if len(sys.argv) not in [3, 4, 5]: print(USAGE) exit(1) target_filename = sys.argv[1] seed_dir = os.path.normpath(sys.argv[2]) coverage_dir = seed_dir + "-cov" output_dir = seed_dir + "-bmin" if len(sys.argv) >= 4: coverage_dir = os.path.normpath(sys.argv[3]) if len(sys.argv) == 5: output_dir = os.path.normpath(sys.argv[4]) script_start = time.time() bv = bncov.get_bv(target_filename) covdb = bncov.get_covdb(bv, coverage_dir) seed_paths = [ os.path.join(seed_dir, filename) for filename in os.listdir(seed_dir) ] seed_sizes = { seed_path: os.path.getsize(seed_path) for seed_path in seed_paths } coverage_to_seed = {} seed_to_coverage = {} for trace_path in covdb.trace_dict.keys(): trace_name = os.path.basename(trace_path) if trace_name.endswith('.cov') is False: print( "[!] Trace file %s doesn't the right extension (.cov), bailing..."
target_filename = sys.argv[1] covdir = sys.argv[2] bv = bncov.get_bv(target_filename, quiet=False) original_filepath = bv.file.original_filename if not os.path.exists(original_filepath): print( "ERROR: Original file %s not found (often due to a .bndb with a stale path)" % original_filepath) print( " This script requires the original target and that it has debug symbols." ) exit(1) covdb = bncov.get_covdb(bv, covdir, quiet=False) uncovered_calls = get_uncovered_calls(covdb) any_source_found = False for i, item in enumerate(uncovered_calls.items()): address, disassembly = item function_name = bv.get_functions_containing( address)[0].symbol.short_name print('\n[%d] %s: 0x%x: "%s"' % (i, function_name, address, disassembly)) if print_source_line(original_filepath, address): any_source_found = True if source_hits == 0: print( "WARNING: No source paths were resolved, double check that the target has debug information"
coverage_before = set() coverage_before.update(covdb.total_coverage) coverage_from_file = covdb.add_file(coverage_filepath) new_coverage = coverage_from_file - coverage_before time_print( "New coverage file found: %s, %d new blocks covered" % (filename, len(new_coverage))) function_mapping = covdb.get_functions_from_blocks( new_coverage) for function_name in function_mapping: for block in function_mapping[function_name]: time_print(" New block 0x%x in %s" % (block, function_name)) time.sleep(poll_interval) except KeyboardInterrupt: time_print("Caught CTRL+C, exiting") if __name__ == "__main__": if len(sys.argv) != 3: print("USAGE: %s <target_file_or_bndb> <coverage_dir>" % sys.argv[0]) exit() target_filename = sys.argv[1] coverage_dir = sys.argv[2] bv = bncov.get_bv(target_filename, quiet=False) covdb = bncov.get_covdb(bv, coverage_dir, quiet=False) script_start = time.time() watch_coverage(covdb)