Good news everyone! I'm very happy to announce that SemTrax is now available*. For all the details see semtrax.io, but in short: SemTrax adds dynamic taint analysis to your debugger, and by doing so it can make things like crash analysis, bug hunting, reverse engineering and plain old debugging, much easier. Built on our custom program analysis technology and integrated with the IDA static analysis platform, SemTrax can greatly increase your productivity when analysing complex software.
Over at semtrax.io there are a number of resources which should give you a feel for what SemTrax is capable of, including:
- The blog posts A Brief Overview of SemTrax's Architecture and Crash Triage with SemTrax (CVE-2014-2525)
- The user manual, in particular the section on Understanding dataflow with SemTrax.
- The FAQ which, among other things, outlines the types of targets that SemTrax is currently suited for.
If you'd like to purchase a licence for SemTrax then check out semtrax.io/buy for licence options and pricing information. We're offering 15% off the listed prices for this version as a "Thanks!" to our early customers.
One thing not addressed in the above is "What's next for SemTrax?". On that topic: one of our highest priorities is naturally x64 support, which should make it into the next release. We're also planning to overhaul the instrumentation process used to gather data for SemTrax to analyse, with the aim of decreasing the performance overhead on the target application. GDB support (as an alternative to IDA's debugger) is also on our to-do list. Of course we're always open to feature suggestions so if there's anything you'd like to see in SemTrax then drop us a mail!
- Sean (@seanhn)
* For the past 3 months, SemTrax has been available to our mailing list subscribers and I'd like to thank those early customers for their support. Prior to this we spent several months in beta testing and I'd also like to thank everyone that participated in that. Without both groups SemTrax would not have been possible.