News

Published on October 10th, 2016 📆 | 5919 Views ⚑

0

Instruction Trace Visualisation Tool: rgat


Text to Speech Demo
An instruction trace visualisation tool intended to help reverse engineers make the link between target behaviour and code. rgat uses dynamic binary instrumentation (courtesy of DynamoRIO) to produce graphs from running executables. It creates static and animated visualisations in realtime to support types of analysis that might be a lot more cumbersome with disassemblers and debuggers alone.

 

Download/Installation

It’s built to depend on the Windows 10 Universal CRT so if you have a version lower than that you might need to install it

Unzip it, run it.

Try to execute something. If you get an error then you likely need to install the Visual C++ Redistributable for Visual Studio 2012, because reasons.

It should create a default config file at start up, feel free to customise.

 

Instruction Trace Visualisation Tool: rgat

 

Running

Virtual Machines and OpenGL do not get on well together. rgat works on VMWare Workstation with a Win 7 guest but it tends to crash VirtualBox. You can use it from the command line in environments without 3D capability and export the save file for analysis elsewhere.

Run, save and load traces from the file menu. Other functionality should be reasonably self explanatory from the other menus.

[adsense size='1']





run from the command line with -h to get a list of command line options. Ctrl-C will force rgat to save everything it has so far and quit.

Graph navigation is intended to be similar to Google Earth: drag it with the mouse and zoom with the scroll wheel. Num pad 7,8,1 and 2 allow finer grained zoom control.

Press ‘n’ to stop the stuff on the back of the sphere cluttering up your view, and ‘t’ and ‘m’ to toggle instruction and dll text to the situation if the default’s don’t work for the situation.

Use the arrow keys to stretch and compress the graph you are looking at. Turn off autoscaling in the options menu if rgat doesn’t like it.

 

https://github.com/ncatlin/rgat/wiki

 

rgat relies upon:

  • DynamoRIO for generating instruction [opcode] traces
  • Capstone for disassembling them
  • Allegro 5 for managing OpenGL and handling input
  • agui for a lightweight UI that didn’t involve distributing GTK/Qt/etc
  • base 64 code for platform independent encoding.

 

https://github.com/ncatlin/rgat/



Comments are closed.






© Torchsec  Privacy Policy Disclaimer  T&C



Back to Top ↑