1. 18

  2. 1

    Control flow recovery is performed using the mcsema-disass tool, which relies on IDA Pro to disassemble a binary file and produce a control flow graph

    Would be cool if this could be ported to use ghidra’s disassembly framework instead, so all the components would be opensource.

    1. 1

      This feature has been requested for a while. We have not had time to implement it, but as the comments in the PR say, we are making progress towards use of more diverse CFG recovery sources.

    2. 1

      I’m one of the developers of McSema and can answer any questions people may have.

      I’d also like to point out McSema’s suite of sister tools:

      • Remill: instruction semantics for ARMv8, x86, x86-64, and Sparc. ARMv7 is in progress.
      • Anvill: Lift binaries with the goal of producing bitcode similar to what a compiler may emit. Anvill is much less mature than McSema and has somewhat different goals (to produce cleaner bitcode versus exactly mimic underlying semantics). Eventually we see the tools sharing a common platform.
      • Rellic: Produce goto-free C source output from LLVM bitcode using Clang’s AST library.