0

I want to generate a control-flow graph for non-executable binary files. The objective is to perform static analysis on the generated binary files of Linux kernel. Is there any tool which can do this? Tools I found by searching are only for executable files.

I use obj-dump to disassemble the binary to assembly. Currently, I perform the analysis on assembly basic blocks, but in this method, I cannot guarantee if all execution paths are covered.

Dragonight
  • 1,033
  • 2
  • 10
  • 20
  • The Linux kernel is a standard ELF executable compressed and packed into a bzImage file that decompress the kernel stored within it. You can either obtain the uncompressed "vmlinux" kernel that produced the "vmlinuz" file you're trying to analyse or extract it from the vmlinuz file. – Ross Ridge Oct 09 '17 at 18:42
  • Thanks. However, I want to analyze individual files of the kernel (.o file created in compilation, example linux/mm/mmap.o) – Dragonight Oct 09 '17 at 20:27
  • You can convert an object file to an executable by using `ld --unresolved-symbols=ignore-all`, although this will resolve all external functions to the same address: 0. – Ross Ridge Oct 09 '17 at 20:49
  • Is it a hard requirement in your project that only binary files should be analyzed, only after they have been built? If not, analysis *during* the compilation could be an option too. GCC plugins could help you do various kinds of analysis on the CFG. Might be not very easy to use though (the docs are quite scarce) but still helpful. – Eugene Oct 10 '17 at 08:44

1 Answers1

0

GrammaTech CodeSonar can provide static analysis of binaries, or individual object files: https://www.grammatech.com/products/binary-analysis. This is a commercial tool.

markhermeling
  • 96
  • 4