0xItx/cfg.dot Secret

## cfg.dot
digraph  {
	"<CFGNode main (0x4007f1) [0]>" -> "<CFGNode read_pass (0x400716) [0]>"	 [jumpkind=Ijk_Call];
	"<CFGNode main (0x4007f1) [0]>" -> "<CFGNode main (0x400802) [0]>"	 [jumpkind=Ijk_FakeRet];
	"<CFGNode read_user (0x4006d8) [0]>" -> "<CFGNode read_user (0x4006e7) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode read_user (0x4006d8) [0]>" -> "<CFGNode read_user (0x4006ef) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode read_user (0x4006f2) [0]>" -> "<CFGNode read_user (0x400700) [0]>"	 [jumpkind=Ijk_FakeRet];
	"<CFGNode read_user (0x4006f2) [0]>" -> "<CFGNode 0x400580 (6) [0]>"	 [jumpkind=Ijk_Call];
	"<CFGNode read_user (0x400714) [0]>" -> "<CFGNode main (0x4007f1) [0]>"	 [jumpkind=Ijk_Ret];
	"<CFGNode main (0x400847) [0]>" -> "<CFGNode __libc_start_main (0x1000050) [0]>"	 [jumpkind=Ijk_Ret];
	"<CFGNode read_pass (0x400716) [0]>" -> "<CFGNode read_pass (0x400758) [0]>"	 [jumpkind=Ijk_FakeRet];
	"<CFGNode read_pass (0x400716) [0]>" -> "<CFGNode 0x400540 (6) [0]>"	 [jumpkind=Ijk_Call];
	"<CFGNode 0x400560 (6) [0]>" -> "<CFGNode printf (0x1000020) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode 0x400560 (6) [0]>" -> "<CFGNode printf (0x1000020) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode fgets (0x1000030) [0]>" -> "<CFGNode read_user (0x400700) [0]>"	 [jumpkind=Ijk_Ret];
	"<CFGNode fgets (0x1000030) [0]>" -> "<CFGNode read_user (0x400700) [0]>"	 [jumpkind=Ijk_Ret];
	"<CFGNode fgets (0x1000030) [0]>" -> "<CFGNode read_pass (0x400773) [0]>"	 [jumpkind=Ijk_Ret];
	"<CFGNode main (0x400818) [0]>" -> "<CFGNode 0x400560 (6) [0]>"	 [jumpkind=Ijk_Call];
	"<CFGNode main (0x400818) [0]>" -> "<CFGNode main (0x40082e) [0]>"	 [jumpkind=Ijk_FakeRet];
	"<CFGNode printf (0x1000020) [0]>" -> "<CFGNode main (0x400818) [0]>"	 [jumpkind=Ijk_Ret];
	"<CFGNode printf (0x1000020) [0]>" -> "<CFGNode main (0x40082e) [0]>"	 [jumpkind=Ijk_Ret];
	"<CFGNode __libc_start_main (0x1000050) [0]>" -> "<CFGNode __libc_start_main (0x1000050) [0]>"	 [jumpkind=Ijk_FakeRet];
	"<CFGNode __libc_start_main (0x1000050) [0]>" -> "<CFGNode main (0x400789) [0]>"	 [jumpkind=Ijk_Call];
	"<CFGNode main (0x40082e) [0]>" -> "<CFGNode main (0x400847) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode main (0x40082e) [0]>" -> "<CFGNode main (0x400842) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode read_user (0x400700) [0]>" -> "<CFGNode read_user (0x400714) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode read_user (0x400700) [0]>" -> "<CFGNode read_user (0x40070f) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode main (0x400789) [0]>" -> "<CFGNode main (0x4007f1) [0]>"	 [jumpkind=Ijk_FakeRet];
	"<CFGNode main (0x400789) [0]>" -> "<CFGNode read_user (0x400696) [0]>"	 [jumpkind=Ijk_Call];
	"<CFGNode main (0x400842) [0]>" -> "<CFGNode main (0x400847) [0]>"	 [jumpkind=Ijk_FakeRet];
	"<CFGNode main (0x400842) [0]>" -> "<CFGNode 0x400550 (6) [0]>"	 [jumpkind=Ijk_Call];
	"<CFGNode deregister_tm_clones (0x4005d0) [0]>" -> "<CFGNode deregister_tm_clones (0x400600) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode deregister_tm_clones (0x4005d0) [0]>" -> "<CFGNode deregister_tm_clones (0x4005e5) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode __isoc99_fscanf (0x1000040) [0]>" -> "<CFGNode read_user (0x4006d8) [0]>"	 [jumpkind=Ijk_Ret];
	"<CFGNode __isoc99_fscanf (0x1000040) [0]>" -> "<CFGNode read_pass (0x400758) [0]>"	 [jumpkind=Ijk_Ret];
	"<CFGNode __libc_csu_init (0x400883) [0]>" -> "<CFGNode __libc_csu_init (0x400888) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode __libc_csu_init (0x400883) [0]>" -> "<CFGNode __libc_csu_init (0x4008a6) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode 0x400580 (6) [0]>" -> "<CFGNode fgets (0x1000030) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode 0x400580 (6) [0]>" -> "<CFGNode fgets (0x1000030) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode 0x400580 (6) [0]>" -> "<CFGNode fgets (0x1000030) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode __do_global_dtors_aux (0x400650) [0]>" -> "<CFGNode __do_global_dtors_aux (0x400659) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode __do_global_dtors_aux (0x400650) [0]>" -> "<CFGNode __do_global_dtors_aux (0x40066a) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode __libc_csu_init (0x400890) [0]>" -> "<CFGNode __do_global_dtors_aux (0x400650) [0]>"	 [jumpkind=Ijk_Call];
	"<CFGNode __libc_csu_init (0x400890) [0]>" -> "<CFGNode __libc_csu_init (0x40089d) [0]>"	 [jumpkind=Ijk_FakeRet];
	"<CFGNode deregister_tm_clones (0x400600) [0]>" -> "<CFGNode __do_global_dtors_aux (0x400662) [0]>"	 [jumpkind=Ijk_Ret];
	"<CFGNode read_pass (0x400758) [0]>" -> "<CFGNode 0x400580 (6) [0]>"	 [jumpkind=Ijk_Call];
	"<CFGNode read_pass (0x400758) [0]>" -> "<CFGNode read_pass (0x400773) [0]>"	 [jumpkind=Ijk_FakeRet];
	"<CFGNode 0x400596 (10) [0]>" -> "<CFGNode 0x400530 (12) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode frame_dummy (0x400633) [0]>" -> "<CFGNode frame_dummy (0x40063d) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode frame_dummy (0x400633) [0]>" -> "<CFGNode frame_dummy (0x400648) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode frame_dummy (0x40067b) [0]>" -> "<CFGNode frame_dummy (0x400610) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode _init (0x400520) [0]>" -> "<CFGNode 0x400590 (6) [0]>"	 [jumpkind=Ijk_Call];
	"<CFGNode _init (0x400520) [0]>" -> "<CFGNode _init (0x400525) [0]>"	 [jumpkind=Ijk_FakeRet];
	"<CFGNode deregister_tm_clones (0x4005e5) [0]>" -> "<CFGNode deregister_tm_clones (0x4005ef) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode deregister_tm_clones (0x4005e5) [0]>" -> "<CFGNode deregister_tm_clones (0x400600) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode 0x400550 (6) [0]>" -> "<CFGNode __stack_chk_fail (0x1000000) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode 0x400550 (6) [0]>" -> "<CFGNode __stack_chk_fail (0x1000000) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode 0x400550 (6) [0]>" -> "<CFGNode __stack_chk_fail (0x1000000) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode read_pass (0x400787) [0]>" -> "<CFGNode main (0x400802) [0]>"	 [jumpkind=Ijk_Ret];
	"<CFGNode __libc_csu_init (0x40089d) [0]>" -> "<CFGNode __libc_csu_init (0x400890) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode __libc_csu_init (0x40089d) [0]>" -> "<CFGNode __libc_csu_init (0x4008a6) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode __do_global_dtors_aux (0x400659) [0]>" -> "<CFGNode deregister_tm_clones (0x4005d0) [0]>"	 [jumpkind=Ijk_Call];
	"<CFGNode __do_global_dtors_aux (0x400659) [0]>" -> "<CFGNode __do_global_dtors_aux (0x400662) [0]>"	 [jumpkind=Ijk_FakeRet];
	"<CFGNode read_pass (0x400773) [0]>" -> "<CFGNode read_pass (0x400787) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode read_pass (0x400773) [0]>" -> "<CFGNode read_pass (0x400782) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode 0x400590 (6) [0]>" -> "<CFGNode 0x400596 (10) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode _init (0x400525) [0]>" -> "<CFGNode __libc_csu_init (0x400883) [0]>"	 [jumpkind=Ijk_Ret];
	"<CFGNode 0x400570 (6) [0]>" -> "<CFGNode __libc_start_main (0x1000010) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode frame_dummy (0x400610) [0]>" -> "<CFGNode frame_dummy (0x400633) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode frame_dummy (0x400610) [0]>" -> "<CFGNode frame_dummy (0x400648) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode frame_dummy (0x400690) [0]>" -> "<CFGNode frame_dummy (0x400610) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode __do_global_dtors_aux (0x400662) [0]>" -> "<CFGNode __libc_csu_init (0x40089d) [0]>"	 [jumpkind=Ijk_Ret];
	"<CFGNode __libc_start_main (0x1000010) [0]>" -> "<CFGNode __libc_start_main (0x1000050) [0]>"	 [jumpkind=Ijk_FakeRet];
	"<CFGNode __libc_start_main (0x1000010) [0]>" -> "<CFGNode __libc_csu_init (0x400850) [0]>"	 [jumpkind=Ijk_Call];
	"<CFGNode read_user (0x4006e7) [0]>" -> "<CFGNode read_user (0x4006f2) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode frame_dummy (0x400648) [0]>" -> "<CFGNode __libc_csu_init (0x40089d) [0]>"	 [jumpkind=Ijk_Ret];
	"<CFGNode 0x400540 (6) [0]>" -> "<CFGNode __isoc99_fscanf (0x1000040) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode 0x400540 (6) [0]>" -> "<CFGNode __isoc99_fscanf (0x1000040) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode main (0x400802) [0]>" -> "<CFGNode 0x400560 (6) [0]>"	 [jumpkind=Ijk_Call];
	"<CFGNode main (0x400802) [0]>" -> "<CFGNode main (0x400818) [0]>"	 [jumpkind=Ijk_FakeRet];
	"<CFGNode __libc_csu_init (0x400888) [0]>" -> "<CFGNode __libc_csu_init (0x40089d) [0]>"	 [jumpkind=Ijk_FakeRet];
	"<CFGNode __libc_csu_init (0x400888) [0]>" -> "<CFGNode frame_dummy (0x400670) [0]>"	 [jumpkind=Ijk_Call];
	"<CFGNode read_user (0x4006ef) [0]>" -> "<CFGNode read_user (0x400700) [0]>"	 [jumpkind=Ijk_FakeRet];
	"<CFGNode read_user (0x4006ef) [0]>" -> "<CFGNode 0x400580 (6) [0]>"	 [jumpkind=Ijk_Call];
	"<CFGNode read_user (0x400696) [0]>" -> "<CFGNode read_user (0x4006d8) [0]>"	 [jumpkind=Ijk_FakeRet];
	"<CFGNode read_user (0x400696) [0]>" -> "<CFGNode 0x400540 (6) [0]>"	 [jumpkind=Ijk_Call];
	"<CFGNode _init (0x400510) [0]>" -> "<CFGNode _init (0x400520) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode _init (0x400510) [0]>" -> "<CFGNode _init (0x400525) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode __do_global_dtors_aux (0x40066a) [0]>" -> "<CFGNode __libc_csu_init (0x40089d) [0]>"	 [jumpkind=Ijk_Ret];
	"<CFGNode __libc_csu_init (0x400850) [0]>" -> "<CFGNode __libc_csu_init (0x400883) [0]>"	 [jumpkind=Ijk_FakeRet];
	"<CFGNode __libc_csu_init (0x400850) [0]>" -> "<CFGNode _init (0x400510) [0]>"	 [jumpkind=Ijk_Call];
	"<CFGNode __libc_csu_init (0x4008a6) [0]>" -> "<CFGNode __libc_start_main (0x1000050) [0]>"	 [jumpkind=Ijk_Ret];
	"<CFGNode frame_dummy (0x400670) [0]>" -> "<CFGNode frame_dummy (0x40067b) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode frame_dummy (0x400670) [0]>" -> "<CFGNode frame_dummy (0x400680) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode read_pass (0x400782) [0]>" -> "<CFGNode 0x400550 (6) [0]>"	 [jumpkind=Ijk_Call];
	"<CFGNode read_pass (0x400782) [0]>" -> "<CFGNode read_pass (0x400787) [0]>"	 [jumpkind=Ijk_FakeRet];
	"<CFGNode frame_dummy (0x400680) [0]>" -> "<CFGNode frame_dummy (0x40067b) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode frame_dummy (0x400680) [0]>" -> "<CFGNode frame_dummy (0x40068a) [0]>"	 [jumpkind=Ijk_Boring];
	"<CFGNode _start (0x4005a0) [0]>" -> "<CFGNode 0x400570 (6) [0]>"	 [jumpkind=Ijk_Call];
	"<CFGNode _start (0x4005a0) [0]>" -> "<CFGNode _start (0x4005c9) [0]>"	 [jumpkind=Ijk_FakeRet];
	"<CFGNode frame_dummy (0x40068a) [0]>" -> "<CFGNode frame_dummy (0x400690) [0]>"	 [jumpkind=Ijk_FakeRet];
	"<CFGNode read_user (0x40070f) [0]>" -> "<CFGNode read_user (0x400714) [0]>"	 [jumpkind=Ijk_FakeRet];
	"<CFGNode read_user (0x40070f) [0]>" -> "<CFGNode 0x400550 (6) [0]>"	 [jumpkind=Ijk_Call];
}

## runner.py
#!/usr/bin/env python
import logging
import networkx as nx
logging.basicConfig(level=logging.DEBUG)

import angr
b = angr.Project("test_app", load_options={'auto_load_libs': False})

cfg = b.analyses.CFG(keep_input_state=True, context_sensitivity_level=3)  # Happens under different ctx levels as well
nx.write_dot(cfg.graph, "cfg.dot")

ddg = b.analyses.DDG(cfg)
nx.write_dot(ddg.graph, "ddg.dot")

## test_app.c
/* Tested with:
     x86_64: gcc 4.9.2
     ARMHF: arm-linux-gnueabihf-gcc 4.9.2
     No fancy compilation flags
*/

#include <stdio.h>

void read_user(char* user, int user_max_size)
{
    int user_size = 0;
    fscanf(stdin, "%d", &user_size);
    fgets(user, user_size < user_max_size ? user_size + 1 : user_max_size, stdin);
}

void read_pass(char* pass, int pass_max_size)
{
    int pass_size = 0;
    fscanf(stdin, "%d", &pass_size);
    fgets(pass, pass_size + 1, stdin);
}

int main()
{
    char user[32] = "";
    char pass[32] = "";
    read_user(user, 32);
    read_pass(pass, 32);

    printf("User = %s\n", user);
    printf("Pass = %s\n", pass);

    return 0;
}
	digraph {
	"<CFGNode main (0x4007f1) [0]>" -> "<CFGNode read_pass (0x400716) [0]>" [jumpkind=Ijk_Call];
	"<CFGNode main (0x4007f1) [0]>" -> "<CFGNode main (0x400802) [0]>" [jumpkind=Ijk_FakeRet];
	"<CFGNode read_user (0x4006d8) [0]>" -> "<CFGNode read_user (0x4006e7) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode read_user (0x4006d8) [0]>" -> "<CFGNode read_user (0x4006ef) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode read_user (0x4006f2) [0]>" -> "<CFGNode read_user (0x400700) [0]>" [jumpkind=Ijk_FakeRet];
	"<CFGNode read_user (0x4006f2) [0]>" -> "<CFGNode 0x400580 (6) [0]>" [jumpkind=Ijk_Call];
	"<CFGNode read_user (0x400714) [0]>" -> "<CFGNode main (0x4007f1) [0]>" [jumpkind=Ijk_Ret];
	"<CFGNode main (0x400847) [0]>" -> "<CFGNode __libc_start_main (0x1000050) [0]>" [jumpkind=Ijk_Ret];
	"<CFGNode read_pass (0x400716) [0]>" -> "<CFGNode read_pass (0x400758) [0]>" [jumpkind=Ijk_FakeRet];
	"<CFGNode read_pass (0x400716) [0]>" -> "<CFGNode 0x400540 (6) [0]>" [jumpkind=Ijk_Call];
	"<CFGNode 0x400560 (6) [0]>" -> "<CFGNode printf (0x1000020) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode 0x400560 (6) [0]>" -> "<CFGNode printf (0x1000020) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode fgets (0x1000030) [0]>" -> "<CFGNode read_user (0x400700) [0]>" [jumpkind=Ijk_Ret];
	"<CFGNode fgets (0x1000030) [0]>" -> "<CFGNode read_user (0x400700) [0]>" [jumpkind=Ijk_Ret];
	"<CFGNode fgets (0x1000030) [0]>" -> "<CFGNode read_pass (0x400773) [0]>" [jumpkind=Ijk_Ret];
	"<CFGNode main (0x400818) [0]>" -> "<CFGNode 0x400560 (6) [0]>" [jumpkind=Ijk_Call];
	"<CFGNode main (0x400818) [0]>" -> "<CFGNode main (0x40082e) [0]>" [jumpkind=Ijk_FakeRet];
	"<CFGNode printf (0x1000020) [0]>" -> "<CFGNode main (0x400818) [0]>" [jumpkind=Ijk_Ret];
	"<CFGNode printf (0x1000020) [0]>" -> "<CFGNode main (0x40082e) [0]>" [jumpkind=Ijk_Ret];
	"<CFGNode __libc_start_main (0x1000050) [0]>" -> "<CFGNode __libc_start_main (0x1000050) [0]>" [jumpkind=Ijk_FakeRet];
	"<CFGNode __libc_start_main (0x1000050) [0]>" -> "<CFGNode main (0x400789) [0]>" [jumpkind=Ijk_Call];
	"<CFGNode main (0x40082e) [0]>" -> "<CFGNode main (0x400847) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode main (0x40082e) [0]>" -> "<CFGNode main (0x400842) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode read_user (0x400700) [0]>" -> "<CFGNode read_user (0x400714) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode read_user (0x400700) [0]>" -> "<CFGNode read_user (0x40070f) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode main (0x400789) [0]>" -> "<CFGNode main (0x4007f1) [0]>" [jumpkind=Ijk_FakeRet];
	"<CFGNode main (0x400789) [0]>" -> "<CFGNode read_user (0x400696) [0]>" [jumpkind=Ijk_Call];
	"<CFGNode main (0x400842) [0]>" -> "<CFGNode main (0x400847) [0]>" [jumpkind=Ijk_FakeRet];
	"<CFGNode main (0x400842) [0]>" -> "<CFGNode 0x400550 (6) [0]>" [jumpkind=Ijk_Call];
	"<CFGNode deregister_tm_clones (0x4005d0) [0]>" -> "<CFGNode deregister_tm_clones (0x400600) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode deregister_tm_clones (0x4005d0) [0]>" -> "<CFGNode deregister_tm_clones (0x4005e5) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode __isoc99_fscanf (0x1000040) [0]>" -> "<CFGNode read_user (0x4006d8) [0]>" [jumpkind=Ijk_Ret];
	"<CFGNode __isoc99_fscanf (0x1000040) [0]>" -> "<CFGNode read_pass (0x400758) [0]>" [jumpkind=Ijk_Ret];
	"<CFGNode __libc_csu_init (0x400883) [0]>" -> "<CFGNode __libc_csu_init (0x400888) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode __libc_csu_init (0x400883) [0]>" -> "<CFGNode __libc_csu_init (0x4008a6) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode 0x400580 (6) [0]>" -> "<CFGNode fgets (0x1000030) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode 0x400580 (6) [0]>" -> "<CFGNode fgets (0x1000030) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode 0x400580 (6) [0]>" -> "<CFGNode fgets (0x1000030) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode __do_global_dtors_aux (0x400650) [0]>" -> "<CFGNode __do_global_dtors_aux (0x400659) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode __do_global_dtors_aux (0x400650) [0]>" -> "<CFGNode __do_global_dtors_aux (0x40066a) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode __libc_csu_init (0x400890) [0]>" -> "<CFGNode __do_global_dtors_aux (0x400650) [0]>" [jumpkind=Ijk_Call];
	"<CFGNode __libc_csu_init (0x400890) [0]>" -> "<CFGNode __libc_csu_init (0x40089d) [0]>" [jumpkind=Ijk_FakeRet];
	"<CFGNode deregister_tm_clones (0x400600) [0]>" -> "<CFGNode __do_global_dtors_aux (0x400662) [0]>" [jumpkind=Ijk_Ret];
	"<CFGNode read_pass (0x400758) [0]>" -> "<CFGNode 0x400580 (6) [0]>" [jumpkind=Ijk_Call];
	"<CFGNode read_pass (0x400758) [0]>" -> "<CFGNode read_pass (0x400773) [0]>" [jumpkind=Ijk_FakeRet];
	"<CFGNode 0x400596 (10) [0]>" -> "<CFGNode 0x400530 (12) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode frame_dummy (0x400633) [0]>" -> "<CFGNode frame_dummy (0x40063d) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode frame_dummy (0x400633) [0]>" -> "<CFGNode frame_dummy (0x400648) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode frame_dummy (0x40067b) [0]>" -> "<CFGNode frame_dummy (0x400610) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode _init (0x400520) [0]>" -> "<CFGNode 0x400590 (6) [0]>" [jumpkind=Ijk_Call];
	"<CFGNode _init (0x400520) [0]>" -> "<CFGNode _init (0x400525) [0]>" [jumpkind=Ijk_FakeRet];
	"<CFGNode deregister_tm_clones (0x4005e5) [0]>" -> "<CFGNode deregister_tm_clones (0x4005ef) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode deregister_tm_clones (0x4005e5) [0]>" -> "<CFGNode deregister_tm_clones (0x400600) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode 0x400550 (6) [0]>" -> "<CFGNode __stack_chk_fail (0x1000000) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode 0x400550 (6) [0]>" -> "<CFGNode __stack_chk_fail (0x1000000) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode 0x400550 (6) [0]>" -> "<CFGNode __stack_chk_fail (0x1000000) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode read_pass (0x400787) [0]>" -> "<CFGNode main (0x400802) [0]>" [jumpkind=Ijk_Ret];
	"<CFGNode __libc_csu_init (0x40089d) [0]>" -> "<CFGNode __libc_csu_init (0x400890) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode __libc_csu_init (0x40089d) [0]>" -> "<CFGNode __libc_csu_init (0x4008a6) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode __do_global_dtors_aux (0x400659) [0]>" -> "<CFGNode deregister_tm_clones (0x4005d0) [0]>" [jumpkind=Ijk_Call];
	"<CFGNode __do_global_dtors_aux (0x400659) [0]>" -> "<CFGNode __do_global_dtors_aux (0x400662) [0]>" [jumpkind=Ijk_FakeRet];
	"<CFGNode read_pass (0x400773) [0]>" -> "<CFGNode read_pass (0x400787) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode read_pass (0x400773) [0]>" -> "<CFGNode read_pass (0x400782) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode 0x400590 (6) [0]>" -> "<CFGNode 0x400596 (10) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode _init (0x400525) [0]>" -> "<CFGNode __libc_csu_init (0x400883) [0]>" [jumpkind=Ijk_Ret];
	"<CFGNode 0x400570 (6) [0]>" -> "<CFGNode __libc_start_main (0x1000010) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode frame_dummy (0x400610) [0]>" -> "<CFGNode frame_dummy (0x400633) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode frame_dummy (0x400610) [0]>" -> "<CFGNode frame_dummy (0x400648) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode frame_dummy (0x400690) [0]>" -> "<CFGNode frame_dummy (0x400610) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode __do_global_dtors_aux (0x400662) [0]>" -> "<CFGNode __libc_csu_init (0x40089d) [0]>" [jumpkind=Ijk_Ret];
	"<CFGNode __libc_start_main (0x1000010) [0]>" -> "<CFGNode __libc_start_main (0x1000050) [0]>" [jumpkind=Ijk_FakeRet];
	"<CFGNode __libc_start_main (0x1000010) [0]>" -> "<CFGNode __libc_csu_init (0x400850) [0]>" [jumpkind=Ijk_Call];
	"<CFGNode read_user (0x4006e7) [0]>" -> "<CFGNode read_user (0x4006f2) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode frame_dummy (0x400648) [0]>" -> "<CFGNode __libc_csu_init (0x40089d) [0]>" [jumpkind=Ijk_Ret];
	"<CFGNode 0x400540 (6) [0]>" -> "<CFGNode __isoc99_fscanf (0x1000040) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode 0x400540 (6) [0]>" -> "<CFGNode __isoc99_fscanf (0x1000040) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode main (0x400802) [0]>" -> "<CFGNode 0x400560 (6) [0]>" [jumpkind=Ijk_Call];
	"<CFGNode main (0x400802) [0]>" -> "<CFGNode main (0x400818) [0]>" [jumpkind=Ijk_FakeRet];
	"<CFGNode __libc_csu_init (0x400888) [0]>" -> "<CFGNode __libc_csu_init (0x40089d) [0]>" [jumpkind=Ijk_FakeRet];
	"<CFGNode __libc_csu_init (0x400888) [0]>" -> "<CFGNode frame_dummy (0x400670) [0]>" [jumpkind=Ijk_Call];
	"<CFGNode read_user (0x4006ef) [0]>" -> "<CFGNode read_user (0x400700) [0]>" [jumpkind=Ijk_FakeRet];
	"<CFGNode read_user (0x4006ef) [0]>" -> "<CFGNode 0x400580 (6) [0]>" [jumpkind=Ijk_Call];
	"<CFGNode read_user (0x400696) [0]>" -> "<CFGNode read_user (0x4006d8) [0]>" [jumpkind=Ijk_FakeRet];
	"<CFGNode read_user (0x400696) [0]>" -> "<CFGNode 0x400540 (6) [0]>" [jumpkind=Ijk_Call];
	"<CFGNode _init (0x400510) [0]>" -> "<CFGNode _init (0x400520) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode _init (0x400510) [0]>" -> "<CFGNode _init (0x400525) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode __do_global_dtors_aux (0x40066a) [0]>" -> "<CFGNode __libc_csu_init (0x40089d) [0]>" [jumpkind=Ijk_Ret];
	"<CFGNode __libc_csu_init (0x400850) [0]>" -> "<CFGNode __libc_csu_init (0x400883) [0]>" [jumpkind=Ijk_FakeRet];
	"<CFGNode __libc_csu_init (0x400850) [0]>" -> "<CFGNode _init (0x400510) [0]>" [jumpkind=Ijk_Call];
	"<CFGNode __libc_csu_init (0x4008a6) [0]>" -> "<CFGNode __libc_start_main (0x1000050) [0]>" [jumpkind=Ijk_Ret];
	"<CFGNode frame_dummy (0x400670) [0]>" -> "<CFGNode frame_dummy (0x40067b) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode frame_dummy (0x400670) [0]>" -> "<CFGNode frame_dummy (0x400680) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode read_pass (0x400782) [0]>" -> "<CFGNode 0x400550 (6) [0]>" [jumpkind=Ijk_Call];
	"<CFGNode read_pass (0x400782) [0]>" -> "<CFGNode read_pass (0x400787) [0]>" [jumpkind=Ijk_FakeRet];
	"<CFGNode frame_dummy (0x400680) [0]>" -> "<CFGNode frame_dummy (0x40067b) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode frame_dummy (0x400680) [0]>" -> "<CFGNode frame_dummy (0x40068a) [0]>" [jumpkind=Ijk_Boring];
	"<CFGNode _start (0x4005a0) [0]>" -> "<CFGNode 0x400570 (6) [0]>" [jumpkind=Ijk_Call];
	"<CFGNode _start (0x4005a0) [0]>" -> "<CFGNode _start (0x4005c9) [0]>" [jumpkind=Ijk_FakeRet];
	"<CFGNode frame_dummy (0x40068a) [0]>" -> "<CFGNode frame_dummy (0x400690) [0]>" [jumpkind=Ijk_FakeRet];
	"<CFGNode read_user (0x40070f) [0]>" -> "<CFGNode read_user (0x400714) [0]>" [jumpkind=Ijk_FakeRet];
	"<CFGNode read_user (0x40070f) [0]>" -> "<CFGNode 0x400550 (6) [0]>" [jumpkind=Ijk_Call];
	}
	#!/usr/bin/env python
	import logging
	import networkx as nx
	logging.basicConfig(level=logging.DEBUG)

	import angr
	b = angr.Project("test_app", load_options={'auto_load_libs': False})

	cfg = b.analyses.CFG(keep_input_state=True, context_sensitivity_level=3) # Happens under different ctx levels as well
	nx.write_dot(cfg.graph, "cfg.dot")

	ddg = b.analyses.DDG(cfg)
	nx.write_dot(ddg.graph, "ddg.dot")
	/* Tested with:
	x86_64: gcc 4.9.2
	ARMHF: arm-linux-gnueabihf-gcc 4.9.2
	No fancy compilation flags
	*/

	#include <stdio.h>

	void read_user(char* user, int user_max_size)
	{
	int user_size = 0;
	fscanf(stdin, "%d", &user_size);
	fgets(user, user_size < user_max_size ? user_size + 1 : user_max_size, stdin);
	}

	void read_pass(char* pass, int pass_max_size)
	{
	int pass_size = 0;
	fscanf(stdin, "%d", &pass_size);
	fgets(pass, pass_size + 1, stdin);
	}

	int main()
	{
	char user[32] = "";
	char pass[32] = "";
	read_user(user, 32);
	read_pass(pass, 32);

	printf("User = %s\n", user);
	printf("Pass = %s\n", pass);

	return 0;
	}