Watching memory

With the watch command you can get the value of the instruction pointer the moment after a memory address is read, written or executed.
You may pass the --read option to watch for reads, the --write option to watch for writes and the --execute option to watch for execution.
If you were to watch the memory address 1c09346 for reads and writes on the program whose PID is 12345, the command would look like this:

$ proctal watch --pid=12345 --read --write 1c09346

The command will print the value of the instruction pointer after detecting that the given memory address was accessed. Note that the instruction pointer may not actually be pointing at the instruction that accessed the memory address.
You can stop the command by sending it the SIGINT signal (^C on most terminals).
The --address-start option specifies where to start the --address-stop option specifies where to stop detecting accesses.
If you're seeing the same address get printed several times it might be helpful to use the --unique option that will make the command print an address only once.