About
Articles
Book Store
Distributed RCE
Downloads
Event Calendar
Forums
Live Discussion
Reference Library
RSS Feeds
Search
Users
What's New
Customize Theme
bluegrey
blackgreen
metal
simple
Flag:
Tornado!
Hurricane!
Login:
Password:
Remember Me
Register
OpenRCE Article Comments:
Introduction to IDAPython
Article Abstract
IDAPython is an extension for IDA, the Interactive Disassembler. It brings the power and convenience of Python scripting to aid in the analysis of binaries. This article will cover some basic usage and provide examples to get interested individuals started.
We will walk through practical examples ranging from iterating through functions, segments and instructions to data mining the binaries, collecting references and analyzing their structure.
Full Article ...
Printer Friendly ...
Article Comments
ThorstenSchneider
Posted: Sunday, June 26 2005 01:49.46 CDT
The correct definition of the Cyclomatic Complexity is:
Cyclomatic complexity (CC) = E - N + p
where E = the number of edges of the graph
N = the number of nodes of the graph
p = the number of connected components
resulting to:
1-10 = a simple program, without much risk
11-20 = more complex, moderate risk
21-50 = complex, high risk program
greater than 50 = untestable program (very high risk)
However, the above resulting values should not be taken to serious. If you work with the CC you should calibrate the values and their meanings first. Note: there is some discussion in research of software metrics about the uselessness of the CC as measurement in software engineering.
Good introduction!
ero
Posted: Monday, June 27 2005 19:01.23 CDT
The number of connected components in this case, as well as with most functions, is 1. The way the CFG is constructed by the Python example will no produce disjoint components anyway. Then, for a directed graph to be strongly connected an edge is added from the end node to the starting one, hence the +2. Edges-Nodes+One connected component+One edge.
However I've seen other definitions and I agree, I would not use this, alone, as a reliable measurement.
Still, the values produced are dependent to some extent on the CFG structure and could be used, as indicated in the article with purposes such as guessing relations between binaries, together with other metrics like Halvar's, for instance.
Complex topic anyway worth probably few articles.
A good paper on the subject is
The theoretical extension of two versions of cyclomatic complexity to multiple entry/exit modules
Cheers
JCRoberts
Posted: Tuesday, June 28 2005 02:31.39 CDT
Ero,
Is there any further known uses or additional documentation of REML?
Thanks,
JCR
ero
Posted: Tuesday, June 28 2005 20:02.15 CDT
I should get around to write some more docs on REML.
I've used it for different things. It's nice when having to crunch lots of disassemblies and not wanting to launch IDA in batch more for each of them. It should allow to access most of IDA's IDB things, even function chunks and the like.
So, lots of things can be done. I did develop a system to calculate distances between a set of malware, based of graph matching algorithms. Given their call-flow similarities nice clusterings came forth. Once a distance matrix is generated (are there zillion ways of getting one with different metrics) one can apply something like phylogenetic algorithms (basicaly just well researched ways of getting nice trees out of related things) to classify them. That's just one use.
One could also want to extract strings for a set of binaries in order to import them into a real DB for nice data mining purposes... of function CFGs... just need to find a good way of searching those...
Some specific questions would get me started to write some real docs... :-)
Ero.
Nadya
Posted: Monday, July 7 2008 10:08.03 CDT
Hi Ero,
Interesting introduction, but one question since I'm starting to learn Pyton(slowly but surely) how do you debug those IDAPython scripts? Is it possible to run them in debug(single step) mode? thanks in advance
ResearchAviator
Posted: Friday, November 27 2009 01:02.13 CST
Hi Ero,
Can this be extended to plot a graph where nodes are instructions and the edges are the instruction execution?
Add New Comment
Comment:
There are
31,313
total registered users.
Recently Created Topics
[help] Unpacking VMP...
Mar/12
Reverse Engineering ...
Jul/06
hi!
Jul/01
let 'IDAPython' impo...
Sep/24
set 'IDAPython' as t...
Sep/24
GuessType return une...
Sep/20
About retrieving the...
Sep/07
How to find specific...
Aug/15
How to get data depe...
Jul/07
Identify RVA data in...
May/06
Recent Forum Posts
Finding the procedur...
rolEYder
Question about debbu...
rolEYder
Identify RVA data in...
sohlow
let 'IDAPython' impo...
sohlow
How to find specific...
hackgreti
Problem with ollydbg
sh3dow
How can I write olly...
sh3dow
New LoadMAP plugin v...
mefisto...
Intel pin in loaded ...
djnemo
OOP_RE tool available?
Bl4ckm4n
Recent Blog Entries
halsten
Mar/14
Breaking IonCUBE VM
oleavr
Oct/24
Anatomy of a code tracer
hasherezade
Sep/24
IAT Patcher - new tool for ...
oleavr
Aug/27
CryptoShark: code tracer ba...
oleavr
Jun/25
Build a debugger in 5 minutes
More ...
Recent Blog Comments
nieo
on:
Mar/22
IAT Patcher - new tool for ...
djnemo
on:
Nov/17
Kernel debugger vs user mod...
acel
on:
Nov/14
Kernel debugger vs user mod...
pedram
on:
Dec/21
frida.github.io: scriptable...
capadleman
on:
Jun/19
Using NtCreateThreadEx for ...
More ...
Imagery
SoySauce Blueprint
Jun 6, 2008
[+] expand
View Gallery
(11) /
Submit
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}