Recently I created a pair of Perl scripts to assist me with a reverse engineering job for a pocketpc application. The scripts parse assembly code which is re-engineered by IDA and create a GraphVis .dot file of it. This .dot file can be used with GraphVis to create a graphical representation of the branches within the code.

There are two kind of scripts: *_sub.pl and *_loc.pl. The first one looks for jumps to other subroutines, the second one looks for jumps to other memory locations. It is recommended not to use a complete assembly program as input for the scripts, but only the part of interest. Or you must use a large ... LARGE... printer. .

What you need
- IDA to reverse engineer assembly code
- GraphVis to create graphs
- The Perl scripts I created (see below)
- Some assembly and Perl skills

GraphVis and Perl can be downloaded for free and are both available for both Windows and Linux platform. However, I used GraphVis under Windows and Perl under Linux. For other tools see http://www.exetools.com.

How to use
1. First reverse engineer the program of your choice with IDA

2. Save only the part of interest to a separate file (for example: )

3. I was only interested in the memory location branching, so I ran pocketty.txt through the sh3_ida2graphvis_loc.pl script:



4. Then I loaded the graph.dot into GraphVis, using the 'dot' tool under Windows.



5. The resulting gif-file is still very big, so only a part is shown below.



A graphical reprentation works better than ascii-only .

Downloads
Note: these scripts currently only work for SH3 assembly code. However, it is not difficult to change the scripts for other assembly code by editing the functions:

find_condition()
find_conditional_branch()
find_unconditional_branch()

Download sh3_ida2graphvis_sub.pl - Perl script for sub routine branching of IDA SH3 assembly code
Download sh3_ida2graphvis_loc.pl - Perl script for memory location branching of IDA SH3 assembly code



Opmerkingen laatste update

Fixed file downloads