Flag: Tornado!
Hurricane!
|
|
 Error: Authentication required to access requested resource.
Topic created on: by  .
Ilfak released a simple IDA coverage plugin that could be modified to your needs. The big problem with statically-driven binary-only code coverage tools is that if they incorrectly decide something is code (specifically, a function) when it's actually data, and set a software breakpoint on that "code": at best you get undefined behavior, at worst you get a crash. Code/data separation is undecidable in general.
A pure dynamic option might be something like a DynamoRIO extension.
|
|
are you looking for something that PaiMei cannot provide ?
|
Thanks for the tip Rolf. I remember that plugin, but I also remember that it was just a pure code coverage "one break per block" tool, and just like Ilfak says in the related blog entry (at: http://www.hexblog.com/2006/03/coverage_analyzer.html):
"Since we do not have 'real' breakpoints that have to be kept intact after firing, the logic becomes very simple (note that the most difficult part of breakpoint handling is resuming the program execution after it: you have to remove the breakpoint, single step, put the breakpoint back and resume the execution - and the debugged program can return something unexpected at any time, like an event from another thread or another exception)."
Thus, the needed modifications are most likely relatively big to accomplish the counting feature, which would require persistent breakpoints. :-/
And MohammadHosein, yes, this could of course most likely be _implemented_ with the help of PaiMei, just like it could be _implemented_ as e.g. an OllyDbg plugin or an IDA Pro plugin. This would require quite some work though, and in order not to have to invent the wheel again, I was hoping to find out that someone had already created such a tool, hence my question. Thanks for your reply anyway though!
|
|
If you're only interested in profiling select DLLs or the main executable then PaiMei's PStalker GUI tool should do it straight for you. Alternatively, some minor changes to the tracer_msr_branch.py pydbg script should get you exactly what you need.
|
Hey Pedram, does the pStalker GUI tool really include code block hit counters and the ability to sort code blocks based on those? I must have missed this completely in that case?
Thanks for the tip about the coding/patching possibilities too.
|
Note: Registration is required to post to the forums.
|
|
|
|
There are 28,220 total registered users.
|
|
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}