Re: Re: Function call tree from a binary

On 29 Jul 2000 23:18:27 -0400 "Kamal R. Prasad" <kamalp@ix.netcom.com> wrote:
> There has been some work on this ,referred to as C-Flow.
> It assumes that the binary is from C code that was compiled using a C
> compiler.So the software [you want] would do a reverse translation from
> assembly to C.


Not necessarily. All you need is a disassembler and a symbol table containing
procedure names and addresses. Using the disassembled code, you build a
table like this:


PROC-1 : called-1, called-2, called-3, ..., null
PROC-2 : called-1, called-2, called-3, ..., null
PROC-2 : called-1, called-2, called-3, ..., null
MAIN : called-1, called-2, etc ...


In this table, each procedure name (PROC-n) is the head of a linked list
containing the names of procedures called by that procedure (the one at the
head). In case of a C program, MAIN would be the entry point.


Building this table is straightforward: each procedure (from the symbol
table) is scanned for CALL instructions and the destinations of the calls
are added to the linked list.


The resulting table already contains the desired call tree structure. It
can be printed by performing a simple depth-first traversal starting at
MAIN and following each called procedure.


BTW: In a different (bytecode) environment, I am using this technique for
dead procedure elimination. When tagging visited procedures, the tree
construction by depth-first traversal turns out to be equal to the mark
phase of a mark/sweep garbage collection (marking all visited procedures).
Therefore, procedures which are still unmarked after that tarversal are
dead code ('garbage') and can be removed.


Bye,
nmh.
--
Nils M Holm <nmh@t3x.org> -- http://www.T3X.org/

Return to the comp.compilers page.
Search the comp.compilers archives again.