Flag: Tornado! Hurricane!

OpenRCE Article Comments: Introduction to IDAPython

Article Abstract IDAPython is an extension for IDA, the Interactive Disassembler. It brings the power and convenience of Python scripting to aid in the analysis of binaries. This article will cover some basic usage and provide examples to get interested individuals started.

We will walk through practical examples ranging from iterating through functions, segments and instructions to data mining the binaries, collecting references and analyzing their structure.

Full Article ...    Printer Friendly ...

Article Comments
ThorstenSchneider Posted: Sunday, June 26 2005 01:49.46 CDT
The correct definition of the Cyclomatic Complexity is:

Cyclomatic complexity (CC) = E - N + p
where E = the number of edges of the graph
N = the number of nodes of the graph
p = the number of connected components

resulting to:
1-10 = a simple program, without much risk
11-20 = more complex, moderate risk
21-50 = complex, high risk program
greater than 50 = untestable program (very high risk)

However, the above resulting values should not be taken to serious. If you work with the CC you should calibrate the values and their meanings first. Note: there is some discussion in research of software metrics about the uselessness of the CC as measurement in software engineering.

Good introduction!

ero Posted: Monday, June 27 2005 19:01.23 CDT
The number of connected components in this case, as well as with most functions, is 1. The way the CFG is constructed by the Python example will no produce disjoint components anyway. Then, for a directed graph to be strongly connected an edge is added from the end node to the starting one, hence the +2. Edges-Nodes+One connected component+One edge.

However I've seen other definitions and I agree, I would not use this, alone, as a reliable measurement.

Still, the values produced are dependent to some extent on the CFG structure and could be used, as indicated in the article with purposes such as guessing relations between binaries, together with other metrics like Halvar's, for instance.

Complex topic anyway worth probably few articles.

A good paper on the subject is The theoretical extension of two versions of cyclomatic complexity to multiple entry/exit modules


Cheers

JCRoberts Posted: Tuesday, June 28 2005 02:31.39 CDT
Ero,
Is there any further known uses or additional documentation of REML?
Thanks,
JCR

ero Posted: Tuesday, June 28 2005 20:02.15 CDT
I should get around to write some more docs on REML.

I've used it for different things. It's nice when having to crunch lots of disassemblies and not wanting to launch IDA in batch more for each of them. It should allow to access most of IDA's IDB things, even function chunks and the like.

So, lots of things can be done. I did develop a system to calculate distances between a set of malware, based of graph matching algorithms. Given their call-flow similarities nice clusterings came forth. Once a distance matrix is generated (are there zillion ways of getting one with different metrics) one can apply something like phylogenetic algorithms (basicaly just well researched ways of getting nice trees out of related things) to classify them. That's just one use.

One could also want to extract strings for a set of binaries  in order to import them into a real DB for nice data mining purposes... of function CFGs... just need to find a good way of searching those...

Some specific questions would get me started to write some real docs... :-)

Ero.

Nadya Posted: Monday, July 7 2008 10:08.03 CDT
Hi Ero,

Interesting introduction, but one question since I'm starting to learn Pyton(slowly but surely) how do you debug those IDAPython scripts? Is it possible to run them in debug(single step) mode? thanks in advance

ResearchAviator Posted: Friday, November 27 2009 01:02.13 CST
Hi Ero,

Can this be extended to plot a graph where nodes are instructions and the edges are the instruction execution?



Add New Comment
Comment:










There are 31,016 total registered users.


Recently Created Topics
Ultimate Hacking Cha...
Jun/21
CreateMutex
May/31
let 'IDAPython' impo...
Sep/24
set 'IDAPython' as t...
Sep/24
GuessType return une...
Sep/20
About retrieving the...
Sep/07
How to find specific...
Aug/15
How to get data depe...
Jul/07
Identify RVA data in...
May/06
Immunity Debugger Re...
Aug/03


Recent Forum Posts
How to find specific...
hackgreti
Problem with ollydbg
sh3dow
How can I write olly...
sh3dow
New LoadMAP plugin v...
mefisto...
Intel pin in loaded ...
djnemo
OOP_RE tool available?
Bl4ckm4n
OOP_RE tool available?
van7hu
Should binaries be n...
Kolisar
Problem with ollydbg
nullx42
!findtrampoline Immu...
skycrack


Recent Blog Entries
nieo
Mar/22
Android Application Reversing

halsten
Mar/14
Breaking IonCUBE VM

oleavr
Oct/24
Anatomy of a code tracer

hasherezade
Sep/24
IAT Patcher - new tool for ...

oleavr
Aug/27
CryptoShark: code tracer ba...

More ...


Recent Blog Comments
nieo on:
Mar/22
IAT Patcher - new tool for ...

djnemo on:
Nov/17
Kernel debugger vs user mod...

acel on:
Nov/14
Kernel debugger vs user mod...

pedram on:
Dec/21
frida.github.io: scriptable...

capadleman on:
Jun/19
Using NtCreateThreadEx for ...

More ...


Imagery
SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit