speakeasy icon indicating copy to clipboard operation
speakeasy copied to clipboard
verified publisher icon mandiant

emit code coverage trace log for import into external tools

Open williballenthin opened this issue 5 years ago • 1 comments

it would be useful to see what instructions speakeasy has emulated (via run_speakeasy), such as via the https://github.com/gaasedelen/lighthouse IDA Pro plugin. add an option to this script that emits a log file with the instructions emulated by speakeasy, in a format like:

boombox+3a06
boombox+3a09
boombox+3a0f
boombox+3a15
...

ref

williballenthin avatar Sep 21 '20 22:09 williballenthin

This can be achieved with a code-hook:

se = speakeasy.Speakeasy()

f = open("coverage.txt", "w")

def insn_trace(emu, addr, size, ctx):
    f.write(f"0x{addr:08x}\n")

se.add_code_hook(cb=insn_trace)
module = se.load_module("myfile.dll")
se.run_module(module, all_entrypoints=False)
report = se.get_report()

f.close()

This generates the "Address Trace" format for lighthouse. The size parameter is the size of the instruction in bytes, and can be used for e.g. EZCOV.

ambiso avatar Feb 19 '25 14:02 ambiso