There are two kind of scripts: *_sub.pl and *_loc.pl. The first one looks for jumps to other subroutines, the second one looks for jumps to other memory locations. It is recommended not to use a complete assembly program as input for the scripts, but only the part of interest. Or you must use a large ... LARGE... printer. .
What you need
- IDA to reverse engineer assembly code
- GraphVis to create graphs
- The Perl scripts I created (see below)
- Some assembly and Perl skills
GraphVis and Perl can be downloaded for free and are both available for both Windows and Linux platform. However, I used GraphVis under Windows and Perl under Linux. For other tools see http://www.exetools.com.
How to use
1. First reverse engineer the program of your choice with IDA
2. Save only the part of interest to a separate file (for example: )
3. I was only interested in the memory location branching, so I ran pocketty.txt through the sh3_ida2graphvis_loc.pl script:
4. Then I loaded the graph.dot into GraphVis, using the 'dot' tool under Windows.
5. The resulting gif-file is still very big, so only a part is shown below.
A graphical reprentation works better than ascii-only .
Note: these scripts currently only work for SH3 assembly code. However, it is not difficult to change the scripts for other assembly code by editing the functions:
Download sh3_ida2graphvis_sub.pl - Perl script for sub routine branching of IDA SH3 assembly code
Download sh3_ida2graphvis_loc.pl - Perl script for memory location branching of IDA SH3 assembly code
Last update notes
Fixed file downloads
Was this article useful to you? Please help me by using the toolbar below to tweet the article, give it an eKudo or add it to Hyves, Facebook, Delicous, Digg or another site. Thanks!