There are currently no projects
This tab is intentionally left blank.
I got a comment to my initial post about ASM ctrl-flow visualisation which ends with the following remark:
The code runs into problems when faced with code with very large numbers of jumps in, such as from a large ‘switch’ statement or just where there’s rather a lot of conditions being checked…
I’m guessing that this is about the same issue I’ve noticed myself, that some functions with a lot of jump instructions, like say the free function in dlmalloc, results in an arrow-gutter of around 80 characters run through my initial script.
The reason for this is that I chose to reserve one column for each jump instruction within a function. This was simpler to write and has some readability benefits IMO but can also lead to arrow-gutters that are much wider than they need to be.
So this compact visualiser reuses columns that become available after arriving at the jump origin or destination. The example below only saves 5 columns compared to the less frugal script, but the previously mentioned free function goes down from using 80 columns for arrows to a mere 18.
0804debc
804debc: 55 push ebp
804debd: 89 e5 mov ebp,esp
804debf: 53 push ebx
804dec0: 83 ec 34 sub esp,0x34
804dec3: 8b 45 0c mov eax,[ebp+0xc]
804dec6: 8b 00 mov eax,[eax]
804dec8: 85 c0 test eax,eax
,--804deca: 74 3c je 804df08
| 804decc: 8b 45 0c mov eax,[ebp+0xc]
| 804decf: 83 c0 04 add eax,0x4
| 804ded2: 8b 00 mov eax,[eax]
| 804ded4: 85 c0 test eax,eax
,|--804ded6: 74 30 je 804df08
|| 804ded8: 8b 45 0c mov eax,[ebp+0xc]
|| 804dedb: 83 c0 08 add eax,0x8
|| 804dede: 8b 00 mov eax,[eax]
|| 804dee0: 85 c0 test eax,eax
,||--804dee2: 74 24 je 804df08
||| 804dee4: 8b 45 0c mov eax,[ebp+0xc]
||| 804dee7: 83 c0 0c add eax,0xc
||| 804deea: 8b 00 mov eax,[eax]
||| 804deec: 85 c0 test eax,eax
,|||--804deee: 74 18 je 804df08
|||| 804def0: 8b 45 0c mov eax,[ebp+0xc]
|||| 804def3: 83 c0 10 add eax,0x10
|||| 804def6: 8b 00 mov eax,[eax]
|||| 804def8: 85 c0 test eax,eax
,||||--804defa: 74 0c je 804df08
||||| 804defc: 8b 45 0c mov eax,[ebp+0xc]
||||| 804deff: 83 c0 14 add eax,0x14
||||| 804df02: 8b 00 mov eax,[eax]
||||| 804df04: 85 c0 test eax,eax
,|||||--804df06: 75 2f jne 804df37
|'''''->804df08: a1 40 0b 05 08 mov eax,ds:0x8050b40
| 804df0d: 89 44 24 0c mov [esp+0xc],eax
| 804df11: c7 44 24 08 1e 00 00 mov [esp+0x8],0x1e
| 804df18: 00
| 804df19: c7 44 24 04 01 00 00 mov [esp+0x4],0x1
| 804df20: 00
| 804df21: c7 04 24 e0 f0 04 08 mov [esp],0x804f0e0
| 804df28: e8 b3 aa ff ff call 80489e0
| 804df2d: b8 ff ff ff ff mov eax,0xffffffff
| ,--804df32: e9 79 01 00 00 jmp 804e0b0
'----|->804df37: 8b 45 0c mov eax,[ebp+0xc]
| 804df3a: 8b 00 mov eax,[eax]
| 804df3c: 89 04 24 mov [esp],eax
| 804dfe2: 8b 45 dc mov eax,[ebp-0x24]
| 804dfe5: 89 45 e8 mov [ebp-0x18],eax
,|--804dfe8: e9 a5 00 00 00 jmp 804e092
,||->804dfed: c7 45 f4 00 00 00 00 mov [ebp-0xc],0x0
,|||--804dff4: e9 87 00 00 00 jmp 804e080
,||||->804dff9: 8b 45 e8 mov eax,[ebp-0x18]
||||| 804dffc: 0f b6 00 movzx eax,[eax]
||||| 804dfff: 0f b6 d0 movzx edx,al
||||| 804e01b: c7 45 f0 00 00 00 00 mov [ebp-0x10],0x0
,|||||--804e022: eb 52 jmp 804e076
,||||||->804e024: 0f b7 45 e6 movzx eax,[ebp-0x1a]
||||||| 804e028: 83 e0 01 and eax,0x1
||||||| 804e02b: 85 c0 test eax,eax
,|||||||--804e02d: 74 3f je 804e06e
|||||||| 804e02f: 8b 45 08 mov eax,[ebp+0x8]
|||||||| 804e032: 8b 00 mov eax,[eax]
|||||||| 804e067: 0f b6 40 02 movzx eax,[eax+0x2]
|||||||| 804e06b: 88 42 02 mov [edx+0x2],al
'|||||||->804e06e: 66 d1 6d e6 shr [ebp-0x1a],1
||||||| 804e072: 83 45 f0 01 add [ebp-0x10],0x1
|'|||||->804e076: 83 7d f0 0b cmp [ebp-0x10],0xb
'-|||||--804e07a: 7e a8 jle 804e024
||||| 804e07c: 83 45 f4 01 add [ebp-0xc],0x1
|'|||->804e080: 83 7d f4 05 cmp [ebp-0xc],0x5
'-|||--804e084: 0f 8e 6f ff ff ff jle 804dff9
||| 804e08a: 83 45 e8 01 add [ebp-0x18],0x1
||| 804e08e: 83 45 ec 06 add [ebp-0x14],0x6
|'|->804e092: 8b 45 e8 mov eax,[ebp-0x18]
| | 804e095: 0f b6 00 movzx eax,[eax]
| | 804e098: 84 c0 test al,al
'-|--804e09a: 0f 85 4d ff ff ff jne 804dfed
| 804e0a0: 8b 45 dc mov eax,[ebp-0x24]
| 804e0a3: 89 04 24 mov [esp],eax
| 804e0a6: e8 f3 e2 ff ff call 804c39e <free>
| 804e0ab: b8 00 00 00 00 mov eax,0x0
'->804e0b0: 83 c4 34 add esp,0x34
804e0b3: 5b pop ebx
804e0b4: 5d pop ebp
804e0b5: c3 ret