From Collaborative RCE Tool Library

Jump to: navigation, search

Code Coverage Tools

For more info about the use of code coverage and profiler tools within the field of reverse engineering, see this.


Tool name: AQtime
Rating: 5.0 (1 vote)
Author: AutomatedQA, Corp.                        
Website: http://automatedqa.com/products/aqtime/index.asp
Current version: 5.40
Last updated: January 11, 2008
Direct D/L link: N/A
License type: Commercial (with demo)
Description: This tool does reportedly not work at all without having the source code for the analyzed program, which sadly makes it relatively useless for reversing purposes.

See the following for more info:
http://www.woodmann.com/forum/showthread.php?t=11306

-----------------------------
AQtime is AutomatedQA's award-winning performance profiling and memory and resource debugging toolset for Microsoft, Borland, Intel, Compaq and GNU compilers.

The latest version of AQtime, AQtime 5, includes dozens of productivity tools that help you easily isolate and eliminate all performance issues and memory/resource leaks within your code by generating comprehensive and detailed reports for your .NET and Windows applications. AQtime supports .NET 1.0, 1.1, 2.0, 3.0 applications and Windows 32- and 64-bit applications.

AQtime is built with one key objective - to help you completely understand how your programs perform during execution. Using its integrated set of performance and debugging profilers, AQtime collects crucial performance and memory/resource allocation information at runtime and delivers it to you both in summarized and detailed forms, with all of the tools you need to begin the optimization process. This is all done without modifying the application's source code!
Also listed in: Profiler Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Memory Hacking Software
Rating: 5.0 (2 votes)
Author: L. Spiro                        
Website: http://www.memoryhacking.com
Current version: 6.1
Last updated: December 5, 2009
Direct D/L link: http://memoryhacking.com/MemHack/MHS6.1.rar
License type: Free
Description: Highly advanced software for memory search/analysis and trainer creation. Recommended!

MHS 6.1 (bundle):
Bundle includes MHS.exe, MHS Help.chm, zlib1.dll, and ChangeLog.txt.


Features:
* Fastest Searching
-- Data-Type Search
-- Pointer Search
-- String Search (ASCII, Unicode, Hex Bytes, Wildcard, Regular Expressions)
-- Group Search (Includes Pattern Matching)
-- Expression Search (Extremely Flexible)
-- Script Search (The Ultimate in Custom Searching)

* Debugger
-- Very Stable
-- Customizable Breakpoints

* Disassembler

* Code Filter
-- Easiest Way to Find Functions

* Auto-Hack

* Auto-Assembler
-- 90% Same Language/Syntax as in Cheat Engine

* DLL Injector
-- Injects any DLL into the Target Process
-- Uninject Later, Automatically or Manually
-- Remotely Call ANY Functions in the Injected DLL(s), Regardless of Calling Convention, Return Type, or Number of Parameters

* Integrated Script Language
-- IDE/Compiler Built-In
-- Syntax Matches C; No Learning Curve
-- Compiled for Fast Execution
-- Full API
-- Includes Features Specially for Hacking

* Real-Time Hex Editor
-- Fully Featured Real-Time Hex Editor for Both RAM and Files
-- Allows Browsing of Kernel RAM

* Kernel Driver
-- Allows Bypassing Anti-Cheat Systems
-- Allows Reading/Writing of Kernel RAM

* Converter

* RAM Watcher

* Memory Allocator
-- Allocates Memory in the Target Process
Also listed in: Memory Data Tracing Tools, Memory Search Tools, Trainer Generators
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: CFSearch
Rating: 0.0 (0 votes)
Author: Sirmabus                        
Website: http://www.woodmann.com/forum/showthread.php?t=11306&page=2
Current version: 1.0A
Last updated: February 15, 2008
Direct D/L link: N/A
License type: Free
Description: Extremely cool tracer tool that makes use of the "single step on branch", LBR ("last branch recording") features of current processors.

Not released yet, but we're awaiting it with great anticipation!
Also listed in: Tracers, Profiler Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Conditional Branch Logger
Rating: 0.0 (0 votes)
Author: Blabberer / dELTA / Kayaker                        
Website: N/A
Current version: 1.0
Last updated: June 13, 2007
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Conditional Branch Logger is a plugin which gives control and logging capabilities for conditional branch instructions over the full user address space of a process. Useful for execution path analysis and finding differences in code flow as a result of changing inputs or conditions. It is also possible to log conditional jumps in system dlls before the Entry Point of the target is reached. Numerous options are available for fine tuning the logging ranges and manipulating breakpoints.
Also listed in: OllyDbg Extensions, Profiler Tools, Tracers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: CoverIt
Rating: 0.0 (0 votes)
Author: Ilfak Guilfanov                        
Website: http://www.hexblog.com/2006/03/coverage_analyzer.html
Current version: 1.0
Last updated: March 27, 2006
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: A code coverage plugin for IDA Pro. It colors all executed instructions directly inside the IDA GUI, including any collapsed functions containing executed instructions.
Also listed in: IDA Extensions
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: DevPartner Studio
Rating: 2.0 (1 vote)
Author: Compuware                        
Website: http://www.compuware.com/products/devpartner/studio.htm
Current version: 8.2
Last updated:
Direct D/L link: N/A
License type: Commercial (with trial)
Description: This tool does reportedly not work at all without having the source code for the analyzed program, which sadly makes it relatively useless for reversing purposes.

See the following for more info:
http://www.woodmann.com/forum/showthread.php?t=11306

-----------------------------

Performance Analysis:
---------------------

DevPartner Studio performance analysis takes you where few profiling tools can go, to the individual line of source code to identify and analyze slow code and performance bottlenecks line by line. Using DevPartner Studio performance profiling, you can:

* profile Visual C++, Visual Basic, .NET, C#, VBScript and JScript code from top to bottom
* trace running applications and differentiate between application and operating system calls, all through an intuitive user interface
* isolate performance bottlenecks in single and multi-tiered applications at machine, process, component or source line levels
* receive recommendations and corrective actions from one key source—DevPartner Studio.


Code Coverage Analysis:
-----------------------

No more relying on relatively subjective reports to test code. DevPartner Studio Professional Edition code coverage analysis tells you how much code was tested, how well it tested and what was never tested at all. You get the answers you need to focus testing where it's needed most, whether it's code check-in, unit testing, integration testing or final release. To zero-in on untested code for you, DevPartner Studio:

* captures and combines testing sessions for applications, components and web pages
* traces both .NET and native code across users, languages and application tiers
* pinpoints the portions of an application left unexecuted during one or more tests
* merges sessions to present a clear picture of testing progress over time.
Also listed in: Profiler Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: DynamoRIO
Rating: 0.0 (0 votes)
Author: Hewlett-Packard Laboratories & MIT & Derek Bruening                        
Website: http://dynamorio.org
Current version: 6.0.0.6
Last updated: October 6, 2015
Direct D/L link: https://github.com/DynamoRIO/dynamorio/releases/download/release_6_0_0/DynamoRIO-Windows-6.0.0-6.zip
License type: Free and open source (BSD-type license)
Description: DynamoRIO is a runtime code manipulation system that supports code transformations on any part of a program, while it executes. DynamoRIO exports an interface for building dynamic tools for a wide variety of uses: program analysis and understanding, profiling, instrumentation, optimization, translation, etc. Unlike many dynamic tool systems, DynamoRIO is not limited to insertion of callouts/trampolines and allows arbitrary modifications to application instructions via a powerful IA-32/AMD64 instruction manipulation library. DynamoRIO provides efficient, transparent, and comprehensive manipulation of unmodified applications running on stock operating systems (Windows or Linux) and commodity IA-32 and AMD64 hardware.
DynamoRIO's powerful API abstracts away the details of the underlying infrastructure and allows the tool builder to concentrate on analyzing or modifying the application's runtime code stream. API documentation is included in the release package and can also be browsed online.

Previous description:

The DynamoRIO Collaboration - Dynamo from Hewlett-Packard Laboratories + RIO (Runtime Introspection and Optimization) from MIT's Laboratory for Computer Science.

The DynamoRIO dynamic code modification system, joint work between Hewlett-Packard and MIT, is being released as a binary package with an interface for both dynamic instrumentation and optimization. The system is based on Dynamo from Hewlett-Packard Laboratories. It operates on unmodified native binaries and requires no special hardware or operating system support. It is implemented for both IA-32 Windows and Linux, and is capable of running large desktop applications.

The system's release was announced at a PLDI tutorial on June 16, 2002, titled "On the Run - Building Dynamic Program Modifiers for Optimization, Introspection and Security." Here is the tutorial abstract:

In the new world of software, which heavily utilizes dynamic class loading, DLLs and interconnected components, the power and reach of static analysis is diminishing. An exciting new paradigm of dynamic program optimization, improving the performance of a program while it is being executed, is emerging. In this tutorial, we will describe intricacies of building a dynamic optimizer, explore novel application areas such as program introspection and security, and provide details of building your own dynamic code modifier using DynamoRIO. DynamoRIO, a joint development between HP Labs and MIT, is a powerful dynamic code modification infrastructure capable of running existing binaries such as Microsoft Office Suite. It runs on both Windows and Linux environments. We are offering a free release of DynamoRIO for non-commercial use. A copy of the DynamoRIO release, which includes the binary and a powerful API, will be provided to the attendees.
Also listed in: Code Injection Tools, Debugger Libraries, Disassembler Libraries, Profiler Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: HBGary Inspector
Rating: 0.0 (0 votes)
Author: HBGary                        
Website: http://www.hbgary.com/inspector_v2.shtml
Current version: 2.0
Last updated:
Direct D/L link: N/A
License type: Commercial
Description: HBGary Inspector speeds team reverse engineering of software binaries. Inspector integrates dynamic runtime tracing with dataflow and static code analysis. Captured test data is recorded in a team-member shared database for further analysis with automated scripts and interactive graphing.

Packed, obfuscated, and self-modifying malware binaries resist static disassembly. Anti-debugging tricks hinder runtime analysis. However, malware must unpack and de-obfuscate itself to execute. Inspector defeats many anti-debugging tricks and recovers true program instructions and live memory evidence as malware operates. Dynamic analysis provides accurate information about malware behavior.

HBGary Inspector can trace data buffers and packets as they propagate in memory, saving countless hours and days of work for the Reverse Engineer. Complex control flow paths are mapped with interactive navigation graphs. Runtime code coverage is indicated and measured. Inspector is extensible with an exposed application program interface (API) and a powerful scripting system for analysis automation.
Also listed in: Tracers, Memory Data Tracing Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Hotch
Rating: 0.0 (0 votes)
Author: sp                        
Website: http://www.the-interweb.com/serendipity/index.php?/archives/108-Hotch-1.0.0.html
Current version: 1.0.0
Last updated: July 10, 2008
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Hotch - named after everyone's favourite TV profiler - is an IDA plugin that can be used to profile binary files. It sets breakpoints on all basic blocks of a program, records breakpoints hits and tries to figure out statistics from these hits. Click here to seen an example of a simple profiling session (starting Notepad and exiting Notepad again). Click here to see a huge 6.5 MB results file that shows a larger profiling session (loading a file in Notepad and playing around in it).

Random Notes:

* "This is really slow for larger files". Yeah, it is really slow in IDA up to 5.2 but Ilfak fixed some things in IDA 5.3 and it works acceptably fast now. So patience, young padawan.
* "The timing results don't really make sense". Yeah, I know. Since I execute a callback function after each breakpoint hit tight loops take disproportionally much time. For anything but tight loops the timing results should kinda work, at least relative to each other of course.
* Ignore the source file libida.hpp, it's an early version of my experimental-at-best C++ wrapper library for the IDA SDK.
* I take feature requests for Hotch.
Also listed in: IDA Extensions, Profiler Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: iaca
Rating: 0.0 (0 votes)
Author: intel                        
Website: http://software.intel.com/en-us/articles/intel-architecture-code-analyzer/
Current version: 1.02
Last updated: July 28, 2009
Direct D/L link: http://software.intel.com/en-us/articles/intel-architecture-code-analyzer-download
License type: iono
Description: Nice code coverage tool by intel

designed for core 2 duo machines AVX and should be compatible with other Windows XP hardware configurations.

as far as I can tell this is not a commericial tool and is easily accessible to the public :D
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Process Stalker
Rating: 0.0 (0 votes)
Author: Pedram Amini                        
Website: http://www.openrce.org/downloads/details/171
Current version: 1.1
Last updated: July 13, 2005
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Process Stalking is a term coined to describe the combined process of run-time profiling, state mapping and tracing. Consisting of a series of tools and scripts the goal of a successful stalk is to provide the reverse engineer with an intuitive visual interface to filtered, meaningful, run-time block-level trace data.

The Process Stalker suite is broken into three main components; an IDA Pro plug-in, a stand alone tracing tool and a series of Python scripts for instrumenting intermediary and GML graph files. The generated GML graph definitions were designed for usage with a freely available interactive graph visualization tool.

Data instrumentation is accomplished through a series of Python utilities built on top of a fully documented custom API. Binaries, source code and in-depth documentation are available in the bundled archive. An indepth article was written and released on OpenRCE.org detailing step by step usage of Process Stalker, the article is a good starting point for understanding the basics behind the tool set.

Manual:
http://pedram.redhive.com/process_stalking_manual/

API docs:
http://pedram.redhive.com/process_stalking_manual/ps_api_docs/
Also listed in: Tracers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Profile Coverage Tool
Rating: 0.0 (0 votes)
Author: Rolf Rolles                        
Website: http://www.woodmann.com/forum/showthread.php?t=11325
Current version: 1.0
Last updated: February 17, 2008
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: A DynamoRIO extension for binary code coverage and profiling. It works on a function-level (although block-level support could be added easily -- the source weighs in at a measly 70 lines in 2kb, so if you want some other feature, just code it), and it can either be a profiler or a code coverage analyzer. All it does is instrument the code such that each call instruction, direct or indirect, will write its source and target addresses into a file. This data can then be used for either profiling or code coverage purposes: simply discard all of the duplicates for the latter, and use the data as-is for the former. This is just the back-end, but I imagine that this could be easily integrated into PaiMei's front end to provide an industrial-grade coverage and profiling tool.

Strengths of DynamoRIO:
* speed (you might not even notice the slowdown);
* stability (there used to be a commercial security product based on this technology -- it is literally industrial grade);
* trivial to code extensions for (70 lines, 2kb for this simple yet powerful extension).

Weaknesses:
* definitely won't work with self-modifying code
* probably won't work with obfuscated or "self-protecting" code (there's particularly a problem with so-called "pc-relative" addressing, such as call $ / pop ebp).

Studious readers may note that automatic indirect call resolution is exceptionally useful for C++ reverse engineering; comment out the direct call resolution, recompile, write a quick IDC script to add the x-refs to the disassembly listing, and you've got a killer C++ RE tool. Credit goes to spoonm for having and implementing this idea initially.
Also listed in: Profiler Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: PurifyPlus
Rating: 3.0 (1 vote)
Author: IBM / Rational                        
Website: http://www-306.ibm.com/software/awdtools/purifyplus/win/
Current version: 7.0
Last updated:
Direct D/L link: N/A
License type: Commercial (with demo)
Description: This tool does reportedly not work without having debug information (pdb, dbg, or map) or the source code for the analyzed program. A map file can be produced by e.g. IDA Pro though, so it could still be useful for reversing purposes.

See the following for more info:
http://www.woodmann.com/forum/showthread.php?t=11306

-----------------------------

Rational® PurifyPlus for Windows® is an automated runtime analysis tools for Windows-based application performance.
Software Test and Performance 2006 Testers Choice Awards

Automated runtime analysis tools to improve Windows-based application reliability and performance. Designed for Java, Visual C/C++, C#, VB.NET, and Visual Basic applications.

* Provides a complete set of automated runtime analysis tools
* Includes memory corruption detection, memory leak detection, application performance profiling and code coverage analysis
* Is designed for Java, Visual C/C++, C#, VB.NET and Visual Basic applications
Also listed in: Profiler Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)


RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.





Views
Category Navigation Tree
   Needs New Category  (3)