REVEN version 2.9 is packed with new features, with a focus on providing the users with more trace navigation and memory analysis handles in the Axion GUI.
Here are some highlights:
Memory Watchers in Axion GUI: The GUI now allows to create Memory Watchers, that will display the value of a range of memory at all times while browsing a REVEN scenario.
Markers of a transition's location in the trace: To make it easier to tell at a glance where a particular transition falls in the scenario, hovering a transition in any widget now displays its position in the time. Moreover, the transitions displayed in widgets now sport an icon indicating their position relative to the currently selected transition.
Debugger controls with step out and step over navigation in Axion GUI:
Step overbuttons and their corresponding shortcuts allow to quickly find the exit of a function, or to skip over a call in a single action. Due to REVEN's timeless nature, it is of course possible to step out/step over backward.
Step out and step over are also available in the Python API: The new methods
Transition.step_overbring this capability to the API where it can be used for automation. For example,
step_outallows to easily find the return value of a function you're in.
New sample scripts and notebooks:
detect_data_race.ipynb: demonstrates how to use the API to detect data races in programs whose synchronization would depend on critical sections.
threadsync.py: traces calls to Windows synchronization APIs such as
bk2bp.ipynb: demonstrates how to use the bookmark API to generate a report in HTML or markdown or to generate breakpoints that can be imported into WinDbg.
- All sample scripts can now be browsed in the documentation.
- High-level OS Specific Information (OSSI) has been enhanced:
- In Windows scenarios, REVEN now presents private symbols from PDBs, as well as symbols from PDB modules. Besides, the performance of PDB parsing has been improved by up to 400%, which translates in a shorter waiting time when loading transitions for the first time in the trace in Axion GUI or the Python API.
- In Linux scenarios, REVEN now loads symbols from debug binaries if available at the standard locations looked up by GDB (such as
- In Linux scenarios, the debug binaries are now extracted when replaying the Light Filesystem resource.
Analysis Python API
reven2.Trace.memory_accessesmethod now supports fetching memory accesses on the entire trace or on a range of transitions regardless of the address of the memory access. Concretely, this means that the
sizeparameters of this method are now optional.
- The Calltree view now displays bookmark icons next to entries corresponding to a bookmarked transition.
- Hexdump views can now be renamed so that their identification is easier during the analysis. To rename a Hexdump, right-click on it, then choose "rename".
- You can now select which Hexdump view is "active" by clicking the corresponding button in the widget. The active Hexdump is the one which is used when a new address is selected for display. If no Hexdump is active, selecting an address will display it in a new one.
- Shortcut management:
- Shortcut conflicts are now displayed in the shortcut editor.
- A modal dialog now warns user upon inputting a shortcut that is associated to multiple actions.
- Axion no longer saves or loads shortcuts that are the same as the default in the settings. This reduces the probability of a shortcut conflict when upgrading Axion.
- The taint now propagates correctly through the
- Compressed Linux kernel modules files were not copied during the light filesystem extraction of a scenario.
- Calltree view: The binary name for the root node of the calltree was sometimes mistakenly reported as
- Calltree view: The current transition display (red line) is now displayed at the correct location in the following situations:
- when the children of the last call node also have children nodes,
- when the calltree view has been "locked" by clicking the lock button.
- Closing Axion with a
SIGTERMsignal is now considered like a normal exit. This allows in particular to save Axion's settings when an Axion session is stopped from the Project Manager.
Analysis Python API
- Some calls to the
preview.project_managerAPI could spuriously fail with a
ConnectionError, especially when using a high-latency connection.
- Python dependencies of example scripts are now distributed along
reven2, which makes use of these scripts easier, especially in air-gapped networks.
Analysis Python API Compatibility Notes
Stack.backtracemethod and the
BackTraceclass have been deprecated and are scheduled for removal in version 2.10. Use
Stackinstance to display a backtrace.