elfmaster / binflow Goto Github PK

Is it reasonable to request that this software be made easily extensible to other architectures, such as ARM and RISC-V? I, personally, would find great use in such a tool and would work to the best of my ability on it.

Just found this, looks like a cool project!

Just some comments on how Capstone engine is used:

• Latest version 3.0.2 is more complete, smaller & faster than v2.1.2, so please update.

• The API cs_disasm_ex() is still supported (but deprecated) but it is better to use the new API name cs_disasm() now.

• Rather than checking instruction mnemonic string, you can use instruction id (cs_insn.id), such as X86_INS_JAE, for example.

• In Capstone 3.0.2, you can easily check if an instruction is a JUMP instruction by using the API cs_insn_group() with group id X86_GRP_JUMP, like followings:

  if (cs_insn_group(handle, insn, X86_GRP_JUMP)) { /* this is a jump instruction */ }

  We also have other groups such for CALL, INT, IRET etc. See x86.h for more info.

• For more details, see tests\test_x86.c on how to take advantage of some other API (such as turning on DETAIL mode for above instruction details)

Thanks.

I feel that your tool is great, but sometimes I have some problems, so I hope that you can continue to update to solve these bugs, thank you.

No matter whether tracing with -b or -p, binflow always crashes with a segfault.
trace:

Stack trace of thread 20472:
                                              #0  0x000000000040375f n/a (binflow)
                                              #1  0x0000000000403ee0 n/a (binflow)
                                              #2  0x0000000000402f7a n/a (binflow)
                                              #3  0x00007fc9b65ea291 __libc_start_main (libc.so.6)
                                              #4  0x0000000000402949 n/a (binflow)

Runing on Arch linux x86_64 4.8.13-1