A Linux x86/x86-64 tool to trace registers and memory regions.

1. Clone the repository.
2. Compile the tool with make. Use make doc if you want to generate the Doxygen documentation.
3. Add the generated bin directory to your path using PATH=$PATH:~/path/to/the/repo/bin.

helltracer binary [-param value] [--flag]

entry -> Specifies the program entry point. e.g: 'entry 0x401000'
start -> Specifies the program start address for tracing. e.g: 'entry 0x4010f0'
end -> Specifies the program end address for tracing. e.g: 'entry 0x40115e'
mem -> Turns on tracing of the specified memory range. e.g: 'mem ascii=[[rbp-0x40]:4]', 'mem ascii=[@0x40200f:15]', 'mem [rsi]'
args -> Specifies the arguments to be passed to the traced binary. e.g: 'args "./name.bin hello world"'
output -> Specifies the output file (.csv). e.g: 'output out.csv'

help -> Displays the help message.
reg_name -> Turns on tracing of register reg_name. e.g: 'rip', 'rcx', 'rsp', 'all'

The following command will write to ./out.csv, the content of the rip register in hexadecimal and of memory region starting at 0x40200F and of size 11 in ASCII and memory region starting at RSI of size 5 in ASCII, during the execution of the binary ./example.bin with program arguments "./example.bin username password" when rip is contained between 0x400000 and 0x500000, with entry point defined at 0x4011a0.
sudo helltracer ./example.bin -output ./out.csv -args "./example.bin username password" -entry 0x4011a0 -start 0x400000 -end 0x500000 --rip -mem ascii=[@0x40200f:11] -mem ascii=[rsi:5]

Here is the beginning of the resulting CSV file :