Questions tagged [control-flow-graph]
A control flow graph (CFG) is a representation, using graph notation, of all paths that might be traversed through a program during its execution. The control flow graph is due to Frances E. Allen, who notes that Reese T. Prosser used boolean connectivity matrices for flow analysis before.
24 questions
0 votes
2 answers
51 views
Is this control flow graph reducible to a clear if/else chain?
I'm working on a decompiler for a language for which I only have the bytecode. I have this graph (and several others with similar patterns) for which I can't seem to figure out the actual pseudo-code ...
- 103
-2 votes
1 answer
177 views
Ollvm deobfuscation
I am looking for efficient way to deobfuscate ollvm covered .so Android native lib. I was able to recover computed jumps (by manual patching), however I am struggling to recover control flow graph. Is ...
- 3
2 votes
0 answers
91 views
Javascript: Compare Control Flow (to evade anti-debug and anti-tamper traps)
When reverse engineering obfuscated javascript, it may be protected by anti-tamper mechanisms. I have a script which will work when run untouched, but cause a fatal javascript error when run in node ...
- 143
1 vote
0 answers
203 views
I need to make a dominance tree using Ghidra headless
I need to make a dominator tree where I need to tell a function(a) dominates function(b). There is an API in GraphAlgorithms which needs GDirected graph and "vertex from" parameters, but I ...
- 11
5 votes
2 answers
1k views
Fixing/recompiling a heavily control flow obfuscated function
I've recently come across a binary that has been obfuscated with a very obscure protection. Obfuscation From what I understand, the obfuscator is effective in several ways. Multiple JMPs via relative ...
user29468
1 vote
0 answers
493 views
In which program do I reverse engineer UEFI firmwares
I came into a problem, where I am unable to use a hardware due to a firmware incompatibility. As I have multiple sources and proofs that the hardware is indeed supported on the hardware level, and it ...
- 11
1 vote
0 answers
67 views
Which instruction at which address calls the address 0x1a95 or the address 0x204a in the following program or rather smart contract?
The Ethereum Virtual Machine uses a Virtual Instruction Set flavored for transaction processing that doesn’t use any registers and where all opcodes are a single byte long and have a single ABI for ...
- 143
3 votes
2 answers
2k views
Save Ghidra's control flow graph into a parsable format
I'm working on reverse engineering a firmware which I was able to get its functions control flow graphs to display successfully on Ghidra. I am trying to see if there is a way to save those control ...
- 51
7 votes
1 answer
11k views
Ghidra Control Flow Graph
Lately I'm using Ghidra and I don't find the API to get the control flow graph of a given function. Can someone help me? Thank you in advance. EDIT: it is different from the other question (link) ...
- 73
1 vote
2 answers
2k views
Basic Blocks and Data Flow Analysis
I am looking to do some Data Flow Analysis via code. I have already the code that parses a binary and disassembles it (x86/x64) and creates Basic Blocks. Now what I would like to do is, for any Basic ...
- 319
3 votes
0 answers
91 views
Recognizing instructions containing low-level control flows
There are some x86 instructions which containing a low-level** control flow in its semantics, for example div because its semantics is roughly as: if (source == 0) throw exception... else ...
- 1,410
4 votes
2 answers
1k views
IDA function never called and only cross-referenced as data
When I press the X key (list x-refs) on a function (sub_xyz) to see which functions call it, I only saw dd offset sub_xyz twice, with no call sub_xyz instructions. There is no another place that ...
- 533
3 votes
1 answer
974 views
Counting number of nodes and edges in IDA Pro graph
Is it possible to obtain a node and edge count for the IDA Pro graph overview? I'm able to obtain this if I generate a wingraph32 flowchart, but it seems that wingraph32 doesn't work for very large ...
- 359
3 votes
1 answer
2k views
How to deal with heavy control flow flattening?
I am trying to reverse engineer an executable that uses a lot of control flow flattening obfuscation (i.e, lots of subroutines that end with something like jmp esi, jmp eax) IDA Pro isn't able to ...
- 263
2 votes
2 answers
2k views
Is it possible to completely reset a cached graph layout for a function in IDA Pro?
I'm reversing a binary dump of an older embedded target using IDA Pro 7.0. Now I have somehow managed to introduce a "pseudo graph node" that I for the love of god cannot make go away. The ...
- 41