How to generate graph of function flows in Linux
772 views
Skip to first unread message
Peter Teoh
Jul 10, 2009, 8:35:48 PM7/10/09
to idapython
In Windows we have wingraph.exe to help us rendering the graphics.
But how do we flowchart the functions in Linux?
I used "idal" in Linux, which is text-mode based. But hopefully more
powerful features is available from IDA Pythons?
Thanks.
But how do we flowchart the functions in Linux?
I used "idal" in Linux, which is text-mode based. But hopefully more
powerful features is available from IDA Pythons?
Thanks.
Gergely Erdelyi
Jul 11, 2009, 7:20:09 AM7/11/09
to idap...@googlegroups.com
Hello,
There is nothing really easy, but it could be done in a reasonably
straightforward
way. There is a pair of functions (GenFuncGdl() and GenCallGdl()) that will emit
GDL versions of the graphs. The same functionality is available from the menu:
File->Produce output file as well.
The GDL files could be converted to DOT format with Graph::Easy, which is a
Perl script at http://bloodgate.com/perl/graph/manual/
The DOT file will be easy to load into GraphViz (http://www.graphviz.org/).
You could script up this whole thing with a couple of lines of IDAPython code.
Alternatively the graph could be exported directly to DOT but then you will
have to generate the actual data yourself. pydot
(http://code.google.com/p/pydot/)
could help with the file generation. Also, you could try and convince
Ilfak to implement
DOT output support directly from IDA, the placeholder has been there
for a while. ;)
Cheers,
Gergo
Sebastian Muniz
Jul 11, 2009, 1:32:08 PM7/11/09
to idap...@googlegroups.com
Hi Peter,
May be it's not an option for you but how about Wine+IDA (wingraph
runs fine on wine, too) ?
~cheers, topo
May be it's not an option for you but how about Wine+IDA (wingraph
runs fine on wine, too) ?
~cheers, topo
Peter Teoh
Jul 12, 2009, 11:52:28 PM7/12/09
to idapython
Hm.....thanks for the sharing.
IDA python's idc.py has that function:
But according to this:
http://www.hex-rays.com/idapro/52/index.htm
It seemed that it is a feature of 5.2? Oops.....I only have version
5.1 - so I don't think the idc.py (with the GenFuncGdl()) will work
with version 5.1 right?
IDA python's idc.py has that function:
But according to this:
http://www.hex-rays.com/idapro/52/index.htm
It seemed that it is a feature of 5.2? Oops.....I only have version
5.1 - so I don't think the idc.py (with the GenFuncGdl()) will work
with version 5.1 right?
> On Sat, Jul 11, 2009 at 3:35 AM, Peter Teoh<htmldevelo...@gmail.com> wrote:
> > In Windows we have wingraph.exe to help us rendering the graphics.
> > But how do we flowchart the functions in Linux?
>
> > I used "idal" in Linux, which is text-mode based. But hopefully more
> > powerful features is available from IDA Pythons?
>
> There is nothing really easy, but it could be done in a reasonably
> straightforward
> way. There is a pair of functions (GenFuncGdl() and GenCallGdl()) that will emit
> GDL versions of the graphs. The same functionality is available from the menu:
> File->Produce output file as well.
>
> The GDL files could be converted to DOT format with Graph::Easy, which is a
> Perl script athttp://bloodgate.com/perl/graph/manual/
> > In Windows we have wingraph.exe to help us rendering the graphics.
> > But how do we flowchart the functions in Linux?
>
> > I used "idal" in Linux, which is text-mode based. But hopefully more
> > powerful features is available from IDA Pythons?
>
> There is nothing really easy, but it could be done in a reasonably
> straightforward
> way. There is a pair of functions (GenFuncGdl() and GenCallGdl()) that will emit
> GDL versions of the graphs. The same functionality is available from the menu:
> File->Produce output file as well.
>
> The GDL files could be converted to DOT format with Graph::Easy, which is a
Peter Teoh
Jul 12, 2009, 11:54:51 PM7/12/09
to idapython
Thank you for the suggestion - it worked!!! Since idal is hardcoded
to call wingraph32.exe,
so I coded the following as wingraph32.exe:
/usr/bin/idapro51/idaadv>cat wingraph32.exe
#!/bin/bash
shift
wine /usr/bin/idapro51/idaadv/wingraph32_real.exe $*
and the real PE binary is wingraph32_real.exe. It worked!!!
to call wingraph32.exe,
so I coded the following as wingraph32.exe:
/usr/bin/idapro51/idaadv>cat wingraph32.exe
#!/bin/bash
shift
wine /usr/bin/idapro51/idaadv/wingraph32_real.exe $*
and the real PE binary is wingraph32_real.exe. It worked!!!
Sebastian Muniz
Jul 13, 2009, 12:02:01 AM7/13/09
to idap...@googlegroups.com
Hey Peter,
Good to hear that you liked the suggestion ;)
I don't use IDAL but I guess that it uses the same configuration files
as it's counterpart from windows (IDAG.EXE) so if you do this inside the
"cfg" directory of IDA:
xxx@yyyyyy:~/ida/cfg$ grep -i -n wingraph *
ida.cfg:165:GRAPH_VISUALIZER = "wingraph32.exe -remove -timelimit 10"
There you'll find the path to the file invoked by IDA to render the
graphs so you can change it to your favorite graph visualizer or at
least get rid of that script ;)
Good to hear that you liked the suggestion ;)
I don't use IDAL but I guess that it uses the same configuration files
as it's counterpart from windows (IDAG.EXE) so if you do this inside the
"cfg" directory of IDA:
xxx@yyyyyy:~/ida/cfg$ grep -i -n wingraph *
ida.cfg:165:GRAPH_VISUALIZER = "wingraph32.exe -remove -timelimit 10"
There you'll find the path to the file invoked by IDA to render the
graphs so you can change it to your favorite graph visualizer or at
least get rid of that script ;)
Peter Teoh
Jul 13, 2009, 1:08:33 AM7/13/09
to idapython
Ah, thank you for the suggestion....I got everything to work, let me
document/share it here:
a. In my Fedora Core 10 (other version should work as well), "yum
install graphviz*" to install GraphViz. You need the "dot" command.
b. Goto:
http://www.wiki.multimedia.cx/index.php?title=IDA_Pro
And copy the first script, which basically convert from GDL to DOT
output file. Let's name it as "gdl_to_dot.pl".
c. Goto the directory where IDA Pro's wingraph.exe is
"theoretically" loaded. Modify the "wingraph32.exe" as follows:
/usr/bin/idapro51/idaadv>cat wingraph32.exe
#!/bin/bash
shift
cp $3 /tmp/tmpoutput.gdl
wine /usr/bin/idapro51/idaadv/wingraph32_real.exe $*
The original wingraph32.exe is renamed as wingraph32_real.exe, which
is a PE binary. "wingraph32.exe" will be called by IDA Pro, and the
third argument ($3) is in fact a GDL output file, created by IDA
Pro. Here the shell script will save it as a separate file,
otherwise IDA Pro will very soon delete the temporary file.
d. Use the gdl_to_dot.pl to convert it to dot file:
gdl_to_dot.pl /tmp/tmpoutput.gdl
Another /tmp/tmpoutput.gdl.dot will be created.
e. Next use dot to convert it to PostScript file:
dot -Tps /tmp/tmpoutput.gdl.dot -o /tmp/tmpoutput.ps
f. Use evince to render PostScript file:
evince /tmp/tmpoutput.ps
There goes the completed rendering.
For the sake of reader, the gdl_to_dot.pl script is reproduced as
follows:
(from http://www.wiki.multimedia.cx/index.php?title=IDA_Pro)
#!/usr/bin/perl
use strict;
my $FILE1 = $ARGV[0];
open(OUTFILE, ">".$FILE1.".dot") or die "File doesn't exist\n";
my $indata = `cat $FILE1`;
my @split = split(/node:/, $indata);
my $graphname = shift @split;
$graphname =~ s/^.*title:[^"]*"([^"]*)".*$/$1/s;
print OUTFILE "digraph \"$graphname\" {\n";
print OUTFILE "\tgraph [\n";
print OUTFILE "\t]\n";
print OUTFILE "\tnode [\n";
print OUTFILE "\t\tshape = \"box\"\n";
print OUTFILE "\t]\n";
print OUTFILE "\tedge [\n";
print OUTFILE "\t]\n";
# convert nodes
foreach my $n (@split) {
$n =~ s/}.*$//s;
my $label = my $title = $n;
$title =~ s/^.*title:[^"]*"([^"]*)".*$/$1/s;
$label =~ s/^.*label:[^"]*"([^"]*)".*$/$1/s;
$label =~ s/\n/\\n/sg;
print OUTFILE "\t\"$title\" [\n";
print OUTFILE "\t\tlabel = \"$label\"\n";
print OUTFILE "\t];\n";
}
@split = split(/edge:/, $indata);
shift @split;
# convert edges
foreach my $e (@split) {
$e =~ s/}.*$//s;
my $color = my $label = my $source = my $target = $e;
$source =~ s/^.*sourcename:[^"]*"([^"]*)".*$/$1/s;
$target =~ s/^.*targetname:[^"]*"([^"]*)".*$/$1/s;
print OUTFILE "\t\"$source\" -> \"$target\" [\n";
if ($label =~ s/^.*label:[^"]*"([^"]*)".*$/$1/s) {
$label =~ s/\n/\\n/sg;
print OUTFILE "\t\tlabel = \"$label\"\n";
}
if ($color =~ s/^.*color:[[:space:]]*([^ ]*)[[:space:]}].*$/$1/s) {
print OUTFILE "\t\tcolor = $color\n";
}
print OUTFILE "\t];\n";
}
print OUTFILE "}\n"
Thank you.
> Hello,
document/share it here:
a. In my Fedora Core 10 (other version should work as well), "yum
install graphviz*" to install GraphViz. You need the "dot" command.
b. Goto:
http://www.wiki.multimedia.cx/index.php?title=IDA_Pro
And copy the first script, which basically convert from GDL to DOT
output file. Let's name it as "gdl_to_dot.pl".
c. Goto the directory where IDA Pro's wingraph.exe is
"theoretically" loaded. Modify the "wingraph32.exe" as follows:
/usr/bin/idapro51/idaadv>cat wingraph32.exe
#!/bin/bash
shift
wine /usr/bin/idapro51/idaadv/wingraph32_real.exe $*
The original wingraph32.exe is renamed as wingraph32_real.exe, which
is a PE binary. "wingraph32.exe" will be called by IDA Pro, and the
third argument ($3) is in fact a GDL output file, created by IDA
Pro. Here the shell script will save it as a separate file,
otherwise IDA Pro will very soon delete the temporary file.
d. Use the gdl_to_dot.pl to convert it to dot file:
gdl_to_dot.pl /tmp/tmpoutput.gdl
Another /tmp/tmpoutput.gdl.dot will be created.
e. Next use dot to convert it to PostScript file:
dot -Tps /tmp/tmpoutput.gdl.dot -o /tmp/tmpoutput.ps
f. Use evince to render PostScript file:
evince /tmp/tmpoutput.ps
There goes the completed rendering.
For the sake of reader, the gdl_to_dot.pl script is reproduced as
follows:
(from http://www.wiki.multimedia.cx/index.php?title=IDA_Pro)
#!/usr/bin/perl
use strict;
my $FILE1 = $ARGV[0];
open(OUTFILE, ">".$FILE1.".dot") or die "File doesn't exist\n";
my $indata = `cat $FILE1`;
my @split = split(/node:/, $indata);
my $graphname = shift @split;
$graphname =~ s/^.*title:[^"]*"([^"]*)".*$/$1/s;
print OUTFILE "digraph \"$graphname\" {\n";
print OUTFILE "\tgraph [\n";
print OUTFILE "\t]\n";
print OUTFILE "\tnode [\n";
print OUTFILE "\t\tshape = \"box\"\n";
print OUTFILE "\t]\n";
print OUTFILE "\tedge [\n";
print OUTFILE "\t]\n";
# convert nodes
foreach my $n (@split) {
$n =~ s/}.*$//s;
my $label = my $title = $n;
$title =~ s/^.*title:[^"]*"([^"]*)".*$/$1/s;
$label =~ s/^.*label:[^"]*"([^"]*)".*$/$1/s;
$label =~ s/\n/\\n/sg;
print OUTFILE "\t\"$title\" [\n";
print OUTFILE "\t\tlabel = \"$label\"\n";
print OUTFILE "\t];\n";
}
@split = split(/edge:/, $indata);
shift @split;
# convert edges
foreach my $e (@split) {
$e =~ s/}.*$//s;
my $color = my $label = my $source = my $target = $e;
$source =~ s/^.*sourcename:[^"]*"([^"]*)".*$/$1/s;
$target =~ s/^.*targetname:[^"]*"([^"]*)".*$/$1/s;
print OUTFILE "\t\"$source\" -> \"$target\" [\n";
if ($label =~ s/^.*label:[^"]*"([^"]*)".*$/$1/s) {
$label =~ s/\n/\\n/sg;
print OUTFILE "\t\tlabel = \"$label\"\n";
}
if ($color =~ s/^.*color:[[:space:]]*([^ ]*)[[:space:]}].*$/$1/s) {
print OUTFILE "\t\tcolor = $color\n";
}
print OUTFILE "\t];\n";
}
print OUTFILE "}\n"
Thank you.
> Hello,
>
> On Sat, Jul 11, 2009 at 3:35 AM, Peter Teoh<htmldevelo...@gmail.com> wrote:
> > In Windows we have wingraph.exe to help us rendering the graphics.
> > But how do we flowchart the functions in Linux?
>
> > I used "idal" in Linux, which is text-mode based. But hopefully more
> > powerful features is available from IDA Pythons?
>
> There is nothing really easy, but it could be done in a reasonably
> straightforward
> way. There is a pair of functions (GenFuncGdl() and GenCallGdl()) that will emit
> GDL versions of the graphs. The same functionality is available from the menu:
> File->Produce output file as well.
>
> The GDL files could be converted to DOT format with Graph::Easy, which is a
> Perl script athttp://bloodgate.com/perl/graph/manual/
> On Sat, Jul 11, 2009 at 3:35 AM, Peter Teoh<htmldevelo...@gmail.com> wrote:
> > In Windows we have wingraph.exe to help us rendering the graphics.
> > But how do we flowchart the functions in Linux?
>
> > I used "idal" in Linux, which is text-mode based. But hopefully more
> > powerful features is available from IDA Pythons?
>
> There is nothing really easy, but it could be done in a reasonably
> straightforward
> way. There is a pair of functions (GenFuncGdl() and GenCallGdl()) that will emit
> GDL versions of the graphs. The same functionality is available from the menu:
> File->Produce output file as well.
>
> The GDL files could be converted to DOT format with Graph::Easy, which is a
Peter Teoh
Jul 13, 2009, 1:10:23 AM7/13/09
to idapython
Ah....interesting!!! Thank you for the sharing....now I know it is not
so hardcoded after all!!!! :-).
so hardcoded after all!!!! :-).
Reply all
Reply to author
Forward
0 new messages