.While working with Paimei, I observed that I was not able to generate control flow graph (CFG) of function properly (for a particular executable). The CFG was broken. This forced me to analyse source code of the Paimei. As a result, I found that logic to create CFG (of basic blocks as nodes) is erroneous (in function.py module) of pida. Anybody has observed it before? For example, if the assembly has code of following type:
--
stmt1: ......
stmt2: ......
........
stmt4: jnz stmt9 <----
.......
stmt6: jnz stmt10 <----
....
stmt8: mov eax, ebx
stmt9: jmp stmt2 <----------imp
stmt10: mov eac, [ebp+8]
......
stmt18: jnz stmt9 <----
.......
stmt6: jnz stmt10 <----
....
........
In the above code, Paimei will create a basic block with stmt9 as node (which is correct), but also creates an edge to node stmt10, which is wrong. Also, Paimei will not create an edge from BB stmt9 to stmt2 (which, otherwise should be the case).
I have modified the algorithm (given in function.py) to create nodes and edges of CFG and it seems to be working fine. I am curious if others have observed anything like this.
thanks
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}