if len(sys.argv) not in [3, 4, 5]:
print(USAGE)
exit(1)
target_filename = sys.argv[1]
seed_dir = os.path.normpath(sys.argv[2])
coverage_dir = seed_dir + "-cov"
output_dir = seed_dir + "-bmin"
if len(sys.argv) >= 4:
coverage_dir = os.path.normpath(sys.argv[3])
if len(sys.argv) == 5:
output_dir = os.path.normpath(sys.argv[4])
script_start = time.time()
bv = bncov.get_bv(target_filename)
covdb = bncov.get_covdb(bv, coverage_dir)
seed_paths = [
os.path.join(seed_dir, filename) for filename in os.listdir(seed_dir)
]
seed_sizes = {
seed_path: os.path.getsize(seed_path)
for seed_path in seed_paths
}
coverage_to_seed = {}
seed_to_coverage = {}
for trace_path in covdb.trace_dict.keys():
trace_name = os.path.basename(trace_path)
if trace_name.endswith('.cov') is False:
print(
"[!] Trace file %s doesn't the right extension (.cov), bailing..."
target_filename = sys.argv[1]
covdir = sys.argv[2]
bv = bncov.get_bv(target_filename, quiet=False)
original_filepath = bv.file.original_filename
if not os.path.exists(original_filepath):
print(
"ERROR: Original file %s not found (often due to a .bndb with a stale path)"
% original_filepath)
print(
" This script requires the original target and that it has debug symbols."
)
exit(1)
covdb = bncov.get_covdb(bv, covdir, quiet=False)
uncovered_calls = get_uncovered_calls(covdb)
any_source_found = False
for i, item in enumerate(uncovered_calls.items()):
address, disassembly = item
function_name = bv.get_functions_containing(
address)[0].symbol.short_name
print('\n[%d] %s: 0x%x: "%s"' %
(i, function_name, address, disassembly))
if print_source_line(original_filepath, address):
any_source_found = True
if source_hits == 0:
print(
"WARNING: No source paths were resolved, double check that the target has debug information"
coverage_before = set()
coverage_before.update(covdb.total_coverage)
coverage_from_file = covdb.add_file(coverage_filepath)
new_coverage = coverage_from_file - coverage_before
time_print(
"New coverage file found: %s, %d new blocks covered" %
(filename, len(new_coverage)))
function_mapping = covdb.get_functions_from_blocks(
new_coverage)
for function_name in function_mapping:
for block in function_mapping[function_name]:
time_print(" New block 0x%x in %s" %
(block, function_name))
time.sleep(poll_interval)
except KeyboardInterrupt:
time_print("Caught CTRL+C, exiting")
if __name__ == "__main__":
if len(sys.argv) != 3:
print("USAGE: %s <target_file_or_bndb> <coverage_dir>" % sys.argv[0])
exit()
target_filename = sys.argv[1]
coverage_dir = sys.argv[2]
bv = bncov.get_bv(target_filename, quiet=False)
covdb = bncov.get_covdb(bv, coverage_dir, quiet=False)
script_start = time.time()
watch_coverage(covdb)