-
Notifications
You must be signed in to change notification settings - Fork 0
Binary to callgraph generator
License
enferex/binema
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
binema: Executable to callgraph generator ========================================= What ==== binema takes as input an executable and generates the resulting callgraph in dot notation. dot can be used to easily visualize a graph. For more information on the dot language (graphviz) see: <http://www.graphviz.org/> Callgraph generation typically takes place during compile time allowing the compiler to make certain decisions necessary for generating an executable from source. Callgraphs can also be used/generated by security auditing/analysis tools and debuggers; binema operates from the latter approach. Instead of acting as a compiler, which would transform the input source code into a callgraph, binema takes an already compiled executable and generates the callgraph. This is not unique, as disassemblers can perform just this very task. What is nifty about binema is that it is not a full-fledged disassembler, rather it is a simple and low-dependency program that generates a callgraph in dot notation. Why dot? Because graphs look super-duper-sexxy. Also, I would say that binema is a good (simple) example of using libbfd and libopcodes. Limitations =========== binema does not resolve jumps or indirect control flow redirections. Simply, binema only looks for an explicit 'call' instruction and the following operand. If the operand is a symbol, then binema will attempt to resolve the symbol to a human readable name. If the operand (target of the call instruction) is not a symbol, then the address is displayed. If an indirect address is displayed such as 'call *(%rax)' then that operand is displayed as presented in the disassembled output. If two nodes call such an indirect adderess, then both edges (the control flow) will point to the same node (the indirect address instructions). That is not accurate as the indirect addresses might point to two different functions at runtime. Stripped binaries are not processed since binema displays caller and callee (e.g., what function is calling what other function). The aforementioned data is obtained via libbfd. Dependencies ============ libbfd: Comes with binutils (objdump, addr2line, etc., rely on this) libopcodes: Also from binutils <http://www.gnu.org/software/binutils/> Thanks ====== How to use libbfd and libopcodes came from tons of "web searching" and looking at the sources for objdump and addr2line (both provided by binutils). Another very valuable resource is the following: <http://www.toothycat.net/wiki/wiki.pl?Binutils/libopcodes> Contact ======= Matt Davis (enferex) mattdavis9@gmail.com
About
Binary to callgraph generator
Resources
License
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published