Re: cflow on binary files?

[Mel Gorman <mel at csn dot ul dot ie>]

On Tue, 25 Oct 2005, Marty Leisner wrote:

> I've been using cflow and other source reverse engineering tools
> for over 20 years...
>
> I've been playing with the new gnu cflow (and dot).
>
> Mel Gorman did a hack  on gcc to generate flow graphs to dissect the
> Linux VM (and other parts of the kernel).
>
> I came across the utility called nmdepend (which I couldn't
> get to work).
>
> But it has a wonderful idea -- perform flow analysis on the binary
> file...
>
> It seems with a binary compiled with -g, there's useful information
> which can be extracted to generate call graphs.  The BIG advantage,
> is the source code doesn't have to be parsed -- and the actual code being
> compiled is present in the executable.
>
> Comments/opinions?

I am not familiar with cflow, but using CodeViz, try

genfull --g cobjdump -f binaryfile
gengraph -f somefunc -d 5

The -g objdump will geneate a full callgraph based on a binary file. It
only works for x86 binaries and has only been tested with a vmlinux file.
I'm fairly sure if there are naming collisions between multiple binary
files, it will mess up the graphs.

It works in a very simple manner. It disassembles the .text and .init
sections of the file using objdump. It then looks for chunks that look
like this;

c0100000 <startup_32>:

and considers them starts of functions. It then checks any usage of
"call", "jmp" or "bl" for calls to other functions. It dumps anything it
finds out to a file that dot can use.

I doubt it would win any prizes but it got the job done for me.

-- 
Mel Gorman
Part-time Phd Student                          Java Applications Developer
University of Limerick                         IBM Dublin Software Lab