Compact ASM ctrl-flow Visualiser

In: Hacks|Programming|Technology

18 Jun 2013

Line chaser

 


I got a comment to my initial post about ASM ctrl-flow visualisation which ends with the following remark:

The code runs into problems when faced with code with very large numbers of jumps in, such as from a large ‘switch’ statement or just where there’s rather a lot of conditions being checked…

I’m guessing that this is about the same issue I’ve noticed myself, that some functions with a lot of jump instructions, like say the free function in dlmalloc, results in an arrow-gutter of around 80 characters run through my initial script.

The reason for this is that I chose to reserve one column for each jump instruction within a function. This was simpler to write and has some readability benefits IMO but can also lead to arrow-gutters that are much wider than they need to be.

So this compact visualiser reuses columns that become available after arriving at the jump origin or destination. The example below only saves 5 columns compared to the less frugal script, but the previously mentioned free function goes down from using 80 columns for arrows to a mere 18.

0804debc <img_text>:
          804debc:	55                   	push   ebp
          804debd:	89 e5                	mov    ebp,esp
          804debf:	53                   	push   ebx
          804dec0:	83 ec 34             	sub    esp,0x34
          804dec3:	8b 45 0c             	mov    eax,[ebp+0xc]
          804dec6:	8b 00                	mov    eax,[eax]
          804dec8:	85 c0                	test   eax,eax
       ,--804deca:	74 3c                	je     804df08 
       |  804decc:	8b 45 0c             	mov    eax,[ebp+0xc]
       |  804decf:	83 c0 04             	add    eax,0x4
       |  804ded2:	8b 00                	mov    eax,[eax]
       |  804ded4:	85 c0                	test   eax,eax
      ,|--804ded6:	74 30                	je     804df08 
      ||  804ded8:	8b 45 0c             	mov    eax,[ebp+0xc]
      ||  804dedb:	83 c0 08             	add    eax,0x8
      ||  804dede:	8b 00                	mov    eax,[eax]
      ||  804dee0:	85 c0                	test   eax,eax
     ,||--804dee2:	74 24                	je     804df08 
     |||  804dee4:	8b 45 0c             	mov    eax,[ebp+0xc]
     |||  804dee7:	83 c0 0c             	add    eax,0xc
     |||  804deea:	8b 00                	mov    eax,[eax]
     |||  804deec:	85 c0                	test   eax,eax
    ,|||--804deee:	74 18                	je     804df08 
    ||||  804def0:	8b 45 0c             	mov    eax,[ebp+0xc]
    ||||  804def3:	83 c0 10             	add    eax,0x10
    ||||  804def6:	8b 00                	mov    eax,[eax]
    ||||  804def8:	85 c0                	test   eax,eax
   ,||||--804defa:	74 0c                	je     804df08 
   |||||  804defc:	8b 45 0c             	mov    eax,[ebp+0xc]
   |||||  804deff:	83 c0 14             	add    eax,0x14
   |||||  804df02:	8b 00                	mov    eax,[eax]
   |||||  804df04:	85 c0                	test   eax,eax
  ,|||||--804df06:	75 2f                	jne    804df37 
  |'''''->804df08:	a1 40 0b 05 08       	mov    eax,ds:0x8050b40
  |       804df0d:	89 44 24 0c          	mov    [esp+0xc],eax
  |       804df11:	c7 44 24 08 1e 00 00 	mov    [esp+0x8],0x1e
  |       804df18:	00 
  |       804df19:	c7 44 24 04 01 00 00 	mov    [esp+0x4],0x1
  |       804df20:	00 
  |       804df21:	c7 04 24 e0 f0 04 08 	mov    [esp],0x804f0e0
  |       804df28:	e8 b3 aa ff ff       	call   80489e0
  |       804df2d:	b8 ff ff ff ff       	mov    eax,0xffffffff
  |    ,--804df32:	e9 79 01 00 00       	jmp    804e0b0 
  '----|->804df37:	8b 45 0c             	mov    eax,[ebp+0xc]
       |  804df3a:	8b 00                	mov    eax,[eax]
       |  804df3c:	89 04 24             	mov    [esp],eax
<snip>
       |  804dfe2:	8b 45 dc             	mov    eax,[ebp-0x24]
       |  804dfe5:	89 45 e8             	mov    [ebp-0x18],eax
      ,|--804dfe8:	e9 a5 00 00 00       	jmp    804e092 
     ,||->804dfed:	c7 45 f4 00 00 00 00 	mov    [ebp-0xc],0x0
    ,|||--804dff4:	e9 87 00 00 00       	jmp    804e080 
   ,||||->804dff9:	8b 45 e8             	mov    eax,[ebp-0x18]
   |||||  804dffc:	0f b6 00             	movzx  eax,[eax]
   |||||  804dfff:	0f b6 d0             	movzx  edx,al
<snip>
   |||||  804e01b:	c7 45 f0 00 00 00 00 	mov    [ebp-0x10],0x0
  ,|||||--804e022:	eb 52                	jmp    804e076 
 ,||||||->804e024:	0f b7 45 e6          	movzx  eax,[ebp-0x1a]
 |||||||  804e028:	83 e0 01             	and    eax,0x1
 |||||||  804e02b:	85 c0                	test   eax,eax
,|||||||--804e02d:	74 3f                	je     804e06e 
||||||||  804e02f:	8b 45 08             	mov    eax,[ebp+0x8]
||||||||  804e032:	8b 00                	mov    eax,[eax]
<snip>
||||||||  804e067:	0f b6 40 02          	movzx  eax,[eax+0x2]
||||||||  804e06b:	88 42 02             	mov    [edx+0x2],al
'|||||||->804e06e:	66 d1 6d e6          	shr    [ebp-0x1a],1
 |||||||  804e072:	83 45 f0 01          	add    [ebp-0x10],0x1
 |'|||||->804e076:	83 7d f0 0b          	cmp    [ebp-0x10],0xb
 '-|||||--804e07a:	7e a8                	jle    804e024 
   |||||  804e07c:	83 45 f4 01          	add    [ebp-0xc],0x1
   |'|||->804e080:	83 7d f4 05          	cmp    [ebp-0xc],0x5
   '-|||--804e084:	0f 8e 6f ff ff ff    	jle    804dff9 
     |||  804e08a:	83 45 e8 01          	add    [ebp-0x18],0x1
     |||  804e08e:	83 45 ec 06          	add    [ebp-0x14],0x6
     |'|->804e092:	8b 45 e8             	mov    eax,[ebp-0x18]
     | |  804e095:	0f b6 00             	movzx  eax,[eax]
     | |  804e098:	84 c0                	test   al,al
     '-|--804e09a:	0f 85 4d ff ff ff    	jne    804dfed 
       |  804e0a0:	8b 45 dc             	mov    eax,[ebp-0x24]
       |  804e0a3:	89 04 24             	mov    [esp],eax
       |  804e0a6:	e8 f3 e2 ff ff       	call   804c39e &lt;free>
       |  804e0ab:	b8 00 00 00 00       	mov    eax,0x0
       '->804e0b0:	83 c4 34             	add    esp,0x34
          804e0b3:	5b                   	pop    ebx
          804e0b4:	5d                   	pop    ebp
          804e0b5:	c3                   	ret

Comment Form

About this blog

The name is inspired by the saying: "perfection is the bane of all good things".
Read more