def analyze(b, addr, name=None): start_state = b.factory.blank_state(addr=addr) start_state.stack_push(0x0) cfg = b.analyses.CFGAccurate(fail_fast=True, starts=[addr], initial_state=start_state, context_sensitivity_level=5, keep_state=True, call_depth=100, normalize=True) plot_cfg(cfg, "%s_cfg" % (name), asminst=True, vexinst=False, debug_info=False, remove_imports=False, remove_path_terminator=False) start_state = b.factory.blank_state(addr=addr, add_options={simuvex.o.CONSERVATIVE_READ_STRATEGY} | simuvex.o.resilience_options) start_state.stack_push(0x0) pg = b.factory.path_group(start_state) pg.use_technique(NormalizedSteps(cfg)) unique_states = set() def check_loops(path): last = path.addr_trace[-1] c = 0 for p in path.addr_trace: if p == last: c += 1 return c > 1 def step_func(lpg): lpg.stash(filter_func=check_loops, from_stash='active', to_stash='looping') lpg.stash(filter_func=lambda path: path.addr == 0, from_stash='active', to_stash='found') print lpg return lpg pg.step(step_func=step_func, until=lambda lpg: len(lpg.active) == 0, n=100) for stash in pg.stashes: c = 0 for p in pg.stashes[stash]: plot_cfg(cfg, "%s_cfg_%s_%d" % (name, stash, c), path=p, asminst=True, vexinst=False, debug_info=False, remove_imports=True, remove_path_terminator=True) c += 1
def analyze(b, addr, name=None): start_state = b.factory.blank_state(addr=addr) start_state.stack_push(0x0) with hook0(b): cfg = b.analyses.CFGEmulated(fail_fast=True, starts=[addr], initial_state=start_state, context_sensitivity_level=5, keep_state=True, call_depth=100, normalize=True) plot_cfg(cfg, "%s_cfg" % (name), asminst=True, vexinst=False, debug_info=False, remove_imports=False, remove_path_terminator=False) start_state = b.factory.blank_state(addr=addr, add_options={angr.sim_options.CONSERVATIVE_READ_STRATEGY} | angr.sim_options.resilience_options) start_state.stack_push(0x0) simgr = b.factory.simgr(start_state) simgr.use_technique(NormalizedSteps(cfg)) def check_loops(state): last = state.history.bbl_addrs[-1] c = 0 for p in state.history.bbl_addrs: if p == last: c += 1 return c > 1 def step_func(lsimgr): lsimgr.stash(filter_func=check_loops, from_stash='active', to_stash='looping') lsimgr.stash(filter_func=lambda state: state.addr == 0, from_stash='active', to_stash='found') print(lsimgr) return lsimgr simgr.run(step_func=step_func, until=lambda lsimgr: len(lsimgr.active) == 0, n=100) for stash in simgr.stashes: c = 0 for state in simgr.stashes[stash]: plot_cfg(cfg, "%s_cfg_%s_%d" % (name, stash, c), state=state, asminst=True, vexinst=False, debug_info=False, remove_imports=True, remove_path_terminator=True) c += 1
def analyze(b, addr, name=None): start_state = b.factory.blank_state(addr=addr) start_state.stack_push(0x0) cfg = b.analyses.CFGAccurate(fail_fast=True, starts=[addr], initial_state=start_state, context_sensitivity_level=2, keep_state=True, call_depth=100, normalize=True) plot_cfg(cfg, "%s_cfg" % (name), asminst=True, vexinst=True, debug_info=False, remove_imports=True, remove_path_terminator=True) ddg = b.analyses.DDG(cfg=cfg) plot_ddg_stmt(ddg.graph, "%s_ddg_stmt" % name, project=b) ddg._build_function_dependency_graphs() for k,v in ddg._function_data_dependencies.iteritems(): plot_ddg_stmt(v, "%s_fdg_stmt_%x" % (name, k.addr), project=b) plot_ddg_data(ddg.data_graph, "%s_ddg_data" % name, project=b) plot_ddg_data(ddg.simplified_data_graph, "%s_ddg_simplified_data" % name, project=b) for node in ddg.simplified_data_graph.nodes_iter(): if node.initial: label = None if isinstance(node.variable, SimStackVariable): label = "stack_%s_%x" % (node.variable.base, node.variable.offset) elif isinstance(node.variable, SimMemoryVariable): label = "mem_"+hex(node.variable.addr) elif isinstance(node.variable, SimRegisterVariable): label = "reg_"+b.arch.register_names[node.variable.reg] else: raise NotImplementedError(type(node.variable)) subgraph = ddg.data_sub_graph(node, simplified=False, killing_edges=True) plot_ddg_data(subgraph, "%s_ddg_subgraph_%s" % (name, label), format="png", project=b)
def main(argv): inputfile = '' outputfile = '' b_asminst = False #show instruction or not b_vexinst = False #show vex_ir or not long_parasest = ["inst", "vex"] try: opts, args = getopt.getopt(argv, "i:o:", long_parasest) except getopt.GetoptError: print 'please input as format: python proCFG.py -i <inputfile> -o <outputimg> [inst][vex]' sys.exit(2) for opt, arg in opts: if opt not in ("-i", "-o"): print 'please input as format: python proCFG.py -i <inputfile> -o <outputfile> [inst][vex]' sys.exit() elif opt in ("-i"): inputfile = arg elif opt in ("-o"): outputfile = arg for l_arg in args: if l_arg not in long_parasest: print 'please input as format: python proCFG.py -i <inputfile> -o <outputfile> [inst][vex]' sys.exit() elif l_arg in ("inst"): b_asminst = True elif l_arg in ("vex"): b_vexinst = True p = angr.Project(inputfile, load_options={'auto_load_libs': False}) #cfg = p.analyses.CFGAccurate() cfg = p.analyses.CFG() plot_cfg(cfg, outputfile, asminst=b_asminst, vexinst=b_vexinst)
def analyze(b, addr, name=None): start_state = b.factory.blank_state(addr=addr) start_state.stack_push(0x0) cfg = b.analyses.CFGFast(fail_fast=True, function_starts=[addr], base_state=start_state, normalize=True) plot_cfg(cfg, "%s_cfg" % (name), asminst=True, vexinst=False, debug_info=False, remove_imports=False, remove_path_terminator=False) start_state = b.factory.blank_state( addr=addr, add_options={simuvex.o.CONSERVATIVE_READ_STRATEGY} | simuvex.o.resilience_options) start_state.stack_push(0x0) simgr = b.factory.simgr(start_state) simgr.use_technique(NormalizedSteps(cfg)) def check_loops(state): last = state.history.bbl_addrs[-1] c = 0 for p in state.history.bbl_addrs: if p == last: c += 1 return c > 1 def step_func(lsimgr): lsimgr.stash(filter_func=check_loops, from_stash='active', to_stash='looping') lsimgr.stash(filter_func=lambda state: state.addr == 0, from_stash='active', to_stash='found') print lsimgr return lsimgr simgr.run(step_func=step_func, until=lambda lsimgr: len(lsimgr.active) == 0, n=100) for stash in simgr.stashes: c = 0 for state in simgr.stashes[stash]: plot_cfg(cfg, "%s_cfg_%s_%d" % (name, stash, c), state=state, asminst=True, vexinst=False, debug_info=False, remove_imports=True, remove_path_terminator=True) c += 1
def analyze(b, addr, name=None): start_state = b.factory.blank_state(addr=addr) start_state.stack_push(0x0) with hook0(b): cfg = b.analyses.CFGEmulated(fail_fast=True, starts=[addr], initial_state=start_state, context_sensitivity_level=2, keep_state=True, call_depth=100, normalize=True) plot_cfg(cfg, "%s_cfg" % (name), asminst=True, vexinst=False, debug_info=False, remove_imports=True, remove_path_terminator=True) cdg = b.analyses.CDG(cfg=cfg, start=addr) plot_cdg(cfg, cdg, "%s_cdg" % name, pd_edges=True, cg_edges=True)
def analyze(b, addr, name=None): start_state = b.factory.blank_state(addr=addr) start_state.stack_push(0x0) cfg = b.analyses.CFGAccurate(fail_fast=True, starts=[addr], initial_state=start_state, context_sensitivity_level=2, keep_state=True, call_depth=100, normalize=True) plot_cfg(cfg, "%s_cfg" % (name), asminst=True, vexinst=True, debug_info=False, remove_imports=True, remove_path_terminator=True) dfg = b.analyses.DFG(cfg=cfg) for a,g in dfg.dfgs.iteritems(): plot_dfg(g, "%s_dfg_%x" % (name, a))
def analyze(b, addr, name=None): start_state = b.factory.blank_state(addr=addr) start_state.stack_push(0x0) with hook0(b): cfg = b.analyses.CFGEmulated(fail_fast=True, starts=[addr], initial_state=start_state, context_sensitivity_level=2, keep_state=True, call_depth=100, normalize=True) for addr, func in proj.kb.functions.items(): if func.name in ['main', 'verify']: plot_cfg(cfg, "%s_%s_cfg" % (name, func.name), asminst=True, vexinst=False, func_addr={addr: True}, debug_info=False, remove_imports=True, remove_path_terminator=True) plot_cfg(cfg, "%s_cfg_full" % (name), asminst=True, vexinst=True, debug_info=True, remove_imports=False, remove_path_terminator=False) plot_cfg(cfg, "%s_cfg_classic" % (name), asminst=True, vexinst=False, debug_info=False, remove_imports=True, remove_path_terminator=True) plot_cfg(cfg, "%s_cfg_classic" % (name), asminst=True, vexinst=False, debug_info=False, remove_imports=True, remove_path_terminator=True, format="raw") for style in ['thick', 'dark', 'light', 'black', 'kyle']: set_plot_style(style) plot_cfg(cfg, "%s_cfg_%s" % (name, style), asminst=True, vexinst=False, debug_info=False, remove_imports=True, remove_path_terminator=True)
def analyze(b, addr, name=None): start_state = b.factory.blank_state(addr=addr) start_state.stack_push(0x0) cfg = b.analyses.CFGAccurate(fail_fast=True, starts=[addr], initial_state=start_state, context_sensitivity_level=2, keep_state=True, call_depth=100, normalize=True) plot_cfg(cfg, "%s_cfg" % (name), asminst=True, vexinst=True, debug_info=False, remove_imports=True, remove_path_terminator=True) ddg = b.analyses.DDG(cfg=cfg) plot_ddg_stmt(ddg.graph, "%s_ddg_stmt" % name, project=b) ddg._build_function_dependency_graphs() for k, v in ddg._function_data_dependencies.iteritems(): plot_ddg_stmt(v, "%s_fdg_stmt_%x" % (name, k.addr), project=b) plot_ddg_data(ddg.data_graph, "%s_ddg_data" % name, project=b) plot_ddg_data(ddg.simplified_data_graph, "%s_ddg_simplified_data" % name, project=b) for node in ddg.simplified_data_graph.nodes_iter(): if node.initial: label = None if isinstance(node.variable, SimStackVariable): label = "stack_%s_%x" % (node.variable.base, node.variable.offset) elif isinstance(node.variable, SimMemoryVariable): label = "mem_" + hex(node.variable.addr) elif isinstance(node.variable, SimRegisterVariable): label = "reg_" + b.arch.register_names[node.variable.reg] else: raise NotImplementedError(type(node.variable)) subgraph = ddg.data_sub_graph(node, simplified=False, killing_edges=True) plot_ddg_data(subgraph, "%s_ddg_subgraph_%s" % (name, label), format="png", project=b)
def algo_stuck(cfg): print " The algorithm is stuck. There is probably at least one loop in the CFG." print " A graphical view of the CFG will be generated in %s_cfg.png" % cfg.name try: plot_cfg(cfg, "%s_cfg" % cfg.name, asminst=True, vexinst=False, debug_info=False, remove_imports=True, remove_path_terminator=False) print(" PNG generated sucessfully") except: print(" PNG generation failed. It is printed below:") printCFG(cfg) sys.exit(1)
def analyze(b, addr, name=None): start_state = b.factory.blank_state(addr=addr) start_state.stack_push(0x0) with hook0(b): cfg = b.analyses.CFGEmulated(fail_fast=True, starts=[addr], initial_state=start_state, context_sensitivity_level=2, keep_state=True, call_depth=100, normalize=True) for addr,func in proj.kb.functions.items(): if func.name in ['main','verify']: plot_cfg(cfg, "%s_%s_cfg" % (name, func.name), asminst=True, vexinst=False, func_addr={addr:True}, debug_info=False, remove_imports=True, remove_path_terminator=True) plot_cfg(cfg, "%s_cfg_full" % (name), asminst=True, vexinst=True, debug_info=True, remove_imports=False, remove_path_terminator=False) plot_cfg(cfg, "%s_cfg_classic" % (name), asminst=True, vexinst=False, debug_info=False, remove_imports=True, remove_path_terminator=True) plot_cfg(cfg, "%s_cfg_classic" % (name), asminst=True, vexinst=False, debug_info=False, remove_imports=True, remove_path_terminator=True, format="raw") for style in ['thick', 'dark', 'light', 'black', 'kyle']: set_plot_style(style) plot_cfg(cfg, "%s_cfg_%s" % (name, style), asminst=True, vexinst=False, debug_info=False, remove_imports=True, remove_path_terminator=True)
def cfg_graph(self, verbose=True): cfg = CFGAnalyze.emulated_normal(self.angr_proj.proj, self.func_addr) # 将控制流程图生成到一个随机文件名的 png 中 graph_file = os.path.join(MyPath.temporary(), StrUtils.uuid_str()) set_plot_style('kyle') plot_cfg( cfg, graph_file, asminst=True, vexinst=False, # func_addr={self.func_addr: True}, debug_info=verbose, remove_imports=True, remove_path_terminator=True, color_depth=True) # 读取文件内容的b64编码结果并返回 return MyFile.read_and_b64encode(graph_file + '.png')
def analyze(b, addr, name=None): start_state = b.factory.blank_state(addr=addr) start_state.stack_push(0x0) with hook0(b): cfg = b.analyses.CFGEmulated(fail_fast=True, starts=[addr], initial_state=start_state, context_sensitivity_level=2, keep_state=True, call_depth=100, normalize=True) plot_cfg(cfg, "%s_cfg" % (name), asminst=True, vexinst=False, debug_info=False, remove_imports=True, remove_path_terminator=True, color_depth=True)
def test_angr_plot_graph(request): file_id, file_name, func_addr = ReqParams.many(request, ['file_id', 'file_name', 'func_addr.hex']) if len(file_id) == 0: if len(file_name) == 0: return sys_app_err_p('INVALID_REQ_PARAM', 'file_id 或 file_name 必填其一') file_path = os.path.join(MyPath.samples(), file_name) project = angr.Project(file_path, load_options={'auto_load_libs': False}) start_state = project.factory.blank_state(addr=func_addr) start_state.stack_push(0x0) with hook0(project): cfg = project.analyses.CFGEmulated(fail_fast=True, starts=[func_addr], initial_state=start_state, context_sensitivity_level=2, keep_state=True, call_depth=100, normalize=True) graph_file = os.path.join(MyPath.temporary(), StrUtils.uuid_str()) plot_cfg(cfg, graph_file, asminst=True, vexinst=False, func_addr={func_addr: True}, debug_info=False, remove_imports=True, remove_path_terminator=True) else: func_parse = FunctionParse(file_id, func_addr) content = func_parse.cfg_graph() return sys_app_ok()
def draw_func_graph(binary_path, func_addr, label): binary_name = os.path.split(binary_path)[1] #out_file_name = "%s_%s_cfg" % (binary_name, label) b = angr.Project(binary_path, load_options={"auto_load_libs": False}) cfg = b.analyses.CFGFast() for addr, func in b.kb.functions.items(): if addr == func_addr: #plot_func_graph(b, func.graph, "%s_cfg" % binary_name, asminst=True, vexinst=False) out_file_name = "%s_%s_%s" % (binary_name, func.name, label) angrutils.plot_cfg(cfg, out_file_name, asminst=True, vexinst=False, func_addr={addr: True}, debug_info=False, remove_imports=True, remove_path_terminator=True, format="dot") break return out_file_name
def analyze(b, addr, name=None): start_state = b.factory.blank_state(addr=addr) start_state.stack_push(0x0) cfg = b.analyses.CFGAccurate(fail_fast=True, starts=[addr], initial_state=start_state, context_sensitivity_level=2, keep_state=True, call_depth=100, normalize=True) plot_cfg(cfg, "%s_cfg" % (name), asminst=True, vexinst=False, debug_info=False, remove_imports=True, remove_path_terminator=True) cdg = b.analyses.CDG(cfg=cfg, start=addr) plot_cdg(cfg, cdg, "%s_cdg" % name, pd_edges=True, cg_edges=True)
def analyze(b, addr, name=None): start_state = b.factory.blank_state(addr=addr) start_state.stack_push(0x0) cfg = b.analyses.CFGFast(fail_fast=True, function_starts=[addr], base_state=start_state, normalize=True) for addr, func in proj.kb.functions.iteritems(): if func.name in ['main', 'verify']: plot_cfg(cfg, "%s_%s_cfg" % (name, func.name), asminst=True, vexinst=False, func_addr={addr: True}, debug_info=False, remove_imports=True, remove_path_terminator=True) plot_cfg(cfg, "%s_cfg" % (name), asminst=True, vexinst=False, debug_info=False, remove_imports=True, remove_path_terminator=True) plot_cfg(cfg, "%s_cfg_full" % (name), asminst=True, vexinst=True, debug_info=True, remove_imports=False, remove_path_terminator=False)
def old_cfg_analyze(proj, name='bin'): # main 函数的符号对象 main_symbol = proj.loader.main_object.get_symbol('main') # main 函数的状态机对象 start_addr = main_symbol.rebased_addr start_state = proj.factory.blank_state(addr=start_addr) start_state.stack_push(0x0) # with hook0(proj): # cfg = proj.analyses.CFGEmulated(fail_fast=True, starts=[start_addr], initial_state=start_state, # context_sensitivity_level=2, keep_state=True, call_depth=100, normalize=True) # cfg = proj.analyses.CFGFast(resolve_indirect_jumps=True, force_complete_scan=False, normalize=True) cfg = proj.analyses.CFGFast() count = 1 for addr, func in proj.kb.functions.items(): print(func.name) if func.name in ['main', 'verify', 'puts']: count += 1 plot_cfg(cfg, "%s_%s_cfg" % (name, str(count)), asminst=True, vexinst=False, func_addr={addr: True}, debug_info=False, remove_imports=True, remove_path_terminator=True) # plot_cfg(cfg, "%s_%s_cfg" % (name, func.name), asminst=True, vexinst=False, func_addr={addr: True}, # debug_info=False, remove_imports=True, remove_path_terminator=True) return
def analyze(b, addr, name=None): start_state = b.factory.blank_state(addr=addr) start_state.stack_push(0x0) cfg = b.analyses.CFGAccurate(fail_fast=True, starts=[addr], initial_state=start_state, context_sensitivity_level=2, keep_state=True, call_depth=100, normalize=True) plot_cfg(cfg, "%s_cfg" % (name), asminst=True, vexinst=True, debug_info=False, remove_imports=True, remove_path_terminator=True) dfg = b.analyses.DFG(cfg=cfg) for a, g in dfg.dfgs.iteritems(): plot_dfg(g, "%s_dfg_%x" % (name, a))
def analyze(b, addr, name=None): start_state = b.factory.blank_state(addr=addr) start_state.stack_push(0x0) cfg = b.analyses.CFGAccurate(fail_fast=True, starts=[addr], initial_state=start_state, context_sensitivity_level=2, keep_state=True, call_depth=100, normalize=True) for addr,func in proj.kb.functions.iteritems(): if func.name in ['main','verify']: plot_cfg(cfg, "%s_%s_cfg" % (name, func.name), asminst=True, vexinst=False, func_addr={addr:True}, debug_info=False, remove_imports=True, remove_path_terminator=True) plot_cfg(cfg, "%s_cfg" % (name), asminst=True, vexinst=False, debug_info=False, remove_imports=True, remove_path_terminator=True) plot_cfg(cfg, "%s_cfg_full" % (name), asminst=True, vexinst=True, debug_info=True, remove_imports=False, remove_path_terminator=False)
import angr import sys from angrutils import plot_cfg proj = angr.Project(sys.argv[1], load_options={"auto_load_libs": False}) cfg = proj.analyses.CFGFast() plot_cfg(cfg, sys.argv[1], remove_imports=True, remove_path_terminator=True)
def analyze(b, addr, name=None): start_state = b.factory.blank_state(addr=addr) start_state.stack_push(0x0) cfg = b.analyses.CFGAccurate(fail_fast=True, starts=[addr], initial_state=start_state, context_sensitivity_level=5, keep_state=True, call_depth=100, normalize=True) #plot_cfg(cfg, "%s_cfg" % (name), asminst=True, vexinst=False, debug_info=False, remove_imports=False, # remove_path_terminator=False) start_state = b.factory.blank_state( addr=addr, add_options={simuvex.o.CONSERVATIVE_READ_STRATEGY} | simuvex.o.resilience_options) #start_state = b.factory.blank_state(addr=addr, add_options=angr.options.unicorn) start_state.stack_push(0x0) pg = b.factory.path_group(start_state) pg.use_technique(NormalizedSteps(cfg)) unique_states = set() def check_loops(path): last = path.addr_trace[-1] c = 0 for p in path.addr_trace: if p == last: c += 1 return c > 1 def step_func(lpg): #lpg.stash(filter_func=check_loops, from_stash='active', to_stash='looping') lpg.stash(filter_func=lambda path: path.addr == 0, from_stash='active', to_stash='found') print lpg return lpg pg.step(step_func=step_func, until=lambda lpg: len(lpg.active) == 0, n=100) for stash in pg.stashes: c = 0 i = 0 for p in pg.stashes[stash]: #print p filename = 'trace_' + str(i) with open( '/home/hongfa/workspace/bzip2_binary/train/3/' + filename, 'w') as f: for addr in p.addr_trace: f.write(format(addr, '#04x') + '\n') i += 1 plot_cfg(cfg, "%s_cfg_%s_%d" % (name, stash, c), path=p, asminst=True, vexinst=False, debug_info=False, remove_imports=True, remove_path_terminator=True)
print("node = {}".format(node)) ### Print infomation of the node # print(dir(node)) print("node.addr = {:#x}".format(node.addr)) print("node.predecessors = {}".format(node.predecessors)) print("node.successors = {}".format(node.successors)) # print("node.irsb: {}".format(node.irsb)) print("node.block.pp: ".format()) node.block.pp() print("node.block.capstone.insns = {}".format(list(node.block.capstone.insns))) exit(1) print("node.byte_string = {}".format(to_hex_list(node.byte_string))) angrutils.plot_cfg(cfg, "simple-if-statement-tree-cfg", asminst=True, remove_imports=True, remove_path_terminator=True) md = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_64) md.detail = True for insn in md.disasm(node.byte_string, node.instruction_addrs[0] - proj.loader.main_object.min_addr): print("0x%x:\t%s\t%s" %(insn.address, insn.mnemonic, insn.op_str)) # print("dir(insn) = {}".format(dir(insn))) print("insn.id = {}".format(insn.id)) print("insn.insn_name() = {}".format(insn.insn_name())) if insn.id == capstone.x86.X86_INS_CMP: print("cmp") if insn.id == capstone.x86.X86_INS_JNE: print("jne") for c, op in enumerate(insn.operands): if op.type == capstone.x86.X86_OP_REG:
if __name__ == "__main__": proj = angr.Project(sample, load_options={'auto_load_libs':False}) main_sym = proj.loader.main_bin.get_symbol("main") if True: cfg = proj.analyses.CFGAccurate(fail_fast=False, starts=[main_sym.addr], context_sensitivity_level=3, enable_function_hints=False, keep_state=True, enable_advanced_backward_slicing=False, enable_symbolic_back_traversal=False, normalize=True) #import IPython ; IPython.embed() plot_cfg(cfg, "cfgacc", format="raw", asminst=True, vexinst=False, debug_info=False, remove_imports=False, remove_path_terminator=True) os.system("xdot cfgacc.raw") if True: cfg = proj.analyses.CFGFast(fail_fast=False, start=main_sym.addr, end=main_sym.addr+main_sym.size, symbols=False, function_prologues=False, pickle_intermediate_results=False, collect_data_references=False, resolve_indirect_jumps=True, normalize=True) plot_cfg(cfg, "cfgfst", format="raw", asminst=True, vexinst=False, debug_info=False, remove_imports=False, remove_path_terminator=True) os.system("xdot cfgfst.raw")
if True: cfg = proj.analyses.CFGAccurate(fail_fast=False, starts=[main_sym.addr], context_sensitivity_level=3, enable_function_hints=False, keep_state=True, enable_advanced_backward_slicing=False, enable_symbolic_back_traversal=False, normalize=True) #import IPython ; IPython.embed() plot_cfg(cfg, "cfgacc", format="raw", asminst=True, vexinst=False, debug_info=False, remove_imports=False, remove_path_terminator=True) os.system("xdot cfgacc.raw") if True: cfg = proj.analyses.CFGFast(fail_fast=False, start=main_sym.addr, end=main_sym.addr + main_sym.size, symbols=False, function_prologues=False, pickle_intermediate_results=False, collect_data_references=False, resolve_indirect_jumps=True, normalize=True)