A script to give a high-level overview of a binary's code flow
Given a binary, flow.py prints out a CFG (of sorts) showing at a very high level what is happening during the execution of a program. Currently, it shows function calls (both local to the executable and PLT calls) as well as loop iterations.
flow.py automatically parses a given ELF executable to find any symbols left in the program (debugging or PLT/GOT symbols) and also looks at call instructions to find functions in the executable that don't have debug symbols.
With the symbols in hand, the script analyzes a trace generated by PIN and looks for function calls as well as backwards jumps (which tend to represent loops), storing where each of those occurs in the binary into a tree structure.
The itrace provided in PIN's examples does not work out-of-the-box with flow.py. An additional filename argument (-o) has to be added to itrace, but this can be copied from one of the other PIN examples.