Reversing Code Coverage Tool
From: xenophi1e (oliver.lavery_at_sympatico.ca)
Date: 13 Nov 2003 23:59:47 -0000 To: email@example.com('binary' encoding is not supported, stored as-is)
Does anyone know of a coverage tool that is useful for reverse engineering on Win32?
I know there are a million profiling/code coverage tools out there. I've looked at a bunch, but I'm looking for something that suits a specific set of needs:
- Does not require source (obviously)
- Does not require binary modifications (or none that change addresses)
- Records execution of any or all functions in a binary
- Can record execution at arbitrary addresses I specify
- Doesn't impact performance (at least not too much)
- Can be used in conjunction with a debugger. (won't bugger things up by using breakpoints)
I don't really want exhaustive coverage info or perty graphs, I want to be able to trace which functions are executing in an arbitrary binary with minimum effort. Ideally I'd like to be able to give something a dump of IDA (or similar) symbols, run the program, and see which ones execute in which sequence and in which threads.
In other words, I'm f*$#!ing sick of using breakpoints and single stepping to try and figure out what parts of a binary are getting hit. Pen, paper and a debugger work for small sections of code, but become with very large binaries. There must be a better way.
Does anyone know if something like this exists? Has someone found a better solution?