    Control flow recovery is performed using the mcsema-disass tool, which relies on IDA Pro to disassemble a binary file and produce a control flow graph

    Would be cool if this could be ported to use ghidra’s disassembly framework instead, so all the components would be opensource.

      This feature has been requested for a while. We have not had time to implement it, but as the comments in the PR say, we are making progress towards use of more diverse CFG recovery sources.

      I’m one of the developers of McSema and can answer any questions people may have.

      I’d also like to point out McSema’s suite of sister tools:

      • Remill: instruction semantics for ARMv8, x86, x86-64, and Sparc. ARMv7 is in progress.
      • Anvill: Lift binaries with the goal of producing bitcode similar to what a compiler may emit. Anvill is much less mature than McSema and has somewhat different goals (to produce cleaner bitcode versus exactly mimic underlying semantics). Eventually we see the tools sharing a common platform.
      • Rellic: Produce goto-free C source output from LLVM bitcode using Clang’s AST library.