What's New in Lighthouse v0.6

Intel pintool, cyclomatic complexity, batch load, bugfixes

October 2, 2017/Markus Gaasedelen

Lighthouseis a code coverage plugin forIDA Pro. Last week I promoted the github development branch to master and tagged the release asLighthouse v0.6. This post details some of its noteworthy changes.

Highlights for this release include a Lighthouse compatible Intel pintool, cyclomatic complexity metrics, batch loading, and a number of important bugfixes.

Lighthouse is a plugin to explore and visualize externally collected code coverage in IDA Pro

CodeCoverage Pintool

One of the top requests for Lighthouse has been anIntel Pinbased solution for collecting compatible code coverage. Since the initial release, Lighthouse has only offeredDynamoRIOsupport.

Thanks to a community contribution fromAgustin Gianni, Lighthouse v0.6 now ships with theCodeCoveragepintoolthat works withWindows, MacOS, and Linux!

Running the 64bit CodeCoverage pintool against the boombox.exe testcase

Pin tends to have a better track record instrumenting complex applications (eg, Browsers, Office) at the expense of runtime performance (pin is slower). Where one DBI fails, hopefully the other offering can pick up the slack.

I’ve tentatively labeled the pintool as experimental while it undergoes further vetting from the public.

Cyclomatic Complexity

As a feature request from the community (thanks@yrp604), the Coverage Overview now lists the computedcyclomatic complexityof functions.

The newly added cyclomatic complexity column as seen in the Coverage Overview

Cyclomatic complexity quantifies the number of unique paths through a function. Functions with high complexity scores can point to code that is going to be hard for developers to understand, test, and maintain.

Human intuition tells us that high complexity constructs are more likely to contain defects (bugs).

Batch Load

The last notable feature added with the Lighthouse v0.6 release isbatch loading.

File → Load file → Code coverage batch...

Batch loadingallows one to select and load any number of coverage files from disk, but collapses their data into a single coverage set (an aggregate) at load time. This is useful when analyzing coverage data for a large set of testcases that may be cumbersome for Lighthouse to load and manage as individual coverage sets.

I’ve used this feature to load a batch of coverage data for 400+ unique testcases against a target application.

Bugfixes

With every release of Lighthouse I generally find and fix a number of bugs. This section highlights some of the important bugfixes that will be shipping with this release.

Poor Color Selection

By sampling the colors in the Qt & disassembly views, Lighthouse attempts to make a conscious decision as to which color would better maintain disassembly readability when painting coverage data to the database.

Lighter IDA themes get a light green coverage paint versus a dark theme with dark paint

There were a few bugs surrounding my sampling and selection code that would cause Lighthouse to paint coverage data with the wrong color, yielding largely unreadable text.

This release fixes the sampling issues to provide a more consistent experience with coverage paint colors.

IDA Crashes

On rare occasions Lighthouse was triggering a UAF in the compiled IDAPython library and crashing IDA.

A hard crash of IDA some users reported experiencing

In Lighthouse v0.6, a workaround has been put in place that appears to mitigate the issue (for now). The proper fix will have to be made to IDAPython in a later release of IDA.

Minor Bugfixes

In the Wild

Finally, I’d like to recognize public works that I have seen make use of Lighthouse since the last release.

In September I was forwarded a blogpost written by@symeonpthat documents his research and findings from fuzzing MSXML6 (one of Microsoft’s XML parsing libraries) withWinAFL+ Lighthouse.

Right, finally I finished my first blog post: Fuzzing the MSXML6 library with WinAFL:https://t.co/pezyvJ2dAz! Comments are welcome!

The beauty of this juxtaposition is that Lighthouse was created as a direct result of conversations I had with Axel (@0vercl0k) about his contributions to WinAFL.

Seeing this pairing of technology emerge naturally in the public domain is simply awesome.

Conclusion

Lighthouse continues to evolve and improve with every release. It is open source under theMIT Licenseand is maintained as an independent project. Your feedback drives its development.

I welcome external contributions, issues, and feature requests.

_https://blog.ret2.io/2017/10/02/lighthouse-v0.6/

[招生]科锐逆向工程师培训(2024年11月15日实地，远程教学同时开班, 第51期)