Offline magic-trace viewer possible? #199
-
|
I want to use magic-trace to support dynamic malware analysis but the dynamic analysis environment is, by design, completely isolated from the Internet and other systems. As far as I understand it this would mean that I am unable to view any collected traces because I do not have access to magic-trace.org? Is there any way of making the magic-trace viewer available for offline usage? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
|
Sure thing, check out the wiki: https://github.com/janestreet/magic-trace/wiki/Setting-up-a-local-copy-of-the-UI |
Beta Was this translation helpful? Give feedback.
-
|
I would be surprised if magic-trace is very useful for malware analysis, it relies on having debug symbols. I suppose you could see the syscalls and kernel activity that the malware uses, but strace is probably better at that than magic-trace. |
Beta Was this translation helpful? Give feedback.
-
|
ah, fair point - had assumed magic-trace might be better with the syscalls & kernel-side than strace ... though you might be surprised how much malware gets out there with symbol information still in there ;-) |
Beta Was this translation helpful? Give feedback.
Sure thing, check out the wiki: https://github.com/janestreet/magic-trace/wiki/Setting-up-a-local-copy-of-the-UI