https://github.com/kallsyms/binary-tracer

Script to give a high-level overview of a binary's code flow
https://github.com/kallsyms/binary-tracer

Last synced: 2 months ago
JSON representation

Script to give a high-level overview of a binary's code flow

• Host: GitHub
• URL: https://github.com/kallsyms/binary-tracer
• Owner: kallsyms
• Created: 2015-10-16T20:30:47.000Z (over 9 years ago)
• Default Branch: master
• Last Pushed: 2015-10-16T20:49:30.000Z (over 9 years ago)
• Last Synced: 2025-01-20T22:56:10.591Z (4 months ago)
• Language: Python
• Size: 5.31 MB
• Stars: 2
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# binary-tracer

A script to give a high-level overview of a binary's code flow

## Overview

Given a binary, flow.py prints out a CFG (of sorts) showing at a very high level what is happening during the execution of a program. Currently, it shows function calls (both local to the executable and PLT calls) as well as loop iterations.

flow.py automatically parses a given ELF executable to find any symbols left in the program (debugging or PLT/GOT symbols) and also looks at `call` instructions to find functions in the executable that don't have debug symbols.

With the symbols in hand, the script analyzes a trace generated by PIN and looks for function calls as well as backwards jumps (which tend to represent loops), storing where each of those occurs in the binary into a tree structure.

## Notes

The itrace provided in PIN's examples does not work out-of-the-box with flow.py. An additional filename argument (-o) has to be added to itrace, but this can be copied from one of the other PIN examples.