50 lines
1.5 KiB
Python
50 lines
1.5 KiB
Python
import angr
|
|
from angrutils import * # for plot_cfg
|
|
import sys
|
|
import os
|
|
|
|
if len(sys.argv) != 2:
|
|
print("Usage: python2 analisis_grafos.py <binary_file>")
|
|
sys.exit(1)
|
|
|
|
binary_path = sys.argv[1]
|
|
proj = angr.Project(binary_path, load_options={'auto_load_libs': False})
|
|
main = proj.loader.main_object.get_symbol("main")
|
|
start_state = proj.factory.blank_state(addr=main.rebased_addr)
|
|
cfg = proj.analyses.CFGAccurate(
|
|
fail_fast=True, starts=[main.rebased_addr], initial_state=start_state
|
|
)
|
|
|
|
print("This is the graph:", cfg.graph)
|
|
print("It has %d nodes and %d edges" % (len(cfg.graph.nodes()), len(cfg.graph.edges())))
|
|
|
|
# this grabs *any* node at a given location:
|
|
entry_node = cfg.get_any_node(main.rebased_addr)
|
|
|
|
# on the other hand, this grabs all of the nodes
|
|
print(
|
|
"There were %d contexts for the entry block"
|
|
% len(cfg.get_all_nodes(main.rebased_addr))
|
|
)
|
|
|
|
# we can also look up predecessors and successors
|
|
print("Predecessors of the entry point:", entry_node.predecessors)
|
|
print("Successors of the entry point:", entry_node.successors)
|
|
print(
|
|
"Successors (and type of jump) of the entry point:",
|
|
[
|
|
jumpkind + " to " + str(node.addr)
|
|
for node, jumpkind in cfg.get_successors_and_jumpkind(entry_node)
|
|
],
|
|
)
|
|
|
|
# Get the filename without extension
|
|
filename_without_extension = os.path.splitext(os.path.basename(binary_path))[0]
|
|
plot_cfg(
|
|
cfg,
|
|
filename_without_extension,
|
|
asminst=True,
|
|
remove_imports=True,
|
|
remove_path_terminator=True,
|
|
)
|