#+title: Binary graph #+options: toc:nil #+startup: showeverything #+author: 8dcc

This program provides a simple way of visualizing the different regions of a binary file.

These are some references that inspired this project:

• [[https://github.com/xoreaxeaxeax][Christopher Domas]] - The future of RE Dynamic Binary Visualization ([[https://www.youtube.com/watch?v=4bM3Gut1hIk][YouTube]]).
• Sergey Bratus and Greg Conti - Voyage of the reverser ([[https://www.youtube.com/watch?v=T3qqeP4TdPA][YouTube]]).
• [[https://corte.si][Aldo Cortesi]] - [[https://corte.si/posts/visualisation/binvis/][Visualizing binaries with space-filling curves]].
• Aldo Cortesi - [[https://corte.si/posts/visualisation/entropy/][Visualizing entropy in binary files]].

If you are interested on more professional approaches, check out the following links:

• The [[https://binvis.io][binvis.io]] online tool by Aldo Cortesi.
• The [[https://github.com/mewbak/binary_viewer][mewbak/binary_viewer]] repository, which also includes some other links.
• The [[https://github.com/wapiflapi/veles][wapiflapi/veles]] repository, which is no longer maintained.

• Building

The program depends on =libpng= for exporting the image. Install it from your package manager.

#+begin_src bash

Arch-based distros

pacman -S libpng

Gentoo

emerge media-libs/libpng #+end_src

Once all the dependencies are installed, compile the program.

#+begin_src bash git clone https://github.com/8dcc/bin-graph cd bin-graph make #+end_src

If you want to install it on your system, run the following command.

#+begin_src bash sudo make install #+end_src

• Usage and modes

There are various different graph modes that determine how the input binary is represented in the output image. The full mode list with their descriptions can be found with the program's =help= command.

#+begin_src bash bin-graph --help

Usage:

./bin-graph [OPTION...] INPUT OUTPUT.png

...

#+end_src

This project also includes a [[file:bin-graph-section.sh][bin-graph-section.sh]] script. It uses =readelf= and =grep= to find the offset and size of the specified region, and uses that as the =--offset-*= arguments for =bin-graph=. Additional options after the section name will be passed to =bin-graph=.

#+begin_src bash ./bin-graph-section.sh SECTION [OPTION...] INPUT OUTPUT.png

...

#+end_src

• Overview of the code

I tried to make each part of the program as modular and independent as possible, for more maintainability and for easier expansion.

This is the basic process for generating an image from a binary.

1. The arguments are parsed, and the necessary global variables in [[file:src/args.c][args.c]] are overwritten. These will be used from all the sources.
2. The data is read from the input file as a byte array, using the =read_file= function, defined in [[file:src/read_file.c][read_file.c]].
3. The array of bytes is converted into an =Image= structure, which is just an array of RGB =Color= structures, along with its dimensions. The program mode (which might have been overwritten with the =--mode= parameter) determines what =image_= function is used. These =image_= functions are defined in [[file:src/image.c][image.c]]. For more information on the available modes, see [[*Usage and modes][Usage and modes]].
4. The =Image= structure is converted into a PNG file with the =image2png= function, defined in [[file:src/image.c][image.c]].

• Screenshots

#+begin_src bash ./bin-graph --mode grayscale bin-graph examples/grayscale.png #+end_src

[[file:examples/grayscale.png]]

#+begin_src bash ./bin-graph --mode ascii bin-graph examples/ascii.png #+end_src

[[file:examples/ascii.png]]

#+begin_src bash ./bin-graph --mode entropy --transform-squares 16 bin-graph examples/entropy-squared.png #+end_src

[[file:examples/entropy-squared.png]]

#+begin_src bash

Only the .text section of the ELF file

./bin-graph-section.sh .text --mode histogram bin-graph examples/histogram.png #+end_src

[[file:examples/histogram.png]]

#+begin_src bash

Only the .rodata section of the ELF file

./bin-graph-section.sh .rodata --mode bigrams bin-graph examples/rodata-bigrams.png #+end_src

[[file:examples/rodata-bigrams.png]]

#+begin_src bash ./bin-graph --mode dotplot --zoom 1 --offset-start 5000 --offset-end 5500 input.wav examples/dotplot.png #+end_src

[[file:examples/dotplot.png]]