From Collaborative RCE Tool Library

Jump to: navigation, search

Profile Coverage Tool

Tool name: Profile Coverage Tool
Rating: 0.0 (0 votes)
Author: Rolf Rolles                        
Website: http://www.woodmann.com/forum/showthread.php?t=11325
Current version: 1.0
Last updated: February 17, 2008
Direct D/L link: Locally archived copy
License type: Free / Open Source
Description: A DynamoRIO extension for binary code coverage and profiling. It works on a function-level (although block-level support could be added easily -- the source weighs in at a measly 70 lines in 2kb, so if you want some other feature, just code it), and it can either be a profiler or a code coverage analyzer. All it does is instrument the code such that each call instruction, direct or indirect, will write its source and target addresses into a file. This data can then be used for either profiling or code coverage purposes: simply discard all of the duplicates for the latter, and use the data as-is for the former. This is just the back-end, but I imagine that this could be easily integrated into PaiMei's front end to provide an industrial-grade coverage and profiling tool.

Strengths of DynamoRIO:
* speed (you might not even notice the slowdown);
* stability (there used to be a commercial security product based on this technology -- it is literally industrial grade);
* trivial to code extensions for (70 lines, 2kb for this simple yet powerful extension).

Weaknesses:
* definitely won't work with self-modifying code
* probably won't work with obfuscated or "self-protecting" code (there's particularly a problem with so-called "pc-relative" addressing, such as call $ / pop ebp).

Studious readers may note that automatic indirect call resolution is exceptionally useful for C++ reverse engineering; comment out the direct call resolution, recompile, write a quick IDC script to add the x-refs to the disassembly listing, and you've got a killer C++ RE tool. Credit goes to spoonm for having and implementing this idea initially.
Related URLs: No related URLs have been submitted for this tool yet


RSS feed Feed containing all updates for this tool.

Retrieved from "http://www.woodmann.com/collaborative/tools/index.php/Profile_Coverage_Tool"


If you find that any information for the tool above is missing, outdated or incorrect, please edit it!
(please also edit it if you think it fits well in some additional category, since this can also be controlled)

Views