About
Articles
Book Store
Distributed RCE
Downloads
Event Calendar
Forums
Live Discussion
Reference Library
RSS Feeds
Search
Users
What's New
Customize Theme
bluegrey
blackgreen
metal
simple
Flag:
Tornado!
Hurricane!
Login:
Password:
Remember Me
Register
OpenRCE Article Comments:
Introduction to IDAPython
Article Abstract
IDAPython is an extension for IDA, the Interactive Disassembler. It brings the power and convenience of Python scripting to aid in the analysis of binaries. This article will cover some basic usage and provide examples to get interested individuals started.
We will walk through practical examples ranging from iterating through functions, segments and instructions to data mining the binaries, collecting references and analyzing their structure.
Full Article ...
Printer Friendly ...
Article Comments
ThorstenSchneider
Posted: Sunday, June 26 2005 01:49.46 CDT
The correct definition of the Cyclomatic Complexity is:
Cyclomatic complexity (CC) = E - N + p
where E = the number of edges of the graph
N = the number of nodes of the graph
p = the number of connected components
resulting to:
1-10 = a simple program, without much risk
11-20 = more complex, moderate risk
21-50 = complex, high risk program
greater than 50 = untestable program (very high risk)
However, the above resulting values should not be taken to serious. If you work with the CC you should calibrate the values and their meanings first. Note: there is some discussion in research of software metrics about the uselessness of the CC as measurement in software engineering.
Good introduction!
ero
Posted: Monday, June 27 2005 19:01.23 CDT
The number of connected components in this case, as well as with most functions, is 1. The way the CFG is constructed by the Python example will no produce disjoint components anyway. Then, for a directed graph to be strongly connected an edge is added from the end node to the starting one, hence the +2. Edges-Nodes+One connected component+One edge.
However I've seen other definitions and I agree, I would not use this, alone, as a reliable measurement.
Still, the values produced are dependent to some extent on the CFG structure and could be used, as indicated in the article with purposes such as guessing relations between binaries, together with other metrics like Halvar's, for instance.
Complex topic anyway worth probably few articles.
A good paper on the subject is
The theoretical extension of two versions of cyclomatic complexity to multiple entry/exit modules
Cheers
JCRoberts
Posted: Tuesday, June 28 2005 02:31.39 CDT
Ero,
Is there any further known uses or additional documentation of REML?
Thanks,
JCR
ero
Posted: Tuesday, June 28 2005 20:02.15 CDT
I should get around to write some more docs on REML.
I've used it for different things. It's nice when having to crunch lots of disassemblies and not wanting to launch IDA in batch more for each of them. It should allow to access most of IDA's IDB things, even function chunks and the like.
So, lots of things can be done. I did develop a system to calculate distances between a set of malware, based of graph matching algorithms. Given their call-flow similarities nice clusterings came forth. Once a distance matrix is generated (are there zillion ways of getting one with different metrics) one can apply something like phylogenetic algorithms (basicaly just well researched ways of getting nice trees out of related things) to classify them. That's just one use.
One could also want to extract strings for a set of binaries in order to import them into a real DB for nice data mining purposes... of function CFGs... just need to find a good way of searching those...
Some specific questions would get me started to write some real docs... :-)
Ero.
Nadya
Posted: Monday, July 7 2008 10:08.03 CDT
Hi Ero,
Interesting introduction, but one question since I'm starting to learn Pyton(slowly but surely) how do you debug those IDAPython scripts? Is it possible to run them in debug(single step) mode? thanks in advance
ResearchAviator
Posted: Friday, November 27 2009 01:02.13 CST
Hi Ero,
Can this be extended to plot a graph where nodes are instructions and the edges are the instruction execution?
Add New Comment
Comment:
There are
29,884
total registered users.
Recently Created Topics
Decompiling raw bina...
May/22
Incorrect bitness wh...
May/20
PaiMei stalker modul...
May/19
Attach to program us...
May/13
IDA PRO how to make ...
May/12
FACT: OpenRCE is dead.
May/08
Int 3 anti debug?
May/05
help needed - Beginn...
May/03
Attaching IDA Pro to...
Apr/27
File type
Apr/21
Recent Forum Posts
Ollydbg 2.0 - Plugin...
openrce...
IDA PRO how to make ...
codeinject
FACT: OpenRCE is dead.
codeinject
IDA Resource Viewer ...
r2x64
FACT: OpenRCE is dead.
djnemo
FACT: OpenRCE is dead.
codeinject
FACT: OpenRCE is dead.
pedram
help needed - Beginn...
araujo
Attaching IDA Pro to...
codeinject
Int 3 anti debug?
codeinject
Recent Blog Entries
lowpriority
Apr/13
OllyMigrate Plugin for Olly...
everdox
Mar/08
2 anti-trace mechanisms spe...
everdox
Mar/07
Advanced debugging techniques
everdox
Mar/06
Branch tracing and LBR acce...
everdox
Mar/05
Using pre-paged in virtual ...
More ...
Recent Blog Comments
clarisonic
on:
Apr/03
New version of Ollydbg!
clarisonic
on:
Apr/03
New version of Ollydbg!
trackerx90
on:
Mar/04
SuppressDebugMsg As Anti-De...
coachfactory
on:
Feb/25
Portable Executable Format ...
coachfactory
on:
Feb/25
A new Anti-Olly trick.
More ...
Imagery
SoySauce Blueprint
Jun 6, 2008
[+] expand
View Gallery
(11) /
Submit
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}