After recording a scenario, you will need to replay it in order to generate data required by the features you will use during the analysis stage.
In the replay stage, you are presented with a list of available REVEN's features. Resources data needed for each feature are discoverable by clicking on the feature row. In some features, there are also actions available.
By default, everything is selected.
NOTE: Axion cannot be launched if no trace data is available.
Features match actual features available in Axion. For example, in order to visualize the Framebuffer in the Axion GUI, you will need to replay the Framebuffer feature during the replay stage.
Resources refer to the file(s) and data generated during the replay of a feature
in the replay stage. For example, the
Backtrace feature replay output comprises
the "Stack Events" resource. Stack events regroup every data needed to display
the backtrace in Axion.
Actions are steps related to a feature that do not produce a resource. As such, these actions can be repeated.
For example, a current action is the
Download light PDBs action, that allows to download external PDB. It can be useful to repeat this action if the symserver changes (e.g., contains new PDBs).
As such, an action is not necessarily mandatory to use a feature, but may improve the completeness of the feature (e.g., having more PDBs allows to resolve more symbols).
The features present in the replay stage of the Project Manager are listed below:
|Trace||Trace||Contains all the transitions occurring during a scenario.|
|Framebuffer||Metadata||Allows displaying the framebuffer for any transition in a scenario in Axion.|
|OSSI||Light Filesystem & Kernel Description||Contains all the information to retrieve the OS-specific information in the Trace.|
|Memory History||Memory History||Contains every read and write memory access in a Trace.|
|Strings||Strings||Contains strings dynamically built during a scenario.|
|Backtrace||Stack Events||Contains the active stack frames for any transition in a Trace.|
|Fast search||OSSI ranges & PC ranges||Provides indexes to speed up the Search feature.|
|Filters||OSSI ranges||Provides indexes to filter the trace.|
NOTE: Some features can be immutable. This means they cannot be generated or deleted (without deleting the scenario).
For example, in a
Snapshot-less scenario (e.g: imported scenario), the light filesystem resource is immutable, as we wouldn't be able to regenerate it, since light filesystem generation requires a snapshot.
Features and Resources can have the following statuses:
: Compatible, means the resource is up-to-date and can be used with the current REVEN version.
: Ready, means the resource is not versioned then can be used with the current REVEN version.
: Compatible but generated with a different REVEN version, means the resource is not up-to-date but can still be used with the current REVEN version. To make the resource up-to-date, you need to replay it, doing so you will benefit from bug fixes and minor updates.
: Not compatible, means the resource is not compatible with the current REVEN version because of a breaking change. The current REVEN server will not be able to read it. You will need to re-generate the resource to make the associated feature available again.
: Replay failed, means the resource is not available because a problem occurred during the replay. Please consult the replay logs and/or try to replay the resource again.
: Replaying, means the resource is being generated.
: Pending, means the resource generation is waiting for some system resources or a dependent data resource to be available.
: Not generated, means the resource is not generated yet.
: Deprecated, means the resource is deprecated and won't be used by REVEN anymore. You can delete it.
Actions can have the following statuses:
: Success, means the action was ran successfuly once and could be re-run.
: Failure, means the action encountered a problem during the execution. Please consult the replay logs and/or try to replay the action again.
: Running, means the action is being executed.
: Pending, means the action is waiting for some system resources or a dependent data resource to be available.
: Not ran, means the action wasn't ran at all.