Reversing Code Coverage Tool

[xenophi1e <oliver.lavery () sympatico ca>]

Howdy,

Does anyone know of a coverage tool that is useful for reverse engineering on Win32? 

I know there are a million profiling/code coverage tools out there. I've looked at a bunch, but I'm looking for 
something that suits a specific set of needs:

- Does not require source (obviously)
- Does not require binary modifications (or none that change addresses)
- Records execution of any or all functions in a binary
- Can record execution at arbitrary addresses I specify
- Doesn't impact performance (at least not too much)
- Can be used in conjunction with a debugger. (won't bugger things up by using breakpoints)

I don't really want exhaustive coverage info or perty graphs, I want to be able to trace which functions are executing 
in an arbitrary binary with minimum effort. Ideally I'd like to be able to give something a dump of IDA (or similar) 
symbols, run the program, and see which ones execute in which sequence and in which threads.

In other words, I'm f*$#!ing sick of using breakpoints and single stepping to try and figure out what parts of a binary 
are getting hit. Pen, paper and a debugger work for small sections of code, but become with very large binaries. There 
must be a better way.

Does anyone know if something like this exists? Has someone found a better solution?

Cheers,
~ol