Live Code Coverage with Ghidra
29 views
Skip to first unread message
Ao Vak
Jun 3, 2025, 3:13:41 PMJun 3
to DynamoRIO Users
I want to create a program that sends live code coverage info to Ghidra
My design:
When Ghidra switches to a function it sends my client the addresses of all the function's basic blocks
Client enables instrumentation on the corresponding basic blocks and collects data
At some specified interval my client sends Ghidra the coverage info
Ghidra colors the corresponding basic blocks based on how many times the basic block was run on that interval
My main issue is with communication. I don't know how to send and receive the data to and from Ghidra.
I'm planning on using Asio because I saw a GitHub project of someone using it to communicate with Ghidra and I already have some experience with it.
My DRIO client obviously just crashes when I try to use Asio with it so I'm guessing it would need to communicate with some other cpp program that uses Asio??
How should I design this? How do I send the information over to Ghidra?
My design:
When Ghidra switches to a function it sends my client the addresses of all the function's basic blocks
Client enables instrumentation on the corresponding basic blocks and collects data
At some specified interval my client sends Ghidra the coverage info
Ghidra colors the corresponding basic blocks based on how many times the basic block was run on that interval
My main issue is with communication. I don't know how to send and receive the data to and from Ghidra.
I'm planning on using Asio because I saw a GitHub project of someone using it to communicate with Ghidra and I already have some experience with it.
My DRIO client obviously just crashes when I try to use Asio with it so I'm guessing it would need to communicate with some other cpp program that uses Asio??
How should I design this? How do I send the information over to Ghidra?
Derek Bruening
Jun 4, 2025, 4:33:38 PMJun 4
to Ao Vak, DynamoRIO Users
I think a lot more information is needed here to discuss in detail: what mechanisms does Ghidra support for inputs? What are the communication types used by "Asio"? Don't assume that everyone on this list knows those details.
It is good to keep clients small and using low level interfaces as the private loader is best-effort and has limits. Sending data over a pipe or via shared memory are some options; files and nudges can also be used (https://dynamorio.org/using.html#sec_comm). Having a helper process intermediary could help keep the client small and more transparent.
It is good to keep clients small and using low level interfaces as the private loader is best-effort and has limits. Sending data over a pipe or via shared memory are some options; files and nudges can also be used (https://dynamorio.org/using.html#sec_comm). Having a helper process intermediary could help keep the client small and more transparent.
--
You received this message because you are subscribed to the Google Groups "DynamoRIO Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dynamorio-use...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/dynamorio-users/3fad7ab3-823c-4bb2-86cc-ded733c19502n%40googlegroups.com.
Ao Vak
Jun 10, 2025, 5:05:41 AMJun 10
to DynamoRIO Users
Sorry for the late reply, I couldn't respond because there was a problem with one of my teeth.
I've gotten a lot of it done now and the communication problem is resolved. I'm communicating with the client using shared memory and nudges and
I'm communicating with Ghidra using sockets.
However, I still have a problem: When I supply the client with a list of basic block addresses I want the client to put instrumentation on them.
From what I've seen I need to "flush" those basic blocks in order to instrument them again.
So it seems I need to call dr_flush_region, but the problem is that dr_flush_region seems to require the size of
the basic block, which I don't have. I tried to get the size of the basic block using drx_instrlist_size,
but that function requires an instrlist_t*, which I also don't have. All I have is the address of the basic block.
So my main question is
- How do I reset instrumentation on basic blocks?
I've gotten a lot of it done now and the communication problem is resolved. I'm communicating with the client using shared memory and nudges and
I'm communicating with Ghidra using sockets.
However, I still have a problem: When I supply the client with a list of basic block addresses I want the client to put instrumentation on them.
From what I've seen I need to "flush" those basic blocks in order to instrument them again.
So it seems I need to call dr_flush_region, but the problem is that dr_flush_region seems to require the size of
the basic block, which I don't have. I tried to get the size of the basic block using drx_instrlist_size,
but that function requires an instrlist_t*, which I also don't have. All I have is the address of the basic block.
So my main question is
- How do I reset instrumentation on basic blocks?
Derek Bruening
Jun 10, 2025, 11:57:59 AMJun 10
to Ao Vak, DynamoRIO Users
If this happens just once, the best thing is to flush the entire cache (pass 0, max).
To view this discussion visit https://groups.google.com/d/msgid/dynamorio-users/89bd67b5-bc5e-445f-a7dd-32250073c0fbn%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages