This website is not maintained anymore. If you want to keep track of me or my projects (or hire me) check www.conveniencefactory.com or follow me @conveniencedev

Ruwebit
HARDWARE REVIEWS, DIY PROJECTS, IN-DEPTH ARTICLES
Start DIY projectsReviewsHow-to'sNewsAutomotiveAbout the websiteArchive | Most popularLast updatedTags Sitemap
downloadsprogrammingscripts
Scripts for easier reverse engineering of assembly
Download article as PDF
By Maurice on October 9, 2003 (update on February 1, 2005) popularity:
Recently I created a pair of Perl scripts to assist me with a reverse engineering job for a pocketpc application. The scripts parse assembly code which is re-engineered by IDA and create a GraphVis .dot file of it. This .dot file can be used with GraphVis to create a graphical representation of the branches within the code.

There are two kind of scripts: *_sub.pl and *_loc.pl. The first one looks for jumps to other subroutines, the second one looks for jumps to other memory locations. It is recommended not to use a complete assembly program as input for the scripts, but only the part of interest. Or you must use a large ... LARGE... printer. .

What you need
- IDA to reverse engineer assembly code
- GraphVis to create graphs
- The Perl scripts I created (see below)
- Some assembly and Perl skills

GraphVis and Perl can be downloaded for free and are both available for both Windows and Linux platform. However, I used GraphVis under Windows and Perl under Linux. For other tools see http://www.exetools.com.

How to use
1. First reverse engineer the program of your choice with IDA

2. Save only the part of interest to a separate file (for example: )

3. I was only interested in the memory location branching, so I ran pocketty.txt through the sh3_ida2graphvis_loc.pl script:

perl sh3_ida2graphvis_loc.pl < pocketty.txt > graph.dot


4. Then I loaded the graph.dot into GraphVis, using the 'dot' tool under Windows.

GraphVis dot


5. The resulting gif-file is still very big, so only a part is shown below.

Part of resulting gif file


A graphical reprentation works better than ascii-only .

Downloads
Note: these scripts currently only work for SH3 assembly code. However, it is not difficult to change the scripts for other assembly code by editing the functions:

find_condition()
find_conditional_branch()
find_unconditional_branch()

Download sh3_ida2graphvis_sub.pl - Perl script for sub routine branching of IDA SH3 assembly code
Download sh3_ida2graphvis_loc.pl - Perl script for memory location branching of IDA SH3 assembly code

PS: If you have made changes to the scripts to fit them for other assembly languages I like to place them here.


Last update notes

Fixed file downloads

Copyright © 1999-2010 by Maurice de Bijl. This article was published on 2003-10-09, the last update was done on 2005-02-01 in downloads  programming  scripts

Was this article useful to you? Please help me by using the toolbar below to tweet the article, give it an eKudo or add it to Hyves, Facebook, Delicous, Digg or another site. Thanks!

Download article as PDF

POPULAR TAGS
Show all tags
SEARCH KEYWORD
FOLLOW ME
Twitter