bingraphvis icon indicating copy to clipboard operation
bingraphvis copied to clipboard
verified publisher icon axt

Can plot_cg(cfg.kb, 'out.png') call use demangled_name for function node names?

Open gthaker opened this issue 5 years ago • 1 comments

The function callgraph generated by plot_cg() does not use demanged_names. (demanged_names appear to be available for non-stripped ELF binary files, and possibly for windows PE files w/ accompanying .pdb file though I have not tested this myself.)

Looks like in angr-dev/bingraphvis/bingraphvis/base.py in VisPipeLine.process() perhaps this can be handled? (I may have this totally wrong, I just looked around code a bit and thought this may be where support for use of demangled_names may go.)

Class VisPipeLine(object):
    ...
    def process(self, filter=None):
        if filter is None:
            graph = self.graph
        else:
            graph = self.graph.filtered_view(filter)

        for ea in self.edge_annotators:
            ea.set_graph(graph)
            
        for na in self.node_annotators:
            na.set_graph(graph)
            
        for n in graph.nodes:
            for c in self.content.values():
                c.render(n)
            for na in self.node_annotators:
                na.annotate_node(n)

        for e in graph.edges:
            for ea in self.edge_annotators:
                ea.annotate_edge(e)
        for c in self.clusterers:
            c.cluster(graph)
        
        return graph

gthaker avatar Dec 16 '20 15:12 gthaker

Hi, sorry for my late answer!

I've not too much freetime lately, and forgot to react to the issue + i'm not working with angr since years, so I abandoned this project a bit :-(.

CG nodes are generated here, so probably this is the code that needs to be changed: https://github.com/axt/bingraphvis/blob/0662ec6aaaa08c392b1f16d3fa8dffbdafe17466/bingraphvis/angr/content.py#L105

The CG pipeline is created here, so if you want to make demangling optional, you can add a new constructor parameter to the AngrCGHead class: https://github.com/axt/bingraphvis/blob/0662ec6aaaa08c392b1f16d3fa8dffbdafe17466/bingraphvis/angr/factory.py#L66-L72

There is some preliminary demangle support in CFG visualization (in the comments for x86), probably only working on linux, and very ineffective, because it calls c++filt for every name resolution: https://github.com/axt/bingraphvis/blob/0662ec6aaaa08c392b1f16d3fa8dffbdafe17466/bingraphvis/angr/x86/annotator.py#L85-L91 https://github.com/axt/bingraphvis/blob/0662ec6aaaa08c392b1f16d3fa8dffbdafe17466/bingraphvis/angr/x86/annotator.py#L111

AFAIK angr supports demangled names now out-of-the box, so using that name would be probably much better than calling c++filt.

Not sure if its still a relevant problem for you with 4 months delay (sorry again), but if you want to try to do the fix, I'm happy to accept PRs, otherwise I will add this eventually, but at the moment I don't have anything setup for angr development currently, and also not enough free time.

axt avatar Mar 14 '21 17:03 axt