Angr——生成函数cfg

Angr——生成函数cfg

1. networkx to pygraphviz

A = nx.nx_agraph.to_agraph(cfg.graph)

2. get function subgraph

cfg=cfg.get_function_subgraph(start=main_obj.rebased_addr,max_call_depth=0)

3. get picture

2018-07-02 13-24-12屏幕截图.png

4. code

import angr
from networkx import nx

def get_cfg_all_paths(cfg):
    paths=set()
    cfg.normalize()
    A = nx.nx_agraph.to_agraph(cfg.graph)  # convert to a graphviz graph
    nodes=A.nodes()
    for node in nodes:
        print node.name
    A.layout()
    A.draw("k5.dot")
    return paths

def get_proj_all_path(file_path):
    proj=angr.Project(file_path,load_options={'auto_load_libs': False})
    main_obj=proj.loader.main_object.get_symbol('main')
    cfg = proj.analyses.CFGAccurate(keep_state=True,
                                    starts=(main_obj.rebased_addr,),
                                    #context_sensitivity_level=0,
                                    call_depth=0)
    cfg=cfg.get_function_subgraph(start=main_obj.rebased_addr,max_call_depth=0)
    return get_cfg_all_paths(cfg)

def main():
    get_proj_all_path('/home/alex/PycharmProjects/angr_find_path/venv/data_sets/a',)

if __name__=='__main__':
    main()