Are there any tools that can build the control flow graph for an entire Linux kernel binary? For example, consider Linux kernel compiled for x86 architecture (vmlinux file). Is it possible to determine all execution paths (regarding indirect call) using both static analysis and dynamic analysis? Are there any tools suitable for this?
Constructing a complete control flow graph for Linux kernel
804 views Asked by RIDOY ZZAMAN At
1
There are 1 answers
Related Questions in LINUX
- Is there some way to use printf to print a horizontal list of decrementing hex digits in NASM assembly on Linux
- Why does Hugo generate different taxonomy-related HTML on different OS's?
- Writes in io_uring do not advance the file offset
- Why `set -o pipefail` gives different output even though the pipe is not failing
- what really controls the permissions: UID or eUID?
- Compiling eBPF program in Docker fails due to missing '__u64' type
- Docker container unable to make HTTPS requests to external API
- Whow to use callback_query_handler in Python 3.10
- Create kea runtime directory at startup in Yocto image
- Problem on CPU scheduling algorithms in OS
- How to copy files into the singularity sandbox?
- Android kernel error: undefined reference to `get_hw_version_platform'
- Is there a need for BPF Linux namespace?
- Error when trying to execute a binary compiled in a Kali Linux machine on an Ubuntu system
- Issue with launching application after updating ElectronJs to version 28.0.0 on Windows and Linux
Related Questions in LINUX-KERNEL
- Android kernel error: undefined reference to `get_hw_version_platform'
- Is there a need for BPF Linux namespace?
- Facing fatal errors while running "yum update" command on CentOS 7/Cloudlinux 7
- crash utility itself crashes while decoding kdump generated from null pointer dereference in kernel module
- How to compile the Linux kernel with -O0 for more detailed debug?
- Linux support for parallel Pixel data Image sensor
- Can't upgrade to newest version of linux-image-6.5.0-26-generic
- How to protect a page so that it cannot be write in mips arch?
- How to extract the .img file into normal kernel source file in the linux?
- Storage size of struct hash_desc desc; isn't known
- How can I intercept failed file openning calls?
- struct nameidata-Linux Kernel Module
- How to modify a 'struct msghdr' in Linux Kernel Module?
- How to allocate 500MB+ physically contiguous memory in a Linux kernel module and copy data to that memory from a userspace process?
- Hyper Threading: nosmt in grub configuration
Related Questions in CALL-GRAPH
- How can I integrate the Visual Studio Code (VSCode) Java Language Server into my project for the purpose of constructing a call graph
- What parameter or option in Pyan allows for the specification of the initial function when generating a callgraph?
- How to demangle a function name generated by opt with LLVM's c++filt and how to omit some intermediate nodes?
- Unable to run python package (viztracer) from terminal
- how to config PyCharm so it will show only functions that i wrote in "call hierarchy" (and not internal python functions)?
- How to generate a global function call graph for an entire C++ project
- Soot: How to analyze a java file in a package?
- static analysis of linux kernel on source code or LLVM IR?
- Doxygen call graph is not correct even though the preprocessing is correct
- cflow can't recognize function call in loop
- How does Call hierarchy graph work in eclipse?
- Generating a call graph with clang's -dot-callgraph with multiple cpp files, and a sed command
- Does CodeQL support edits on a call graph?
- How can a Callgraph detect malicious code?
- Constructing a complete control flow graph for Linux kernel
Related Questions in CONTROL-FLOW-GRAPH
- How to get reasonable "topological order" of control flow graph (CFG) which may have loops when calculating MD index?
- Static analysis of unused assignments
- Drawing cfg using antlr4, graphiz and python and parser is empty
- Decompilation independent pattern structuring of cfg
- Decompilation creating basic blocks
- Is there a way to get Program Dependency Graph of a binary with angr?
- Control Flow Graph : properly identify loop "condition"
- Number of edges and nodes in this control flow graph (CFG)?
- Is there a way to get the filepaths of a given route's middleware in Express? Or create CFG that does?
- How exactly to construct "basic blocks" for a compiler (using JavaScript as an example)?
- Clarification on what exactly constitutes as a continue target in Vulkan SPIR-V
- It is possible to generate CFG + Callgraph in one file?
- How to determine if a BasicBlock is controled by a `if`
- Soot - Get JimpleBody from a CFG
- Time of Day affecting how Python Package is Loaded
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Popular Tags
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
I assume you mean analyzing the source code used to produce the Linux binaries.
Hope you are prepared for a lot of work. There are reasons you can't get this off the shelf.
You need two kinds of tools:
Machinery to construct a control flow graph of individual C source files, that work for real dialects of C as used by the Linux kernel.
Something that can construct a global call graph including indirect calls; if you don't handle indirect calls well, your call graph is either ridiculously over connected (the famous "scribble" diagram), or ridiculously underconnected (most functions won't be reachable).
For [1],
For [2],
Once you have these pieces, you can consider what you might do with the result. I can tell you that a flow graph for a million line system will cover a football field at 1 inch resolution; you'll need serious computing power to traverse/analyze such a graph.
If your intent was to analyze the Linux binaries (well you'd want to process the linker modules) directly, you don't have nearly as bad a problem of building the control flow graph because you don't have to deal with what amounts to most of a compiler. Now you just have to worry about the entire Intel instruction set. But if you model the machine instructions accurately, your CFG is likely to be 10x the size of one for the source code and a whole lot less helpful in tracing any issues back to the source.