1. Bogdan Mihaila Avatar Bogdan Mihaila
  2. Untitled project
  3. p9

Wiki

Clone wiki

p9 / Home

View History

GUI for the Bindead binary analyzer

p9 is the GUI for the Bindead binary analyzer. It is used to invoke the analyzer and visualize the analysis results. The initial idea was to have a GUI to inspect the huge amount of data that is produced by the analyzer and to help with debugging the analyzer. However, feature creep came and the GUI is now intended to be used as an interactive tool to analyze binaries with Bindead. Currently, the analyzer may be invoked for a chosen binary file and the resulting data is processed and displayed by the GUI. More possibilities to interact and change the parameters of the analysis are planned.

Screenshots

GUI Screenshot

The code display is inspired by BinNavi but does not get anywhere near their feature set or intends to do so.

Features

The GUI is built on the Netbeans platform and thus comes with a windowing and tabs system out of the box and various other goodies. It uses the Prefuse graph library to layout and display the CFGs. The main use case is to display the reconstructed CFG (control flow graph) of the binary or view the disassembled code as text. Moreover, the analysis results are displayed per instruction, that is, the values of register and memory variables inferred by the analyzer.

A coarse list of the existing features:

  • ability to choose and analyze binaries from the file system
  • display the reconstructed call graph (CG) and the control flow graph (CFG) of the analyzed binary code and the disassembled instructions in an objdump like textual view
  • display both the disassembled native instructions (e.g. x86-32) and our intermediate language RREIL used by the analyzer
  • interact with and navigate the CFG: search, highlight, zoom, overview panel, highlighted connections, follow calls/returns
  • add comments to the CFG
  • show the inferred values for the registers/memory variables for each instruction in the program
  • additionally display the complete analysis results for each instruction (e.g. relations between variables, pointers, congruences ...) in various formats (text, HTML)
  • display the static analysis warnings inferred by the analyzer
  • slice the CFG to show only instructions that influenced the value of a register
  • a calculator component to convert between hex, binary and decimal

and features planned for the future:

  • configuration dialog for the analyzer to tweak the analysis
  • configuration dialog for the GUI and its components
  • show segments, symbols (function names) in a binary and let the user start an analysis at any point in the binary
  • hex view of the binary data
  • filter values per variable and compare values at different program points
  • let the user rename registers and inferred memory cells (to give them more meaningful names like funarg1)
  • edit instructions in a CFG and re-analyze the whole CFG
  • editor for RREIL code with syntax highlighting
  • integration of traces; trace a program up to a certain point (a function) and start a static analysis from there on
  • support projects; save and restore analysis results and CFG modifications etc.

Building and Installation

Please see the README file in the source directory.

Updated