Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Legend #4

Closed
kevinkoo001 opened this issue Jun 15, 2016 · 4 comments
Closed

Legend #4

kevinkoo001 opened this issue Jun 15, 2016 · 4 comments
Labels
enhancement

Comments

@kevinkoo001
Copy link

I love your a fancy graph utility! :)
It would be great to have an option to insert a legend when generating a CFG if necessary.
@axt
Copy link
Owner

axt commented Jun 15, 2016

Can you give more details what you exactly mean by legend?

What I'm currently planning is to have the ability to specify extra meta-data for the nodes and edges.

Here is an example of what I think of. In this sample the nodes contain the extra metadata HA and HF, while the edges display how many times that edge was executed. Of course these would be arbitrary, and supplied by the caller.

main_found_2

@kevinkoo001
Copy link
Author

Oh, I should have told you more clearly. I meant the legend of the arrows. (i.e., colors)
As defined in your source, black means 'call', grey means 'ret' and so forth.
Some might take those colors for granted, but some might not like me. :)

@axt
Copy link
Owner

axt commented Jun 21, 2016

I really don't know how to plot that onto a '.dot' graph, but will create a wiki page for them.

@axt
Copy link
Owner

axt commented Sep 20, 2016

Since I can't put that on the output file, I write down the latest colorings here:

color description
black 'call' edge
gray 'ret' edge
gray, dashed 'fakeret' edge
blue unconditional jump
blue, dashed 'next' edges created by cfg normalization
green conditional edge, condition is true branch
red conditional jump, condition is false branch
yellow unknown edge (exception while evaluating, or not handled case)

Note:
Before 1ac8d7a :

The util generates the conditional red, green edges based on the VEX IR exit targets, and not by the original asm, this can be misleading when interpreting the colors.

For example, the conditional edges are reversed in VEX for this sample code:

0x0:    cmp si, 0x7f
0x4:    jg  0x1d

IRSB {
[...]
   11 | if (t5) { PUT(eip) = 0x6; Ijk_Boring }
   NEXT: PUT(eip) = 0x0000001d; Ijk_Boring
}

After 1ac8d7a :
Both colorings possible:

  • if printvex == True then its based on VEX exit targets
  • if printvex == False and printasm == True then its based on asm exit targets (works currently only for x86 codes)
  • you can create a custom visualization pipeline and use your own coloring

I will add these to the documentation some time in the future.

Also coloring will be configurable in the near future.

@axt axt closed this as completed Sep 20, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@axt @kevinkoo001