Reversing Code Coverage Tool

From: xenophi1e (
Date: 11/14/03

  • Next message: Nicob: "Re: thttpd-2.24"
    Date: 13 Nov 2003 23:59:47 -0000
    ('binary' encoding is not supported, stored as-is)


    Does anyone know of a coverage tool that is useful for reverse engineering on Win32?

    I know there are a million profiling/code coverage tools out there. I've looked at a bunch, but I'm looking for something that suits a specific set of needs:

    - Does not require source (obviously)
    - Does not require binary modifications (or none that change addresses)
    - Records execution of any or all functions in a binary
    - Can record execution at arbitrary addresses I specify
    - Doesn't impact performance (at least not too much)
    - Can be used in conjunction with a debugger. (won't bugger things up by using breakpoints)

    I don't really want exhaustive coverage info or perty graphs, I want to be able to trace which functions are executing in an arbitrary binary with minimum effort. Ideally I'd like to be able to give something a dump of IDA (or similar) symbols, run the program, and see which ones execute in which sequence and in which threads.

    In other words, I'm f*$#!ing sick of using breakpoints and single stepping to try and figure out what parts of a binary are getting hit. Pen, paper and a debugger work for small sections of code, but become with very large binaries. There must be a better way.

    Does anyone know if something like this exists? Has someone found a better solution?


  • Next message: Nicob: "Re: thttpd-2.24"