gaasedelen
diff --git a/‎README.md‎
Lines changed: 25 additions & 4 deletions b/‎README.md‎
Lines changed: 25 additions & 4 deletions
diff --git a/‎coverage/frida/README.md‎
Lines changed: 72 additions & 0 deletions b/‎coverage/frida/README.md‎
Lines changed: 72 additions & 0 deletions
@@ -13,6 +13,7 @@ Special thanks to [@0vercl0k](https://twitter.com/0vercl0k) for the inspiration.
 
 ## Releases
 
+* v0.7 -- Frida, C++ demangling, context menu, function prefixing, tweaks, bugfixes.
 * v0.6 -- Intel pintool, cyclomatic complexity, batch load, bugfixes.
 * v0.5 -- Search, IDA 7 support, many improvements, stability.
 * v0.4 -- Most compute is now asynchronous, bugfixes.
@@ -29,7 +30,7 @@ Install Lighthouse into the IDA plugins folder.
     - On MacOS, the folder is at `/Applications/IDA\ Pro\ 6.8/idaq.app/Contents/MacOS/plugins`
     - On Linux, the folder may be at `/opt/IDA/plugins/`
 
-The plugin is platform agnostic, but has only been tested on Windows for IDA 6.8 --> 7.0
+The plugin is compatible with IDA Pro 6.8 --> 7.0 on Windows, MacOS, and Linux.
 
 ## Usage
 
@@ -67,6 +68,16 @@ The Coverage Overview is a dockable widget that provides a function level view o
 
 This table can be sorted by column, and entries can be double clicked to jump to their corresponding disassembly.
 
+## Context Menu
+
+Right clicking the table in the Coverage Overview will produce a context menu with a few basic amenities.
+
+<p align="center">
+<img alt="Lighthouse Context Menu" src="screenshots/context_menu.gif"/>
+</p>
+
+These actions can be used to quickly manipulate or interact with entries in the table.
+
 ## Coverage Composition
 
 Building relationships between multiple sets of coverage data often distills deeper meaning than their individual parts. The shell at the bottom of the [Coverage Overview](#coverage-overview) provides an interactive means of constructing these relationships.
@@ -134,7 +145,7 @@ Loaded coverage data and user constructed compositions can be selected or delete
 
 Before using Lighthouse, one will need to collect code coverage data for their target binary / application.
 
-The examples below demonstrate how one can use [DynamoRIO](http://www.dynamorio.org) or [Intel Pin](https://software.intel.com/en-us/articles/pin-a-dynamic-binary-instrumentation-tool) to collect Lighthouse compatible coverage agaainst a target. The `.log` files produced by these instrumentation tools can be loaded directly into Lighthouse.
+The examples below demonstrate how one can use [DynamoRIO](http://www.dynamorio.org), [Intel Pin](https://software.intel.com/en-us/articles/pin-a-dynamic-binary-instrumentation-tool) or [Frida](https://www.frida.re) to collect Lighthouse compatible coverage against a target. The `.log` files produced by these instrumentation tools can be loaded directly into Lighthouse.
 
 ## DynamoRIO
 
@@ -156,7 +167,17 @@ Example usage:
 pin.exe -t CodeCoverage64.dll -- boombox.exe
 ```
 
-For convenience, binaries for the Windows pintool can be found on the [releases](https://github.com/gaasedelen/lighthouse/releases/tag/v0.6.0) page. MacOS and Linux users need to compile the pintool themselves following the [instructions](coverage/pin#compilation) included with the pintool for their respective platforms.
+For convenience, binaries for the Windows pintool can be found on the [releases](https://github.com/gaasedelen/lighthouse/releases/tag/v0.7.0) page. MacOS and Linux users need to compile the pintool themselves following the [instructions](coverage/pin#compilation) included with the pintool for their respective platforms.
+
+## Frida (Experimental)
+
+Lighthouse offers limited support for Frida based code coverage via a custom [instrumentation script](coverage/frida) contributed by [yrp](https://twitter.com/yrp604). 
+
+Example usage:
+
+```
+sudo python frida-drcov.py bb-bench
+```
 
 # Future Work
 
@@ -166,7 +187,7 @@ Time and motivation permitting, future work may include:
 * ~~Multifile/coverage support~~
 * Profiling based heatmaps/painting
 * Coverage & Profiling Treemaps
-* Additional coverage sources, trace formats, etc
+* ~~Additional coverage sources, trace formats, etc~~
 * Improved Pseudocode painting
 
 I welcome external contributions, issues, and feature requests.
 
@@ -0,0 +1,72 @@
+# frida-drcov.py
+
+In this folder you will find the code coverage collection script `frida-drcov.py` that run ontop of the [Frida](https://www.frida.re/) DBI toolkit. This script will produce code coverage (using Frida) in a log format compatible with [Lighthouse](https://github.com/gaasedelen/lighthouse).
+
+Frida is best supported on mobile platforms such as iOS or Android, claiming some support for Windows, MacOS, Linux, and QNX. Practically speaking, `frida-drcov.py` should only be used for collecting coverage data on mobile applications.
+
+This script is labeled only as a prototype.
+
+## Install
+
+To use `frida-drcov.py`, you must have [Frida](https://www.frida.re/) installed. This can be done via python's `pip`:
+
+```
+sudo pip install frida
+```
+
+## Usage
+
+Once frida is installed, the `frida-drcov.py` script in this repo can be used to collect coverage against a running process as demonstrated below. By default, the code coverage data will be written to the file `frida-drcov.log` at the end of execution.
+
+```
+python frida-drcov.py <process name | pid>
+```
+
+Here is an example of us instrumenting the running process `bb-bench`.
+
+```
+$ sudo python frida-drcov.py bb-bench
+[+] Got module info
+Starting to stalk threads...
+Stalking thread 775
+Done stalking threads.
+[*] Now collecting info, control-D to terminate....
+[*] Detaching, this might take a second... # ^d
+[+] Detached. Got 320 basic blocks.
+[*] Formatting coverage and saving...
+[!] Done
+$ ls -lh frida-cov.log # this is the file you will load into lighthouse
+-rw-r--r--  1 root  staff   7.2K 21 Oct 11:58 frida-cov.log
+```
+
+Using the `-o` flag, one can specify a custom name/location for the coverage log file:
+
+```
+python frida-drcov.py -o more-coverage.log foo
+```
+
+## Module Whitelisting
+
+One can whitelist specific modules inside the target process. Say you have binary `foo` which imports the libraries `libfoo`, `libbar`, and `libbaz`. Using the `-w` flag (whitelist) on the command line, we can explicitly target modules of interest:
+
+```
+$ python frida-drcov.py -w libfoo -w libbaz foo
+```
+
+This will reduce the amount of information collected and improve performance. If no `-w` arguments are supplied, `frida-drcov.py` will trace all loaded images.
+
+## Thread Targeting
+
+On multi-threaded applications, tracing all threads can impose significant overhead. For these cases you can filter coverage collection based on thread id if you only care about specific threads.
+
+In the following example, we target thread id `543`, and `678` running in the process named `foo`.
+
+```
+python frida-drcov.py -t 543 -t 678 foo
+```
+
+Without the `-t` flag, all threads that exist in the process at the time of attach will be traced.
+
+# Authors
+
+* yrp ([@yrp604](https://twitter.com/yrp604))