Reverse engineering tips

Code coverage can be used, we trace software with dynamic instrumentation tool like Intel PIN, Dynamorio or frida without doing the functionality that we want to find, then we re-trace the software while doing the functionality we want for example opening a file.

Then you find the difference between the two coverage sets.

This is a program to do code coverage visualization within IDA Pro called lighthouse.

You basically taint sources like user input, and see where code access it, even with branching.

The problem with this approach is that it doesn't work with complicated programs, it works best with individual functions.

I learned a trick from a gynvael stream, he basically sets breakpoints on all functions, than interacts with the software and removes a breakpoint when the stops at it. Then he does the action he wants to reverse, and hopefully the debugger will stop at the code that does that specific thing.