Get a log of all the memory locations modified by a C program

Question

I need a log of all the memory locations a C program modifies during its execution. The problem is a bit more involved than watching a region of memory using gdb/valgrind, because I do not have the start or end addresses for the memory region. Basically, whenever and wherever the program does a memory update (in the form of a push, move to a memory operand, etc), I need that memory address as well as the value written at that address.

Does anyone have any suggestions or advice?

Thanks!

Answer 1

You can monitor memory stores, reads, contents of registers, etc. with Pin, a tool created by Intel. Here is a project from MIT that simulates a processor cache (instruction and/or data). Pin is used to create a detailed instruction trace, and the trace is then used as input to the cache simulator.

Answer 2

If you can run your program under an emulator you can instrument the emulator to record the data you want. You can find several X86 emulators listed on Wikipedia including Bochs and QEMU.

I can think of half a solution using mprotect() and a SIGSEGV handler: The protected memory will generate signals when you access it. If the handler records the address and re-enables access the faulting instruction will resume (and succeed). I don't see how you get the segment protected again, though.

You could write your own debugger (take a look at the ptrace() manual page, it's not that complicated) which exists only to PT_STEP its way through your program. You'd probably have to parse the instruction you paused on to determine if it's a memory access and then compute the effective address yourself (getting any necessary registers with PT_ GETREGS).