dELTA
February 11th, 2008, 13:27
When the subject of profilers came up briefly in some discussion here on the board a while ago, I remember catching myself feeling surprised that they are practically never mentioned in reversing contexts. Coverage tools like Paimei/pStalker are sometimes (but rarely) mentioned in reversing contexts, and I guess that compared to the more complex profilers, these code coverage tools are also the most natural (and quite efficient too, check out Paimei/pStalker if you haven't already: http://www.woodmann.com/forum/showthread.php?t=10851), but for some purposes, a more profiler centric tool would be more efficient, e.g. in the event of pin-pointing some code that consumes lots of CPU power (e.g. a bug or other suspect piece of code like this one: http://www.woodmann.com/forum/showthread.php?t=11302) or when you want to efficiently pinpoint e.g. some encryption/decryption, checksum code or similar, where the same code blocks are hit a very high number of times during a short period of time. And of course, the target will be an executable for which we don't have the source code.
My Google searches about this subject have been hard to make good results of. Partly because of the ambiguous "profiler" word, but mostly because most profiler software seems to be primarily aimed and centered around analyzing programs that you already have the source code for. Also, the area of code profiling (let alone binary, source code-less, code profiling) is so small in relation to other areas of interest, that it is easily drowned even more in irrelevant search results, and this also makes it very hard to find out which, if any, products are popular or good within this field.
So, this is an excellent time to consult the vast experience in the areas of debugging, programming and analyzing code that is present on this board, by asking: Which tools do you use and/or recommend for binary profiling as described above?
To clarify: What I'm primarily looking for is logging of code execution hits on the basic block level, with hit counters and sorting in decreasing order of the most frequently hit code blocks (possibly of the approximate kind, i.e. it's not necessary that the hits are counted exactly by means of breakpoints, many profilers use sampling techniques too, to speed up the process at the cost of more approximative results).
Any good tips or ideas, anyone?
My Google searches about this subject have been hard to make good results of. Partly because of the ambiguous "profiler" word, but mostly because most profiler software seems to be primarily aimed and centered around analyzing programs that you already have the source code for. Also, the area of code profiling (let alone binary, source code-less, code profiling) is so small in relation to other areas of interest, that it is easily drowned even more in irrelevant search results, and this also makes it very hard to find out which, if any, products are popular or good within this field.
So, this is an excellent time to consult the vast experience in the areas of debugging, programming and analyzing code that is present on this board, by asking: Which tools do you use and/or recommend for binary profiling as described above?
To clarify: What I'm primarily looking for is logging of code execution hits on the basic block level, with hit counters and sorting in decreasing order of the most frequently hit code blocks (possibly of the approximate kind, i.e. it's not necessary that the hits are counted exactly by means of breakpoints, many profilers use sampling techniques too, to speed up the process at the cost of more approximative results).
Any good tips or ideas, anyone?