From Collaborative RCE Tool Library
Code Coverage Tools
For more info about the use of code coverage and profiler tools within the field of reverse engineering, see this.
| Tool name: | AQtime |
| ||
|---|---|---|---|---|
| Author: | AutomatedQA, Corp. | |||
| Website: | http://automatedqa.com/products/aqtime/index.asp | |||
| Current version: | 5.40 | |||
| Last updated: | January 11, 2008 | |||
| Direct D/L link: | N/A | |||
| License type: | Commercial (with demo) | |||
| Description: | This tool does reportedly not work at all without having the source code for the analyzed program, which sadly makes it relatively useless for reversing purposes. See the following for more info: http://www.woodmann.com/forum/showthread.php?t=11306 ----------------------------- AQtime is AutomatedQA's award-winning performance profiling and memory and resource debugging toolset for Microsoft, Borland, Intel, Compaq and GNU compilers. The latest version of AQtime, AQtime 5, includes dozens of productivity tools that help you easily isolate and eliminate all performance issues and memory/resource leaks within your code by generating comprehensive and detailed reports for your .NET and Windows applications. AQtime supports .NET 1.0, 1.1, 2.0, 3.0 applications and Windows 32- and 64-bit applications. AQtime is built with one key objective - to help you completely understand how your programs perform during execution. Using its integrated set of performance and debugging profilers, AQtime collects crucial performance and memory/resource allocation information at runtime and delivers it to you both in summarized and detailed forms, with all of the tools you need to begin the optimization process. This is all done without modifying the application's source code! | |||
| Also listed in: | Profiler Tools | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | CFSearch |
| ||
|---|---|---|---|---|
| Author: | Sirmabus | |||
| Website: | http://www.woodmann.com/forum/showthread.php?t=11306&page=2 | |||
| Current version: | 1.0A | |||
| Last updated: | February 15, 2008 | |||
| Direct D/L link: | N/A | |||
| License type: | Free | |||
| Description: | Extremely cool tracer tool that makes use of the "single step on branch", LBR ("last branch recording") features of current processors. Not released yet, but we're awaiting it with great anticipation! | |||
| Also listed in: | Tracers, Profiler Tools | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | Conditional Branch Logger |
| ||
|---|---|---|---|---|
| Author: | Blabberer / dELTA / Kayaker | |||
| Website: | N/A | |||
| Current version: | 1.0 | |||
| Last updated: | June13, 2007 | |||
| Direct D/L link: | Locally archived copy | |||
| License type: | Free / Open Source | |||
| Description: | Conditional Branch Logger is a plugin which gives control and logging capabilities for conditional branch instructions over the full user address space of a process. Useful for execution path analysis and finding differences in code flow as a result of changing inputs or conditions. It is also possible to log conditional jumps in system dlls before the Entry Point of the target is reached. Numerous options are available for fine tuning the logging ranges and manipulating breakpoints. | |||
| Also listed in: | OllyDbg Extensions, Profiler Tools, Tracers | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | CoverIt |
| ||
|---|---|---|---|---|
| Author: | Ilfak Guilfanov | |||
| Website: | http://www.hexblog.com/2006/03/coverage_analyzer.html | |||
| Current version: | 1.0 | |||
| Last updated: | March 27, 2006 | |||
| Direct D/L link: | Locally archived copy | |||
| License type: | Free / Open Source | |||
| Description: | A code coverage plugin for IDA Pro. It colors all executed instructions directly inside the IDA GUI, including any collapsed functions containing executed instructions. | |||
| Also listed in: | IDA Extensions | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | DevPartner Studio |
| ||
|---|---|---|---|---|
| Author: | Compuware | |||
| Website: | http://www.compuware.com/products/devpartner/studio.htm | |||
| Current version: | 8.2 | |||
| Last updated: | ||||
| Direct D/L link: | N/A | |||
| License type: | Commercial (with trial) | |||
| Description: | This tool does reportedly not work at all without having the source code for the analyzed program, which sadly makes it relatively useless for reversing purposes. See the following for more info: http://www.woodmann.com/forum/showthread.php?t=11306 ----------------------------- Performance Analysis: --------------------- DevPartner Studio performance analysis takes you where few profiling tools can go, to the individual line of source code to identify and analyze slow code and performance bottlenecks line by line. Using DevPartner Studio performance profiling, you can: * profile Visual C++, Visual Basic, .NET, C#, VBScript and JScript code from top to bottom * trace running applications and differentiate between application and operating system calls, all through an intuitive user interface * isolate performance bottlenecks in single and multi-tiered applications at machine, process, component or source line levels * receive recommendations and corrective actions from one key source—DevPartner Studio. Code Coverage Analysis: ----------------------- No more relying on relatively subjective reports to test code. DevPartner Studio Professional Edition code coverage analysis tells you how much code was tested, how well it tested and what was never tested at all. You get the answers you need to focus testing where it's needed most, whether it's code check-in, unit testing, integration testing or final release. To zero-in on untested code for you, DevPartner Studio: * captures and combines testing sessions for applications, components and web pages * traces both .NET and native code across users, languages and application tiers * pinpoints the portions of an application left unexecuted during one or more tests * merges sessions to present a clear picture of testing progress over time. | |||
| Also listed in: | Profiler Tools | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | HBGary Inspector |
| ||
|---|---|---|---|---|
| Author: | HBGary | |||
| Website: | http://www.hbgary.com/inspector_v2.shtml | |||
| Current version: | 2.0 | |||
| Last updated: | ||||
| Direct D/L link: | N/A | |||
| License type: | Commercial | |||
| Description: | HBGary Inspector speeds team reverse engineering of software binaries. Inspector integrates dynamic runtime tracing with dataflow and static code analysis. Captured test data is recorded in a team-member shared database for further analysis with automated scripts and interactive graphing. Packed, obfuscated, and self-modifying malware binaries resist static disassembly. Anti-debugging tricks hinder runtime analysis. However, malware must unpack and de-obfuscate itself to execute. Inspector defeats many anti-debugging tricks and recovers true program instructions and live memory evidence as malware operates. Dynamic analysis provides accurate information about malware behavior. HBGary Inspector can trace data buffers and packets as they propagate in memory, saving countless hours and days of work for the Reverse Engineer. Complex control flow paths are mapped with interactive navigation graphs. Runtime code coverage is indicated and measured. Inspector is extensible with an exposed application program interface (API) and a powerful scripting system for analysis automation. | |||
| Also listed in: | Tracers, Memory Data Tracing Tools | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | Process Stalker |
| ||
|---|---|---|---|---|
| Author: | Pedram Amini | |||
| Website: | http://www.openrce.org/downloads/details/171 | |||
| Current version: | 1.1 | |||
| Last updated: | July 13, 2005 | |||
| Direct D/L link: | Locally archived copy | |||
| License type: | Free / Open Source | |||
| Description: | Process Stalking is a term coined to describe the combined process of run-time profiling, state mapping and tracing. Consisting of a series of tools and scripts the goal of a successful stalk is to provide the reverse engineer with an intuitive visual interface to filtered, meaningful, run-time block-level trace data. The Process Stalker suite is broken into three main components; an IDA Pro plug-in, a stand alone tracing tool and a series of Python scripts for instrumenting intermediary and GML graph files. The generated GML graph definitions were designed for usage with a freely available interactive graph visualization tool. Data instrumentation is accomplished through a series of Python utilities built on top of a fully documented custom API. Binaries, source code and in-depth documentation are available in the bundled archive. An indepth article was written and released on OpenRCE.org detailing step by step usage of Process Stalker, the article is a good starting point for understanding the basics behind the tool set. Manual: http://pedram.redhive.com/process_stalking_manual/ API docs: http://pedram.redhive.com/process_stalking_manual/ps_api_docs/ | |||
| Also listed in: | Tracers | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | Profile Coverage Tool |
| ||
|---|---|---|---|---|
| Author: | Rolf Rolles | |||
| Website: | http://www.woodmann.com/forum/showthread.php?t=11325 | |||
| Current version: | 1.0 | |||
| Last updated: | February 17, 2008 | |||
| Direct D/L link: | Locally archived copy | |||
| License type: | Free / Open Source | |||
| Description: | A DynamoRIO extension for binary code coverage and profiling. It works on a function-level (although block-level support could be added easily -- the source weighs in at a measly 70 lines in 2kb, so if you want some other feature, just code it), and it can either be a profiler or a code coverage analyzer. All it does is instrument the code such that each call instruction, direct or indirect, will write its source and target addresses into a file. This data can then be used for either profiling or code coverage purposes: simply discard all of the duplicates for the latter, and use the data as-is for the former. This is just the back-end, but I imagine that this could be easily integrated into PaiMei's front end to provide an industrial-grade coverage and profiling tool. Strengths of DynamoRIO: * speed (you might not even notice the slowdown); * stability (there used to be a commercial security product based on this technology -- it is literally industrial grade); * trivial to code extensions for (70 lines, 2kb for this simple yet powerful extension). Weaknesses: * definitely won't work with self-modifying code * probably won't work with obfuscated or "self-protecting" code (there's particularly a problem with so-called "pc-relative" addressing, such as call $ / pop ebp). Studious readers may note that automatic indirect call resolution is exceptionally useful for C++ reverse engineering; comment out the direct call resolution, recompile, write a quick IDC script to add the x-refs to the disassembly listing, and you've got a killer C++ RE tool. Credit goes to spoonm for having and implementing this idea initially. | |||
| Also listed in: | Profiler Tools | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
| Tool name: | PurifyPlus |
| ||
|---|---|---|---|---|
| Author: | IBM / Rational | |||
| Website: | http://www-306.ibm.com/software/awdtools/purifyplus/win/ | |||
| Current version: | 7.0 | |||
| Last updated: | ||||
| Direct D/L link: | N/A | |||
| License type: | Commercial (with demo) | |||
| Description: | This tool does reportedly not work without having debug information (pdb, dbg, or map) or the source code for the analyzed program. A map file can be produced by e.g. IDA Pro though, so it could still be useful for reversing purposes. See the following for more info: http://www.woodmann.com/forum/showthread.php?t=11306 ----------------------------- Rational® PurifyPlus for Windows® is an automated runtime analysis tools for Windows-based application performance. Software Test and Performance 2006 Testers Choice Awards Automated runtime analysis tools to improve Windows-based application reliability and performance. Designed for Java, Visual C/C++, C#, VB.NET, and Visual Basic applications. * Provides a complete set of automated runtime analysis tools * Includes memory corruption detection, memory leak detection, application performance profiling and code coverage analysis * Is designed for Java, Visual C/C++, C#, VB.NET and Visual Basic applications | |||
| Also listed in: | Profiler Tools | |||
| More details: | Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry) | |||
Feed containing all updates and additions for this category.
Feed containing all updates and additions for this category, including sub-categories.
