www.pintool.org (a pre-built binary is included for Pin v33586 for Windows)
unzip the archive in %PIN_HOME%source ools
(optionally) download and install pydot if you want to generate graphs
You can now build TraceSurfer from source or run the following command to trace any executable:
tracesurfer [options] --
A trace file will be generated (binary.trace.out), that can be imported in IDA Pro (known to work with version 5.5) or analys
