def analyze(b, addr, name=None):
start_state = b.factory.blank_state(addr=addr)
start_state.stack_push(0x0)
cfg = b.analyses.CFGAccurate(fail_fast=True, starts=[addr], initial_state=start_state, context_sensitivity_level=5, keep_state=True, call_depth=100, normalize=True)
plot_cfg(cfg, "%s_cfg" % (name), asminst=True, vexinst=False, debug_info=False, remove_imports=False, remove_path_terminator=False)
start_state = b.factory.blank_state(addr=addr, add_options={simuvex.o.CONSERVATIVE_READ_STRATEGY} | simuvex.o.resilience_options)
start_state.stack_push(0x0)
pg = b.factory.path_group(start_state)
pg.use_technique(NormalizedSteps(cfg))
unique_states = set()
def check_loops(path):
last = path.addr_trace[-1]
c = 0
for p in path.addr_trace:
if p == last:
c += 1
return c > 1
def step_func(lpg):
lpg.stash(filter_func=check_loops, from_stash='active', to_stash='looping')
lpg.stash(filter_func=lambda path: path.addr == 0, from_stash='active', to_stash='found')
print lpg
return lpg
pg.step(step_func=step_func, until=lambda lpg: len(lpg.active) == 0, n=100)
for stash in pg.stashes:
c = 0
for p in pg.stashes[stash]:
plot_cfg(cfg, "%s_cfg_%s_%d" % (name, stash, c), path=p, asminst=True, vexinst=False, debug_info=False, remove_imports=True, remove_path_terminator=True)
c += 1
def analyze(b, addr, name=None):
start_state = b.factory.blank_state(addr=addr)
start_state.stack_push(0x0)
with hook0(b):
cfg = b.analyses.CFGEmulated(fail_fast=True, starts=[addr], initial_state=start_state, context_sensitivity_level=5, keep_state=True, call_depth=100, normalize=True)
plot_cfg(cfg, "%s_cfg" % (name), asminst=True, vexinst=False, debug_info=False, remove_imports=False, remove_path_terminator=False)
start_state = b.factory.blank_state(addr=addr, add_options={angr.sim_options.CONSERVATIVE_READ_STRATEGY} | angr.sim_options.resilience_options)
start_state.stack_push(0x0)
simgr = b.factory.simgr(start_state)
simgr.use_technique(NormalizedSteps(cfg))
def check_loops(state):
last = state.history.bbl_addrs[-1]
c = 0
for p in state.history.bbl_addrs:
if p == last:
c += 1
return c > 1
def step_func(lsimgr):
lsimgr.stash(filter_func=check_loops, from_stash='active', to_stash='looping')
lsimgr.stash(filter_func=lambda state: state.addr == 0, from_stash='active', to_stash='found')
print(lsimgr)
return lsimgr
simgr.run(step_func=step_func, until=lambda lsimgr: len(lsimgr.active) == 0, n=100)
for stash in simgr.stashes:
c = 0
for state in simgr.stashes[stash]:
plot_cfg(cfg, "%s_cfg_%s_%d" % (name, stash, c), state=state, asminst=True, vexinst=False, debug_info=False, remove_imports=True, remove_path_terminator=True)
c += 1
def analyze(b, addr, name=None):
start_state = b.factory.blank_state(addr=addr)
start_state.stack_push(0x0)
cfg = b.analyses.CFGAccurate(fail_fast=True, starts=[addr], initial_state=start_state, context_sensitivity_level=2, keep_state=True, call_depth=100, normalize=True)
plot_cfg(cfg, "%s_cfg" % (name), asminst=True, vexinst=True, debug_info=False, remove_imports=True, remove_path_terminator=True)
ddg = b.analyses.DDG(cfg=cfg)
plot_ddg_stmt(ddg.graph, "%s_ddg_stmt" % name, project=b)
ddg._build_function_dependency_graphs()
for k,v in ddg._function_data_dependencies.iteritems():
plot_ddg_stmt(v, "%s_fdg_stmt_%x" % (name, k.addr), project=b)
plot_ddg_data(ddg.data_graph, "%s_ddg_data" % name, project=b)
plot_ddg_data(ddg.simplified_data_graph, "%s_ddg_simplified_data" % name, project=b)
for node in ddg.simplified_data_graph.nodes_iter():
if node.initial:
label = None
if isinstance(node.variable, SimStackVariable):
label = "stack_%s_%x" % (node.variable.base, node.variable.offset)
elif isinstance(node.variable, SimMemoryVariable):
label = "mem_"+hex(node.variable.addr)
elif isinstance(node.variable, SimRegisterVariable):
label = "reg_"+b.arch.register_names[node.variable.reg]
else:
raise NotImplementedError(type(node.variable))
subgraph = ddg.data_sub_graph(node, simplified=False, killing_edges=True)
plot_ddg_data(subgraph, "%s_ddg_subgraph_%s" % (name, label), format="png", project=b)
def main(argv):
inputfile = ''
outputfile = ''
b_asminst = False #show instruction or not
b_vexinst = False #show vex_ir or not
long_parasest = ["inst", "vex"]
try:
opts, args = getopt.getopt(argv, "i:o:", long_parasest)
except getopt.GetoptError:
print 'please input as format: python proCFG.py -i <inputfile> -o <outputimg> [inst][vex]'
sys.exit(2)
for opt, arg in opts:
if opt not in ("-i", "-o"):
print 'please input as format: python proCFG.py -i <inputfile> -o <outputfile> [inst][vex]'
sys.exit()
elif opt in ("-i"):
inputfile = arg
elif opt in ("-o"):
outputfile = arg
for l_arg in args:
if l_arg not in long_parasest:
print 'please input as format: python proCFG.py -i <inputfile> -o <outputfile> [inst][vex]'
sys.exit()
elif l_arg in ("inst"):
b_asminst = True
elif l_arg in ("vex"):
b_vexinst = True
p = angr.Project(inputfile, load_options={'auto_load_libs': False})
#cfg = p.analyses.CFGAccurate()
cfg = p.analyses.CFG()
plot_cfg(cfg, outputfile, asminst=b_asminst, vexinst=b_vexinst)
def analyze(b, addr, name=None):
start_state = b.factory.blank_state(addr=addr)
start_state.stack_push(0x0)
cfg = b.analyses.CFGFast(fail_fast=True,
function_starts=[addr],
base_state=start_state,
normalize=True)
plot_cfg(cfg,
"%s_cfg" % (name),
asminst=True,
vexinst=False,
debug_info=False,
remove_imports=False,
remove_path_terminator=False)
start_state = b.factory.blank_state(
addr=addr,
add_options={simuvex.o.CONSERVATIVE_READ_STRATEGY}
| simuvex.o.resilience_options)
start_state.stack_push(0x0)
simgr = b.factory.simgr(start_state)
simgr.use_technique(NormalizedSteps(cfg))
def check_loops(state):
last = state.history.bbl_addrs[-1]
c = 0
for p in state.history.bbl_addrs:
if p == last:
c += 1
return c > 1
def step_func(lsimgr):
lsimgr.stash(filter_func=check_loops,
from_stash='active',
to_stash='looping')
lsimgr.stash(filter_func=lambda state: state.addr == 0,
from_stash='active',
to_stash='found')
print lsimgr
return lsimgr
simgr.run(step_func=step_func,
until=lambda lsimgr: len(lsimgr.active) == 0,
n=100)
for stash in simgr.stashes:
c = 0
for state in simgr.stashes[stash]:
plot_cfg(cfg,
"%s_cfg_%s_%d" % (name, stash, c),
state=state,
asminst=True,
vexinst=False,
debug_info=False,
remove_imports=True,
remove_path_terminator=True)
c += 1
def analyze(b, addr, name=None):
start_state = b.factory.blank_state(addr=addr)
start_state.stack_push(0x0)
with hook0(b):
cfg = b.analyses.CFGEmulated(fail_fast=True, starts=[addr], initial_state=start_state, context_sensitivity_level=2, keep_state=True, call_depth=100, normalize=True)
plot_cfg(cfg, "%s_cfg" % (name), asminst=True, vexinst=False, debug_info=False, remove_imports=True, remove_path_terminator=True)
cdg = b.analyses.CDG(cfg=cfg, start=addr)
plot_cdg(cfg, cdg, "%s_cdg" % name, pd_edges=True, cg_edges=True)
def analyze(b, addr, name=None):
start_state = b.factory.blank_state(addr=addr)
start_state.stack_push(0x0)
cfg = b.analyses.CFGAccurate(fail_fast=True, starts=[addr], initial_state=start_state, context_sensitivity_level=2, keep_state=True, call_depth=100, normalize=True)
plot_cfg(cfg, "%s_cfg" % (name), asminst=True, vexinst=True, debug_info=False, remove_imports=True, remove_path_terminator=True)
dfg = b.analyses.DFG(cfg=cfg)
for a,g in dfg.dfgs.iteritems():
plot_dfg(g, "%s_dfg_%x" % (name, a))
def analyze(b, addr, name=None):
start_state = b.factory.blank_state(addr=addr)
start_state.stack_push(0x0)
with hook0(b):
cfg = b.analyses.CFGEmulated(fail_fast=True,
starts=[addr],
initial_state=start_state,
context_sensitivity_level=2,
keep_state=True,
call_depth=100,
normalize=True)
for addr, func in proj.kb.functions.items():
if func.name in ['main', 'verify']:
plot_cfg(cfg,
"%s_%s_cfg" % (name, func.name),
asminst=True,
vexinst=False,
func_addr={addr: True},
debug_info=False,
remove_imports=True,
remove_path_terminator=True)
plot_cfg(cfg,
"%s_cfg_full" % (name),
asminst=True,
vexinst=True,
debug_info=True,
remove_imports=False,
remove_path_terminator=False)
plot_cfg(cfg,
"%s_cfg_classic" % (name),
asminst=True,
vexinst=False,
debug_info=False,
remove_imports=True,
remove_path_terminator=True)
plot_cfg(cfg,
"%s_cfg_classic" % (name),
asminst=True,
vexinst=False,
debug_info=False,
remove_imports=True,
remove_path_terminator=True,
format="raw")
for style in ['thick', 'dark', 'light', 'black', 'kyle']:
set_plot_style(style)
plot_cfg(cfg,
"%s_cfg_%s" % (name, style),
asminst=True,
vexinst=False,
debug_info=False,
remove_imports=True,
remove_path_terminator=True)
def analyze(b, addr, name=None):
start_state = b.factory.blank_state(addr=addr)
start_state.stack_push(0x0)
cfg = b.analyses.CFGAccurate(fail_fast=True,
starts=[addr],
initial_state=start_state,
context_sensitivity_level=2,
keep_state=True,
call_depth=100,
normalize=True)
plot_cfg(cfg,
"%s_cfg" % (name),
asminst=True,
vexinst=True,
debug_info=False,
remove_imports=True,
remove_path_terminator=True)
ddg = b.analyses.DDG(cfg=cfg)
plot_ddg_stmt(ddg.graph, "%s_ddg_stmt" % name, project=b)
ddg._build_function_dependency_graphs()
for k, v in ddg._function_data_dependencies.iteritems():
plot_ddg_stmt(v, "%s_fdg_stmt_%x" % (name, k.addr), project=b)
plot_ddg_data(ddg.data_graph, "%s_ddg_data" % name, project=b)
plot_ddg_data(ddg.simplified_data_graph,
"%s_ddg_simplified_data" % name,
project=b)
for node in ddg.simplified_data_graph.nodes_iter():
if node.initial:
label = None
if isinstance(node.variable, SimStackVariable):
label = "stack_%s_%x" % (node.variable.base,
node.variable.offset)
elif isinstance(node.variable, SimMemoryVariable):
label = "mem_" + hex(node.variable.addr)
elif isinstance(node.variable, SimRegisterVariable):
label = "reg_" + b.arch.register_names[node.variable.reg]
else:
raise NotImplementedError(type(node.variable))
subgraph = ddg.data_sub_graph(node,
simplified=False,
killing_edges=True)
plot_ddg_data(subgraph,
"%s_ddg_subgraph_%s" % (name, label),
format="png",
project=b)
def algo_stuck(cfg):
print " The algorithm is stuck. There is probably at least one loop in the CFG."
print " A graphical view of the CFG will be generated in %s_cfg.png" % cfg.name
try:
plot_cfg(cfg,
"%s_cfg" % cfg.name,
asminst=True,
vexinst=False,
debug_info=False,
remove_imports=True,
remove_path_terminator=False)
print(" PNG generated sucessfully")
except:
print(" PNG generation failed. It is printed below:")
printCFG(cfg)
sys.exit(1)
def analyze(b, addr, name=None):
start_state = b.factory.blank_state(addr=addr)
start_state.stack_push(0x0)
with hook0(b):
cfg = b.analyses.CFGEmulated(fail_fast=True, starts=[addr], initial_state=start_state, context_sensitivity_level=2, keep_state=True, call_depth=100, normalize=True)
for addr,func in proj.kb.functions.items():
if func.name in ['main','verify']:
plot_cfg(cfg, "%s_%s_cfg" % (name, func.name), asminst=True, vexinst=False, func_addr={addr:True}, debug_info=False, remove_imports=True, remove_path_terminator=True)
plot_cfg(cfg, "%s_cfg_full" % (name), asminst=True, vexinst=True, debug_info=True, remove_imports=False, remove_path_terminator=False)
plot_cfg(cfg, "%s_cfg_classic" % (name), asminst=True, vexinst=False, debug_info=False, remove_imports=True, remove_path_terminator=True)
plot_cfg(cfg, "%s_cfg_classic" % (name), asminst=True, vexinst=False, debug_info=False, remove_imports=True, remove_path_terminator=True, format="raw")
for style in ['thick', 'dark', 'light', 'black', 'kyle']:
set_plot_style(style)
plot_cfg(cfg, "%s_cfg_%s" % (name, style), asminst=True, vexinst=False, debug_info=False, remove_imports=True, remove_path_terminator=True)
def cfg_graph(self, verbose=True):
cfg = CFGAnalyze.emulated_normal(self.angr_proj.proj, self.func_addr)
# 将控制流程图生成到一个随机文件名的 png 中
graph_file = os.path.join(MyPath.temporary(), StrUtils.uuid_str())
set_plot_style('kyle')
plot_cfg(
cfg,
graph_file,
asminst=True,
vexinst=False,
# func_addr={self.func_addr: True},
debug_info=verbose,
remove_imports=True,
remove_path_terminator=True,
color_depth=True)
# 读取文件内容的b64编码结果并返回
return MyFile.read_and_b64encode(graph_file + '.png')
def analyze(b, addr, name=None):
start_state = b.factory.blank_state(addr=addr)
start_state.stack_push(0x0)
with hook0(b):
cfg = b.analyses.CFGEmulated(fail_fast=True,
starts=[addr],
initial_state=start_state,
context_sensitivity_level=2,
keep_state=True,
call_depth=100,
normalize=True)
plot_cfg(cfg,
"%s_cfg" % (name),
asminst=True,
vexinst=False,
debug_info=False,
remove_imports=True,
remove_path_terminator=True,
color_depth=True)
def test_angr_plot_graph(request):
file_id, file_name, func_addr = ReqParams.many(request, ['file_id', 'file_name', 'func_addr.hex'])
if len(file_id) == 0:
if len(file_name) == 0:
return sys_app_err_p('INVALID_REQ_PARAM', 'file_id 或 file_name 必填其一')
file_path = os.path.join(MyPath.samples(), file_name)
project = angr.Project(file_path, load_options={'auto_load_libs': False})
start_state = project.factory.blank_state(addr=func_addr)
start_state.stack_push(0x0)
with hook0(project):
cfg = project.analyses.CFGEmulated(fail_fast=True, starts=[func_addr], initial_state=start_state,
context_sensitivity_level=2, keep_state=True, call_depth=100, normalize=True)
graph_file = os.path.join(MyPath.temporary(), StrUtils.uuid_str())
plot_cfg(cfg, graph_file, asminst=True, vexinst=False, func_addr={func_addr: True},
debug_info=False, remove_imports=True, remove_path_terminator=True)
else:
func_parse = FunctionParse(file_id, func_addr)
content = func_parse.cfg_graph()
return sys_app_ok()
def draw_func_graph(binary_path, func_addr, label):
binary_name = os.path.split(binary_path)[1]
#out_file_name = "%s_%s_cfg" % (binary_name, label)
b = angr.Project(binary_path, load_options={"auto_load_libs": False})
cfg = b.analyses.CFGFast()
for addr, func in b.kb.functions.items():
if addr == func_addr:
#plot_func_graph(b, func.graph, "%s_cfg" % binary_name, asminst=True, vexinst=False)
out_file_name = "%s_%s_%s" % (binary_name, func.name, label)
angrutils.plot_cfg(cfg,
out_file_name,
asminst=True,
vexinst=False,
func_addr={addr: True},
debug_info=False,
remove_imports=True,
remove_path_terminator=True,
format="dot")
break
return out_file_name
def analyze(b, addr, name=None):
start_state = b.factory.blank_state(addr=addr)
start_state.stack_push(0x0)
cfg = b.analyses.CFGAccurate(fail_fast=True,
starts=[addr],
initial_state=start_state,
context_sensitivity_level=2,
keep_state=True,
call_depth=100,
normalize=True)
plot_cfg(cfg,
"%s_cfg" % (name),
asminst=True,
vexinst=False,
debug_info=False,
remove_imports=True,
remove_path_terminator=True)
cdg = b.analyses.CDG(cfg=cfg, start=addr)
plot_cdg(cfg, cdg, "%s_cdg" % name, pd_edges=True, cg_edges=True)
def analyze(b, addr, name=None):
start_state = b.factory.blank_state(addr=addr)
start_state.stack_push(0x0)
cfg = b.analyses.CFGFast(fail_fast=True,
function_starts=[addr],
base_state=start_state,
normalize=True)
for addr, func in proj.kb.functions.iteritems():
if func.name in ['main', 'verify']:
plot_cfg(cfg,
"%s_%s_cfg" % (name, func.name),
asminst=True,
vexinst=False,
func_addr={addr: True},
debug_info=False,
remove_imports=True,
remove_path_terminator=True)
plot_cfg(cfg,
"%s_cfg" % (name),
asminst=True,
vexinst=False,
debug_info=False,
remove_imports=True,
remove_path_terminator=True)
plot_cfg(cfg,
"%s_cfg_full" % (name),
asminst=True,
vexinst=True,
debug_info=True,
remove_imports=False,
remove_path_terminator=False)
def old_cfg_analyze(proj, name='bin'):
# main 函数的符号对象
main_symbol = proj.loader.main_object.get_symbol('main')
# main 函数的状态机对象
start_addr = main_symbol.rebased_addr
start_state = proj.factory.blank_state(addr=start_addr)
start_state.stack_push(0x0)
# with hook0(proj):
# cfg = proj.analyses.CFGEmulated(fail_fast=True, starts=[start_addr], initial_state=start_state,
# context_sensitivity_level=2, keep_state=True, call_depth=100, normalize=True)
# cfg = proj.analyses.CFGFast(resolve_indirect_jumps=True, force_complete_scan=False, normalize=True)
cfg = proj.analyses.CFGFast()
count = 1
for addr, func in proj.kb.functions.items():
print(func.name)
if func.name in ['main', 'verify', 'puts']:
count += 1
plot_cfg(cfg, "%s_%s_cfg" % (name, str(count)), asminst=True, vexinst=False, func_addr={addr: True},
debug_info=False, remove_imports=True, remove_path_terminator=True)
# plot_cfg(cfg, "%s_%s_cfg" % (name, func.name), asminst=True, vexinst=False, func_addr={addr: True},
# debug_info=False, remove_imports=True, remove_path_terminator=True)
return
def analyze(b, addr, name=None):
start_state = b.factory.blank_state(addr=addr)
start_state.stack_push(0x0)
cfg = b.analyses.CFGAccurate(fail_fast=True,
starts=[addr],
initial_state=start_state,
context_sensitivity_level=2,
keep_state=True,
call_depth=100,
normalize=True)
plot_cfg(cfg,
"%s_cfg" % (name),
asminst=True,
vexinst=True,
debug_info=False,
remove_imports=True,
remove_path_terminator=True)
dfg = b.analyses.DFG(cfg=cfg)
for a, g in dfg.dfgs.iteritems():
plot_dfg(g, "%s_dfg_%x" % (name, a))
def analyze(b, addr, name=None):
start_state = b.factory.blank_state(addr=addr)
start_state.stack_push(0x0)
cfg = b.analyses.CFGAccurate(fail_fast=True, starts=[addr], initial_state=start_state, context_sensitivity_level=2, keep_state=True, call_depth=100, normalize=True)
for addr,func in proj.kb.functions.iteritems():
if func.name in ['main','verify']:
plot_cfg(cfg, "%s_%s_cfg" % (name, func.name), asminst=True, vexinst=False, func_addr={addr:True}, debug_info=False, remove_imports=True, remove_path_terminator=True)
plot_cfg(cfg, "%s_cfg" % (name), asminst=True, vexinst=False, debug_info=False, remove_imports=True, remove_path_terminator=True)
plot_cfg(cfg, "%s_cfg_full" % (name), asminst=True, vexinst=True, debug_info=True, remove_imports=False, remove_path_terminator=False)
import angr
import sys
from angrutils import plot_cfg
proj = angr.Project(sys.argv[1], load_options={"auto_load_libs": False})
cfg = proj.analyses.CFGFast()
plot_cfg(cfg, sys.argv[1], remove_imports=True, remove_path_terminator=True)
def analyze(b, addr, name=None):
start_state = b.factory.blank_state(addr=addr)
start_state.stack_push(0x0)
cfg = b.analyses.CFGAccurate(fail_fast=True,
starts=[addr],
initial_state=start_state,
context_sensitivity_level=5,
keep_state=True,
call_depth=100,
normalize=True)
#plot_cfg(cfg, "%s_cfg" % (name), asminst=True, vexinst=False, debug_info=False, remove_imports=False,
# remove_path_terminator=False)
start_state = b.factory.blank_state(
addr=addr,
add_options={simuvex.o.CONSERVATIVE_READ_STRATEGY}
| simuvex.o.resilience_options)
#start_state = b.factory.blank_state(addr=addr, add_options=angr.options.unicorn)
start_state.stack_push(0x0)
pg = b.factory.path_group(start_state)
pg.use_technique(NormalizedSteps(cfg))
unique_states = set()
def check_loops(path):
last = path.addr_trace[-1]
c = 0
for p in path.addr_trace:
if p == last:
c += 1
return c > 1
def step_func(lpg):
#lpg.stash(filter_func=check_loops, from_stash='active', to_stash='looping')
lpg.stash(filter_func=lambda path: path.addr == 0,
from_stash='active',
to_stash='found')
print lpg
return lpg
pg.step(step_func=step_func, until=lambda lpg: len(lpg.active) == 0, n=100)
for stash in pg.stashes:
c = 0
i = 0
for p in pg.stashes[stash]:
#print p
filename = 'trace_' + str(i)
with open(
'/home/hongfa/workspace/bzip2_binary/train/3/' + filename,
'w') as f:
for addr in p.addr_trace:
f.write(format(addr, '#04x') + '\n')
i += 1
plot_cfg(cfg,
"%s_cfg_%s_%d" % (name, stash, c),
path=p,
asminst=True,
vexinst=False,
debug_info=False,
remove_imports=True,
remove_path_terminator=True)
print("node = {}".format(node))
### Print infomation of the node
# print(dir(node))
print("node.addr = {:#x}".format(node.addr))
print("node.predecessors = {}".format(node.predecessors))
print("node.successors = {}".format(node.successors))
# print("node.irsb: {}".format(node.irsb))
print("node.block.pp: ".format())
node.block.pp()
print("node.block.capstone.insns = {}".format(list(node.block.capstone.insns)))
exit(1)
print("node.byte_string = {}".format(to_hex_list(node.byte_string)))
angrutils.plot_cfg(cfg, "simple-if-statement-tree-cfg", asminst=True, remove_imports=True, remove_path_terminator=True)
md = capstone.Cs(capstone.CS_ARCH_X86, capstone.CS_MODE_64)
md.detail = True
for insn in md.disasm(node.byte_string, node.instruction_addrs[0] - proj.loader.main_object.min_addr):
print("0x%x:\t%s\t%s" %(insn.address, insn.mnemonic, insn.op_str))
# print("dir(insn) = {}".format(dir(insn)))
print("insn.id = {}".format(insn.id))
print("insn.insn_name() = {}".format(insn.insn_name()))
if insn.id == capstone.x86.X86_INS_CMP:
print("cmp")
if insn.id == capstone.x86.X86_INS_JNE:
print("jne")
for c, op in enumerate(insn.operands):
if op.type == capstone.x86.X86_OP_REG:
if __name__ == "__main__":
proj = angr.Project(sample, load_options={'auto_load_libs':False})
main_sym = proj.loader.main_bin.get_symbol("main")
if True:
cfg = proj.analyses.CFGAccurate(fail_fast=False,
starts=[main_sym.addr],
context_sensitivity_level=3,
enable_function_hints=False,
keep_state=True,
enable_advanced_backward_slicing=False,
enable_symbolic_back_traversal=False,
normalize=True)
#import IPython ; IPython.embed()
plot_cfg(cfg, "cfgacc", format="raw", asminst=True, vexinst=False, debug_info=False, remove_imports=False, remove_path_terminator=True)
os.system("xdot cfgacc.raw")
if True:
cfg = proj.analyses.CFGFast(fail_fast=False,
start=main_sym.addr,
end=main_sym.addr+main_sym.size,
symbols=False,
function_prologues=False,
pickle_intermediate_results=False,
collect_data_references=False,
resolve_indirect_jumps=True,
normalize=True)
plot_cfg(cfg, "cfgfst", format="raw", asminst=True, vexinst=False, debug_info=False, remove_imports=False, remove_path_terminator=True)
os.system("xdot cfgfst.raw")
if True:
cfg = proj.analyses.CFGAccurate(fail_fast=False,
starts=[main_sym.addr],
context_sensitivity_level=3,
enable_function_hints=False,
keep_state=True,
enable_advanced_backward_slicing=False,
enable_symbolic_back_traversal=False,
normalize=True)
#import IPython ; IPython.embed()
plot_cfg(cfg,
"cfgacc",
format="raw",
asminst=True,
vexinst=False,
debug_info=False,
remove_imports=False,
remove_path_terminator=True)
os.system("xdot cfgacc.raw")
if True:
cfg = proj.analyses.CFGFast(fail_fast=False,
start=main_sym.addr,
end=main_sym.addr + main_sym.size,
symbols=False,
function_prologues=False,
pickle_intermediate_results=False,
collect_data_references=False,
resolve_indirect_jumps=True,
normalize=True)
