3

I'm quite fond of IDA, but I'm working in Solaris on this project. I do have a linux machine, and if nothing is in the same league as IDA then I'll convince management to purchase a license for it.

Barring that, I'm looking for alternative suggestions. Some of the other features in IDA would be handy, but the main thing I need at the moment is a call flow graph generator not based on source code. If it needs extra output from the build step, that's fine, but some of the libraries I need to look at I don't have source for.

So far, it looks like my best choices are Valgrind's Callgrind, lida, and gprof. Any further suggestions are welcome.

re: gprof, the GNU compiler set provided to us by Windriver is missing some libraries that would normally be supplied with a GNU compiler to provide (among other things) facilities for profiling. It's a good solution to the more general problem, but for now I'm opting to try other solutions first.

edit Some of the Rational tools (Purify, Quantify, etc) might also work well for this. I'm in the same boat as with IDA with that, but I figure someone googling might find the suggestion helpful.

edit2 Valgrind hasn't been ported to solaris/sparc ;p

Brian Vandenberg
  • 4,011
  • 2
  • 37
  • 53
  • So, I guess doxygen with the graphviz plugin is out of the question? – Judge Maygarden Apr 12 '11 at 18:36
  • Yes, OP mentioned that the generator should not be based on source code. –  Apr 12 '11 at 18:54
  • @Judge - I'm trying to generate a call-flow graph over some libraries I don't have source for. I'm not familiar enough with doxygen/graphviz, but if they can work off a disassembly of the binary then I suppose that might work. – Brian Vandenberg Apr 12 '11 at 19:12
  • 1
    No, doxygen very much needs the source code, but it does make nice call graph diagrams. – Judge Maygarden Apr 12 '11 at 19:19

3 Answers3

3

Take a look at the ERESI Project. It's a reverse engineering framework and it has a tool, called ELFsh, with capabilities of generating CFG from machine code. It doesn't have a stable/final yet, but it's worth a shot.

If you want to try it:

  • download and install (apt-get on Ubuntu)
  • run elfsh32. You'll enter a shell.
  • load your binary: load /bin/bash
  • analyse it: analyse
  • generate the graph: graph

You'll get a graph in .dot format and a rendered PNG (this one was too large to post here).

Thiago Cardoso
  • 725
  • 1
  • 5
  • 19
2

You can generate a call graph with Gprof. It can be visualized with Kprof.

  • I'm sorry for not mentioning it, I'll edit to compensate. I tried gprof, but the compiler set I'm working with is somewhat restrictive because Windriver didn't provide some of the libraries necessary to build a profileable application. The object files build, but it's missing some crt libs & whatnot. I tried supplying other crt libs that satisfy the dependencies, but gprof exits with a terse and cryptic error. Perhaps I should be more patient with it, but I opted to look for other solutions rather than beating that horse. – Brian Vandenberg Apr 12 '11 at 19:01
  • +1 because it's a good suggestion for solving the more general problem, even if it isn't exactly what I need. – Brian Vandenberg Apr 12 '11 at 19:02
1

Very late answer but can still be useful.. On Solaris you can use collect.

  • collect your_program your_args...
  • It will generate a directory like test.1.er
  • You can then visualize the call graph on the console with er_print -calltree test.1.er
  • Or on X-Window with analyser
Marc
  • 856
  • 1
  • 8
  • 20
  • +1 This is a good one, with the caveat that you must have Sun Studio installed and you must compile your program with the appropriate arguments to instrument the process. – Brian Vandenberg Jul 21 '16 at 15:15