Skip to content

Latest commit

 

History

History
95 lines (71 loc) · 2.09 KB

README.md

File metadata and controls

95 lines (71 loc) · 2.09 KB

gen-callgraph

Copyright (C) 2011-2017 mailto:[email protected]

About

gen-callgraph is a script to generate call graph from elf binary.

See sister project for generating c-tags from elf binary: gen-ctags

A Motivating Example

input: elf binary from below source:

class QWE
{
public:
    QWE() {}
    ~QWE() {}
    void f() {}
};

void A();
void C() {A();}
void B() {C(); QWE qwe; qwe.f();}
void A() {B(); C();}

int main(int argc, char** argv)
{
    A();
    return 0;
}

output: graphviz dot for below graph:

picture alt

Requirements

bash readelf objdump c++filt graphviz

Limitations

  • Only supports statically linked functions within one x86_64 binary.
  • Only supports function calls invoked by assembly commands callq/jmpq/jmp and conditional jump variants on literal (non-register) destinations.
  • Naive algorithm. Only tested on small binaries.

Installation (Debian)

  1. git clone https://github.com/onlyuser/gen-callgraph.git

Usage

gen-callgraph <BINARY> [DEBUG={0*/1}] | dot -Tpng -ocallgraph.png

Recommended gcc Options

  • -g
  • -O0
  • -fno-function-cse
  • -fomit-frame-pointer

References

"Disassemble raw x64 machine code"
http://stackoverflow.com/questions/19071461/disassemble-raw-x64-machine-code
"Graphviz - Graph Visualization Software"
http://www.graphviz.org/
"Trying to understand gcc option -fomit-frame-pointer"
http://stackoverflow.com/questions/14666665/trying-to-understand-gcc-option-fomit-frame-pointer
"3.10 Options That Control Optimization"
https://gcc.gnu.org/onlinedocs/gcc-4.5.2/gcc/Optimize-Options.html

Keywords

call graph, asm, disassembly, elf, graphviz, name mangling