drltrace for malware behavior analysis

Created by: mxmssh

I found that drltrace is a very useful tool for malware analysis. A trace of library calls is very important and may save a lot of time for malware analyst especially in cases of highly obfuscated malicious executables. However there are a lot of capabilities that would be great to add in drltrace, such as:

1. Printing symbolic values of input arguments and return values (in the same way like we did it in DrMemory's drstrace).
2. Printing id of current thread and return address in malware's memory.
3. Printing when malware performs execution of instructions stored in a dynamically allocated memory block.
4. It would be great to support tracing of injected code in a remote process's memory.

Right now, we have support of symbolic values printing using debug information in DrMemory's drstrace. However, only system calls tracing is not enough to break semantic gap and I'm planning to integrate drstrace functionality into drltrace (or vice versa?).

The question is what is a right way in terms of DynamoRIO/DrMemory architecture to do that ? Moreover, there is a note in drltrace about printing symbolic values "XXX i#1349: features to add:" which is not in our list of issues on github.