From Collaborative RCE Tool Library

Jump to: navigation, search

Profiler Tools

For more info about the use of code coverage and profiler tools within the field of reverse engineering, see this.


Tool name: AQtime
Rating: 5.0 (1 vote)
Author: AutomatedQA, Corp.                        
Website: http://automatedqa.com/products/aqtime/index.asp
Current version: 5.40
Last updated: January 11, 2008
Direct D/L link: N/A
License type: Commercial (with demo)
Description: This tool does reportedly not work at all without having the source code for the analyzed program, which sadly makes it relatively useless for reversing purposes.

See the following for more info:
http://www.woodmann.com/forum/showthread.php?t=11306

-----------------------------
AQtime is AutomatedQA's award-winning performance profiling and memory and resource debugging toolset for Microsoft, Borland, Intel, Compaq and GNU compilers.

The latest version of AQtime, AQtime 5, includes dozens of productivity tools that help you easily isolate and eliminate all performance issues and memory/resource leaks within your code by generating comprehensive and detailed reports for your .NET and Windows applications. AQtime supports .NET 1.0, 1.1, 2.0, 3.0 applications and Windows 32- and 64-bit applications.

AQtime is built with one key objective - to help you completely understand how your programs perform during execution. Using its integrated set of performance and debugging profilers, AQtime collects crucial performance and memory/resource allocation information at runtime and delivers it to you both in summarized and detailed forms, with all of the tools you need to begin the optimization process. This is all done without modifying the application's source code!
Also listed in: Code Coverage Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: CodeAnalyst Performance Analyzer
Rating: 5.0 (1 vote)
Author: AMD                        
Website: http://developer.amd.com/cpu/codeanalyst/codeanalystwindows/Pages/default.aspx
Current version: 2.94
Last updated: July 18, 2009
Direct D/L link: http://developer.amd.com/Downloads/CodeAnalyst_Public_2.94.718.0439.exe
License type: Free
Description: This tool works without having any source code or debug information for the analyzed program, which makes it very good for reversing purposes.

See the following for more info:
http://www.woodmann.com/forum/showthread.php?t=11306

-----------------------------
The AMD CodeAnalyst Performance Analyzer is a suite of powerful tools that analyzes software performance on AMD microprocessors. These tools are designed to support Microsoft® Windows XP®, Windows 2003 and Vista® distribution on x86 and AMD64 architectures. Although most users will choose the Graphical User Interface, the profiler is also offered as a command line utility to facilitate the use in batch files.

* System-Wide Profiling : CodeAnalyst is designed to profile the performance of binary modules, including user mode application modules and kernel mode driver modules. Timer-Based Profiling and Event-Based Profiling collect data from multiple processors in a multi-processor system.

* Timer-Based Profiling (TBP) :
o The application to be optimized is run at full speed on the system that is running CodeAnalyst. EIP samples are collected at predetermined intervals and can be used to identify possible bottlenecks, execution penalties, or optimization opportunities.
o On APIC enabled systems, the finest time resolution is 0.1ms and 1.0ms non-APIC enabled systems.

* Event-Based Profiling (EBP) : CodeAnalyst EBP is designed to profile the hardware performance events on AMD Athlon™, AMD Athlon™ XP, AMD Opteron™, AMD Athlon™ 64 and AMD “Barcelona” (AMD Family 10h). With event multiplexing technique, CodeAnalyst EBP is able to profile more than 4 events simultaneously.

* Instruction-Based Sampling (IBS) : Instruction-based Sampling is a new performance measurement technique supported by AMD Barcelona (Family 10h) processors. IBS has these advantages:
o IBS precisely associates hardware event information with the instructions that cause the events. A data cache miss, for example, is associated with the AMD64 instruction performing the memory read or write operation that caused the miss.
o IBS collects a wide range of hardware event information in a single measurement run.
o IBS collects new information such as retire delay and data cache miss latency.

* Call Stack Sampling (CSS) : Combining with TBP or EBP, Call Stack Sampling is able to collect data on caller-callee relationship on the hotspots.

* Pipeline Simulation : Used during the second stage of an optimization effort to find the causes of bottlenecks. During simulation, application execution is first traced, and then simulated on a selected target processor. The detailed data on the execution of each instruction takes into account the previous instructions executed and the state of the processor caches. Simulation only supports single processor execution.

Pipeline Simulation supports the simulation of 32-bit code on:
o AMD Athlon™ XP processor
o AMD Opteron™ processor
o AMD Athlon™ 64 processor

Pipeline Simulation also supports the simulation of 64-bit code on:
o AMD Opteron™ processor
o AMD Athlon™ 64 processor

* Thread Profile : CodeAnalyst thread profiling views show the thread chart and non-local memory access.

* Post Process : CodeAnalyst shows sample distribution without module debug information.
o Interpret performance measurements rather than display raw performance data
o Flexible view configuration and management

---------------
This tool reportedly only works for AMD processors, while its Intel counterpart is the VTune Performance Analyzer.
Also listed in: (Not listed in any other category)
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: CFSearch
Rating: 0.0 (0 votes)
Author: Sirmabus                        
Website: http://www.woodmann.com/forum/showthread.php?t=11306&page=2
Current version: 1.0A
Last updated: February 15, 2008
Direct D/L link: N/A
License type: Free
Description: Extremely cool tracer tool that makes use of the "single step on branch", LBR ("last branch recording") features of current processors.

Not released yet, but we're awaiting it with great anticipation!
Also listed in: Tracers, Code Coverage Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Conditional Branch Logger
Rating: 0.0 (0 votes)
Author: Blabberer / dELTA / Kayaker                        
Website: N/A
Current version: 1.0
Last updated: June 13, 2007
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Conditional Branch Logger is a plugin which gives control and logging capabilities for conditional branch instructions over the full user address space of a process. Useful for execution path analysis and finding differences in code flow as a result of changing inputs or conditions. It is also possible to log conditional jumps in system dlls before the Entry Point of the target is reached. Numerous options are available for fine tuning the logging ranges and manipulating breakpoints.
Also listed in: Code Coverage Tools, OllyDbg Extensions, Tracers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: DevPartner Studio
Rating: 2.0 (1 vote)
Author: Compuware                        
Website: http://www.compuware.com/products/devpartner/studio.htm
Current version: 8.2
Last updated:
Direct D/L link: N/A
License type: Commercial (with trial)
Description: This tool does reportedly not work at all without having the source code for the analyzed program, which sadly makes it relatively useless for reversing purposes.

See the following for more info:
http://www.woodmann.com/forum/showthread.php?t=11306

-----------------------------

Performance Analysis:
---------------------

DevPartner Studio performance analysis takes you where few profiling tools can go, to the individual line of source code to identify and analyze slow code and performance bottlenecks line by line. Using DevPartner Studio performance profiling, you can:

* profile Visual C++, Visual Basic, .NET, C#, VBScript and JScript code from top to bottom
* trace running applications and differentiate between application and operating system calls, all through an intuitive user interface
* isolate performance bottlenecks in single and multi-tiered applications at machine, process, component or source line levels
* receive recommendations and corrective actions from one key source—DevPartner Studio.


Code Coverage Analysis:
-----------------------

No more relying on relatively subjective reports to test code. DevPartner Studio Professional Edition code coverage analysis tells you how much code was tested, how well it tested and what was never tested at all. You get the answers you need to focus testing where it's needed most, whether it's code check-in, unit testing, integration testing or final release. To zero-in on untested code for you, DevPartner Studio:

* captures and combines testing sessions for applications, components and web pages
* traces both .NET and native code across users, languages and application tiers
* pinpoints the portions of an application left unexecuted during one or more tests
* merges sessions to present a clear picture of testing progress over time.
Also listed in: Code Coverage Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: DynamoRIO
Rating: 0.0 (0 votes)
Author: Hewlett-Packard Laboratories & MIT & Derek Bruening                        
Website: http://dynamorio.org
Current version: 6.0.0.6
Last updated: October 6, 2015
Direct D/L link: https://github.com/DynamoRIO/dynamorio/releases/download/release_6_0_0/DynamoRIO-Windows-6.0.0-6.zip
License type: Free and open source (BSD-type license)
Description: DynamoRIO is a runtime code manipulation system that supports code transformations on any part of a program, while it executes. DynamoRIO exports an interface for building dynamic tools for a wide variety of uses: program analysis and understanding, profiling, instrumentation, optimization, translation, etc. Unlike many dynamic tool systems, DynamoRIO is not limited to insertion of callouts/trampolines and allows arbitrary modifications to application instructions via a powerful IA-32/AMD64 instruction manipulation library. DynamoRIO provides efficient, transparent, and comprehensive manipulation of unmodified applications running on stock operating systems (Windows or Linux) and commodity IA-32 and AMD64 hardware.
DynamoRIO's powerful API abstracts away the details of the underlying infrastructure and allows the tool builder to concentrate on analyzing or modifying the application's runtime code stream. API documentation is included in the release package and can also be browsed online.

Previous description:

The DynamoRIO Collaboration - Dynamo from Hewlett-Packard Laboratories + RIO (Runtime Introspection and Optimization) from MIT's Laboratory for Computer Science.

The DynamoRIO dynamic code modification system, joint work between Hewlett-Packard and MIT, is being released as a binary package with an interface for both dynamic instrumentation and optimization. The system is based on Dynamo from Hewlett-Packard Laboratories. It operates on unmodified native binaries and requires no special hardware or operating system support. It is implemented for both IA-32 Windows and Linux, and is capable of running large desktop applications.

The system's release was announced at a PLDI tutorial on June 16, 2002, titled "On the Run - Building Dynamic Program Modifiers for Optimization, Introspection and Security." Here is the tutorial abstract:

In the new world of software, which heavily utilizes dynamic class loading, DLLs and interconnected components, the power and reach of static analysis is diminishing. An exciting new paradigm of dynamic program optimization, improving the performance of a program while it is being executed, is emerging. In this tutorial, we will describe intricacies of building a dynamic optimizer, explore novel application areas such as program introspection and security, and provide details of building your own dynamic code modifier using DynamoRIO. DynamoRIO, a joint development between HP Labs and MIT, is a powerful dynamic code modification infrastructure capable of running existing binaries such as Microsoft Office Suite. It runs on both Windows and Linux environments. We are offering a free release of DynamoRIO for non-commercial use. A copy of the DynamoRIO release, which includes the binary and a powerful API, will be provided to the attendees.
Also listed in: Code Coverage Tools, Code Injection Tools, Debugger Libraries, Disassembler Libraries
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Hotch
Rating: 0.0 (0 votes)
Author: sp                        
Website: http://www.the-interweb.com/serendipity/index.php?/archives/108-Hotch-1.0.0.html
Current version: 1.0.0
Last updated: July 10, 2008
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: Hotch - named after everyone's favourite TV profiler - is an IDA plugin that can be used to profile binary files. It sets breakpoints on all basic blocks of a program, records breakpoints hits and tries to figure out statistics from these hits. Click here to seen an example of a simple profiling session (starting Notepad and exiting Notepad again). Click here to see a huge 6.5 MB results file that shows a larger profiling session (loading a file in Notepad and playing around in it).

Random Notes:

* "This is really slow for larger files". Yeah, it is really slow in IDA up to 5.2 but Ilfak fixed some things in IDA 5.3 and it works acceptably fast now. So patience, young padawan.
* "The timing results don't really make sense". Yeah, I know. Since I execute a callback function after each breakpoint hit tight loops take disproportionally much time. For anything but tight loops the timing results should kinda work, at least relative to each other of course.
* Ignore the source file libida.hpp, it's an early version of my experimental-at-best C++ wrapper library for the IDA SDK.
* I take feature requests for Hotch.
Also listed in: Code Coverage Tools, IDA Extensions
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: PIN
Rating: 0.0 (0 votes)
Author: Intel                        
Website: http://rogue.colorado.edu/pin
Current version: 2.3 (rev 18525)
Last updated: April 10, 2008
Direct D/L link: N/A
License type: Free / Open source
Description: Pin is a tool for the dynamic instrumentation of programs. It supports Linux binary executables for Intel (R) Xscale (R), IA-32, IA-32E (64 bit x86), and Itanium (R) processors. It also allow instrumentation of Windows programs on IA-32 and Intel (R) 64 processors

Pin was designed to provide functionality similar to the popular ATOM toolkit for Compaq's Tru64 Unix on Alpha, i.e. arbitrary code (written in C or C++) can be injected at arbitrary places in the executable. Unlike Atom, Pin does not instrument an executable statically by rewriting it, but rather adds the code dynamically while the executable is running. This also makes it possible to attach Pin to an already running process.

Pin provides a rich API that abstracts away the underlying instruction set idiosyncrasies and allows context information such as register contents to be passed to the injected code as parameters. Pin automatically saves and restores the registers that are overwritten by the injected code so the application continues to work. Limited access to symbol and debug information is available as well.

Pin includes the source code for a large number of example instrumentation tools like basic block profilers, cache simulators, instruction trace generators, etc. It is easy to derive new tools using the examples as a template.
Also listed in: Code Injection Tools, Tracers
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: Profile Coverage Tool
Rating: 0.0 (0 votes)
Author: Rolf Rolles                        
Website: http://www.woodmann.com/forum/showthread.php?t=11325
Current version: 1.0
Last updated: February 17, 2008
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: A DynamoRIO extension for binary code coverage and profiling. It works on a function-level (although block-level support could be added easily -- the source weighs in at a measly 70 lines in 2kb, so if you want some other feature, just code it), and it can either be a profiler or a code coverage analyzer. All it does is instrument the code such that each call instruction, direct or indirect, will write its source and target addresses into a file. This data can then be used for either profiling or code coverage purposes: simply discard all of the duplicates for the latter, and use the data as-is for the former. This is just the back-end, but I imagine that this could be easily integrated into PaiMei's front end to provide an industrial-grade coverage and profiling tool.

Strengths of DynamoRIO:
* speed (you might not even notice the slowdown);
* stability (there used to be a commercial security product based on this technology -- it is literally industrial grade);
* trivial to code extensions for (70 lines, 2kb for this simple yet powerful extension).

Weaknesses:
* definitely won't work with self-modifying code
* probably won't work with obfuscated or "self-protecting" code (there's particularly a problem with so-called "pc-relative" addressing, such as call $ / pop ebp).

Studious readers may note that automatic indirect call resolution is exceptionally useful for C++ reverse engineering; comment out the direct call resolution, recompile, write a quick IDC script to add the x-refs to the disassembly listing, and you've got a killer C++ RE tool. Credit goes to spoonm for having and implementing this idea initially.
Also listed in: Code Coverage Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: PurifyPlus
Rating: 3.0 (1 vote)
Author: IBM / Rational                        
Website: http://www-306.ibm.com/software/awdtools/purifyplus/win/
Current version: 7.0
Last updated:
Direct D/L link: N/A
License type: Commercial (with demo)
Description: This tool does reportedly not work without having debug information (pdb, dbg, or map) or the source code for the analyzed program. A map file can be produced by e.g. IDA Pro though, so it could still be useful for reversing purposes.

See the following for more info:
http://www.woodmann.com/forum/showthread.php?t=11306

-----------------------------

Rational® PurifyPlus for Windows® is an automated runtime analysis tools for Windows-based application performance.
Software Test and Performance 2006 Testers Choice Awards

Automated runtime analysis tools to improve Windows-based application reliability and performance. Designed for Java, Visual C/C++, C#, VB.NET, and Visual Basic applications.

* Provides a complete set of automated runtime analysis tools
* Includes memory corruption detection, memory leak detection, application performance profiling and code coverage analysis
* Is designed for Java, Visual C/C++, C#, VB.NET and Visual Basic applications
Also listed in: Code Coverage Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)



Tool name: VTune Performance Analyzer
Rating: 3.0 (1 vote)
Author: Intel                        
Website: http://www.intel.com/cd/software/products/asmo-na/eng/vtune/219898.htm
Current version: 9.0
Last updated:
Direct D/L link: N/A
License type: Commercial (with trial)
Description: This tool does reportedly not work ANYMORE without having the source code for the analyzed program, which sadly makes it relatively useless for reversing purposes.

Up until version 5 it used to have pure assembler profiling though, so if you can find an old <= 5 version it might still be a good tool though.

See the following for more info:
http://www.woodmann.com/forum/showthread.php?t=11306

-----------------------------
Nice analysis tool, which can among other things log API calls, create call graphs, analyse and trace thread usage and synchronization object use.

Includes Intel Thread Profiler too.

Intel's own sale spin description:
Deliver fast software on the latest 64-bit multi-core systems running Microsoft Windows Vista*, Windows* XP or Windows Server*. Locate performance bottlenecks without recompilation and with very low overhead (under 5%). Analyze the results using a graphical interface with strong Visual Studio* and .NET integration. Quickly drill down to the source to identify problematic lines of code.
Also listed in: Thread Monitoring Tools
More details: Click here for more details, screenshots, related URLs & comments for this tool! (or to update its entry)


RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.





Views
Category Navigation Tree
   Needs New Category  (3)