qemucov

use static qemu user mode binary collect binary coverage information.

Build

./build-qemucov.sh

Usage

qemu will generate qemucov_cov.log.
put './qemucov/lighthouse' under IDA plugin directory with lighthouse plugin.
IDA will be able to use lighthouse to parse qemucov_cov.log.

./build/qemu-x86_64 ./qemucov/testcases/cov_debug  
cat qemucov_cov.log

Example

QEMUCOV_COV VERSION: 1
Module Table: version 1, count 26
Columns: id, base, end, entry, checksum, timestamp, path
25, 0xFFFFFFFFFF600000, 0xFFFFFFFFFF601000, 0, 0, 0, [vsyscall]
24, 0x00007FFE433A8000, 0x00007FFE433AA000, 0, 0, 0, [vdso]
23, 0x00007FFE433A4000, 0x00007FFE433A8000, 0, 0, 0, [vvar]
22, 0x00007FFE43312000, 0x00007FFE43333000, 0, 0, 0, [stack]
21, 0x00007F1DC8659000, 0x00007F1DC867E000, 0, 0, 0, 
20, 0x00007F1DC8641000, 0x00007F1DC8659000, 0, 0, 0, /home/s0duku/src/qemuida/build/qemu-x86_64
19, 0x00007F1DC85DB000, 0x00007F1DC8641000, 0, 0, 0, /home/s0duku/src/qemuida/build/qemu-x86_64
18, 0x00007F1DC8103000, 0x00007F1DC85DA000, 0, 0, 0, /home/s0duku/src/qemuida/build/qemu-x86_64
17, 0x00007F1DC7CF9000, 0x00007F1DC8103000, 0, 0, 0, /home/s0duku/src/qemuida/build/qemu-x86_64
16, 0x00007F1DC7C66000, 0x00007F1DC7CF9000, 0, 0, 0, /home/s0duku/src/qemuida/build/qemu-x86_64
15, 0x00007F1DC7466000, 0x00007F1DC7C66000, 0, 0, 0, 
14, 0x00007F1DC7465000, 0x00007F1DC7466000, 0, 0, 0, 
13, 0x00007F1DC73E4000, 0x00007F1DC7465000, 0, 0, 0, 
12, 0x00007F1DC0021000, 0x00007F1DC4000000, 0, 0, 0, 
11, 0x00007F1DC0000000, 0x00007F1DC0021000, 0, 0, 0, 
10, 0x00007F1DBFFFF000, 0x00007F1DC0000000, 0, 0, 0, 
 9, 0x00007F1DB8000000, 0x00007F1DBFFFF000, 0, 0, 0, 
 8, 0x00005555557AC000, 0x00005555558BA000, 0, 0, 0, [heap]
 7, 0x0000004002842000, 0x0000004002844000, 0, 0, 0, 
 6, 0x000000400283E000, 0x0000004002842000, 0, 0, 0, /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
 5, 0x000000400283D000, 0x000000400283E000, 0, 0, 0, 
 4, 0x0000004002806000, 0x000000400283D000, 0, 0, 0, /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
 3, 0x0000004002006000, 0x0000004002806000, 0, 0, 0, 
 2, 0x0000004002005000, 0x0000004002006000, 0, 0, 0, 
 1, 0x0000004000003000, 0x0000004000005000, 0, 0, 0, /home/s0duku/src/qemuida/qemucov/testcases/cov_debug
 0, 0x0000004000000000, 0x0000004000003000, 0, 0, 0, /home/s0duku/src/qemuida/qemucov/testcases/cov_debug
BB Table:
 0, 0x0000000000001000
 0, 0x0000000000001016
 0, 0x0000000000001080
 0, 0x0000000000001090
 0, 0x00000000000010B0
 0, 0x00000000000010C0
 0, 0x00000000000010D0
 ...

About

use static qemu user mode binary collect binary coverage information.

Other

Languages

Language:C 85.0%Language:Python 4.9%Language:C++ 3.0%Language:Perl 1.6%Language:Assembly 1.5%Language:Shell 0.7%Language:Makefile 0.5%Language:C# 0.4%Language:Rich Text Format 0.4%Language:Java 0.3%Language:Forth 0.3%Language:Meson 0.3%Language:JavaScript 0.2%Language:Batchfile 0.1%Language:GAP 0.1%Language:Roff 0.1%Language:HTML 0.1%Language:Haxe 0.1%Language:ASL 0.1%Language:CMake 0.1%Language:Dockerfile 0.0%Language:Objective-C 0.0%Language:PHP 0.0%Language:Yacc 0.0%Language:POV-Ray SDL 0.0%Language:NASL 0.0%Language:SourcePawn 0.0%Language:M4 0.0%Language:SmPL 0.0%Language:Starlark 0.0%Language:Lex 0.0%Language:CSS 0.0%Language:Go 0.0%Language:Clojure 0.0%Language:SWIG 0.0%Language:XSLT 0.0%Language:R 0.0%Language:Pawn 0.0%Language:ANTLR 0.0%Language:Fortran 0.0%Language:Vim Script 0.0%Language:Cuda 0.0%Language:Vala 0.0%Language:GDB 0.0%Language:NSIS 0.0%Language:Mustache 0.0%Language:DIGITAL Command Language 0.0%Language:D 0.0%Language:eC 0.0%Language:Emacs Lisp 0.0%Language:PowerShell 0.0%Language:Rust 0.0%Language:Lua 0.0%Language:sed 0.0%Language:Jinja 0.0%Language:Cython 0.0%Language:Tcl 0.0%Language:Module Management System 0.0%Language:Swift 0.0%Language:QMake 0.0%Language:Awk 0.0%Language:Ruby 0.0%Language:GLSL 0.0%Language:Verilog 0.0%Language:Genie 0.0%Language:Objective-C++ 0.0%Language:Inno Setup 0.0%Language:LLVM 0.0%Language:Limbo 0.0%