Since github announced support for Mermaid, it's now possible to include many types of drawings in issues, pull requests, or anything else that is treated like github-flavored markdown and rendered, including this file.
Here's an output from ./using-miasm.py:
graph TD
block_26["792: PUSH RBP
793: MOV RBP, RSP
796: SUB RSP, 0x10
79A: MOV QWORD PTR [RBP + 0xFFFFFFFFFFFFFFF8], RDI
79E: MOV DWORD PTR [RBP + 0xFFFFFFFFFFFFFFF4], ESI
7A1: MOV EAX, DWORD PTR [RBP + 0xFFFFFFFFFFFFFFF4]
7A4: AND EAX, 0x1
7A7: TEST EAX, EAX
7A9: JZ loc_key_32"]
block_33["7AB: MOV EDX, DWORD PTR [RBP + 0xFFFFFFFFFFFFFFF4]
7AE: MOV EAX, EDX
7B0: ADD EAX, EAX
7B2: ADD EAX, EDX
7B4: ADD EAX, 0x1
7B7: MOV DWORD PTR [RBP + 0xFFFFFFFFFFFFFFF4], EAX
7BA: JMP loc_key_34"]
block_32["7BC: MOV EAX, DWORD PTR [RBP + 0xFFFFFFFFFFFFFFF4]
7BF: MOV EDX, EAX
7C1: SHR EDX, 0x1F
7C4: ADD EAX, EDX
7C6: SAR EAX, 0x1
7C8: MOV DWORD PTR [RBP + 0xFFFFFFFFFFFFFFF4], EAX"]
block_36["7D2: MOV EDX, DWORD PTR [RBP + 0xFFFFFFFFFFFFFFF4]
7D5: MOV RAX, QWORD PTR [RBP + 0xFFFFFFFFFFFFFFF8]
7D9: MOV RSI, RAX
7DC: LEA RDI, QWORD PTR [RIP + 0x252]
7E3: MOV EAX, 0x0
7E8: CALL loc_key_37"]
block_35["7ED: MOV EAX, DWORD PTR [RBP + 0xFFFFFFFFFFFFFFF4]
7F0: LEAVE
7F1: RET "]
block_34["7CB: CMP QWORD PTR [RBP + 0xFFFFFFFFFFFFFFF8], 0x0
7D0: JZ loc_key_35"]
block_26 --> block_33
block_26 --> block_32
block_36 --> block_35
block_33 --> block_34
block_34 --> block_36
block_34 --> block_35
block_32 --> block_34
Here's an output from ./using-binja.py:
graph TD
b0["00000792: push rbp
00000793: mov rbp, rsp
00000796: sub rsp, 0x10
0000079A: mov qword [rbp-0x8], rdi
0000079E: mov dword [rbp-0xc], esi
000007A1: mov eax, dword [rbp-0xc]
000007A4: and eax, 0x1
000007A7: test eax, eax
000007A9: je 0x7bc"]
b1["000007BC: mov eax, dword [rbp-0xc]
000007BF: mov edx, eax
000007C1: shr edx, 0x1f
000007C4: add eax, edx
000007C6: sar eax, 0x1
000007C8: mov dword [rbp-0xc], eax"]
b2["000007AB: mov edx, dword [rbp-0xc]
000007AE: mov eax, edx
000007B0: add eax, eax
000007B2: add eax, edx
000007B4: add eax, 0x1
000007B7: mov dword [rbp-0xc], eax
000007BA: jmp 0x7cb"]
b3["000007ED: mov eax, dword [rbp-0xc]
000007F0: leave
000007F1: retn "]
b4["000007D2: mov edx, dword [rbp-0xc]
000007D5: mov rax, qword [rbp-0x8]
000007D9: mov rsi, rax
000007DC: lea rdi, [rel 0xa35]
000007E3: mov eax, 0x0
000007E8: call 0x560"]
b5["000007CB: cmp qword [rbp-0x8], 0x0
000007D0: je 0x7ed"]
b0 --> b1
b0 --> b2
b1 --> b5
b2 --> b5
b4 --> b3
b5 --> b3
b5 --> b4
Notes
Miasm:
AsmCFG
miasm.core.asmblock.AsmCFG
.nodes() returns set of LocKey
.edges() returns list of (LocKey, LocKey) tuples
.blocks is dict_values of AsmBlock
.getby_offset()
.loc_key_to_block()
AsmBlock
miasm.core.asmblock.AsmBlock
.lines is list of instruction_x86 object
instruction\_x86
miasm.arch.x86.arch.instruction\_x86
.offset
LocKey
miasm.expression.expression.LocKey
.key is an int
Mermaid Notes:
- is not like DOT
- newlines with <br>
- label delimeters control vertex shape, like A[Hello] makes a box, A(Hello) makes a box with rounded corners, A{Hello} makes a diamond
generated from: mermaid-control-flow-graphs/README.md