Tracks runtime instruction execution in programs
- Supported: ELF 32 and 64 bit (little-endian).
- Requirements: libudis86 (https://github.com/vmt/udis86)
Author: Felipe Pena (felipensp at gmail dot com)
itrace [options]
-c, --command Program to be started and traced
-C, --comments Show comments after disassembled instruction
-h, --help Show this help
-i, --ignore-libs Disable tracing of libraries segments
-I, --show-count Show the number of instructions executed
-m, --maps Show the maps file after execution
-n, --max-inst Max number of instruction to trace
-o, --offset Address to start tracing
-p, --pid Attach to supplied pid
-q, --quiet Do not show default output
-r, --show-regs Dump registers on each instruction
-s, --show-stack Dump part of stack from top on each instruction
-S, --syntax Choose the syntax to be used on disassemble
-v, --version Show the version
$ ./itrace -o 0x400584 -C -c ../overflow1 CBBBBBBBBAAAAAAAA
[+] Starting and tracing `../overflow1'
Arg[0]: ../overflow1
Arg[1]: CBBBBBBBBAAAAAAAA
0x400584: b800000000 mov $0x0, %eax
0x400589: c9 leave
0x40058a: c3 ret # 0x4141414141414141
[!] Program exited with status 11