cetfor/BuildAssignmentGraph.py

## BuildAssignmentGraph.py
import binaryninja
import networkx as nx

target = "cwe369A_x64"

def build_symbol_graph(bv, func):
    graph = nx.DiGraph()
    for func in bv.functions:
        for block in func.medium_level_il.ssa_form:
            for instr in block:
                # process MLIL_SET_VAR_SSA and MLIL_VAR_PHI operations
                if instr.operation in [binaryninja.MediumLevelILOperation.MLIL_SET_VAR_SSA, binaryninja.MediumLevelILOperation.MLIL_VAR_PHI]:
                    try:
                        for var_written in instr.vars_written:
                            vw_str = "{}#{}".format(var_written.var, int(var_written.version))
                            for var_read in instr.vars_read:
                                vr_str = "{}#{}".format(var_read.var, int(var_read.version))
                                graph.add_edge(vr_str, vw_str)
                            if instr.src.operation == binaryninja.MediumLevelILOperation.MLIL_CONST:
                                graph.add_edge(str(instr.src.value.value), vw_str)
                    except AttributeError as e:
                        pass
    return graph

print("Analyzing file: {}".format(target))
bv = binaryninja.BinaryViewType.get_view_of_file(target)
bv.add_analysis_option('linearsweep')

alert_count = 0
for func in bv.functions:
    if func.name != "main": continue
    print("Function: {}".format(func.name))
    for block in func.medium_level_il.ssa_form:
        for instr in block:
            for op in instr.postfix_operands:
                if op in target_operations:
                    try:
                        denom = instr.vars_read[-1]
                    except IndexError:
                        continue
                    denom_str = "{}#{}".format(denom.var, denom.version)
                    sg = build_symbol_graph(bv, func)
                    print("Nodes:\n{}\n".format(sg.nodes))
                    print("Edges:\n{}\n".format(sg.edges))
	import binaryninja
	import networkx as nx

	target = "cwe369A_x64"

	def build_symbol_graph(bv, func):
	graph = nx.DiGraph()
	for func in bv.functions:
	for block in func.medium_level_il.ssa_form:
	for instr in block:
	# process MLIL_SET_VAR_SSA and MLIL_VAR_PHI operations
	if instr.operation in [binaryninja.MediumLevelILOperation.MLIL_SET_VAR_SSA, binaryninja.MediumLevelILOperation.MLIL_VAR_PHI]:
	try:
	for var_written in instr.vars_written:
	vw_str = "{}#{}".format(var_written.var, int(var_written.version))
	for var_read in instr.vars_read:
	vr_str = "{}#{}".format(var_read.var, int(var_read.version))
	graph.add_edge(vr_str, vw_str)
	if instr.src.operation == binaryninja.MediumLevelILOperation.MLIL_CONST:
	graph.add_edge(str(instr.src.value.value), vw_str)
	except AttributeError as e:
	pass
	return graph

	print("Analyzing file: {}".format(target))
	bv = binaryninja.BinaryViewType.get_view_of_file(target)
	bv.add_analysis_option('linearsweep')

	alert_count = 0
	for func in bv.functions:
	if func.name != "main": continue
	print("Function: {}".format(func.name))
	for block in func.medium_level_il.ssa_form:
	for instr in block:
	for op in instr.postfix_operands:
	if op in target_operations:
	try:
	denom = instr.vars_read[-1]
	except IndexError:
	continue
	denom_str = "{}#{}".format(denom.var, denom.version)
	sg = build_symbol_graph(bv, func)
	print("Nodes:\n{}\n".format(sg.nodes))
	print("Edges:\n{}\n".format(sg.edges))