grap(match graph patterns)

m4n0w4r

grap: define and match graph patterns within binarieshttps://github.com/quoscient/grap
grap takes patterns and binary files, uses a Casptone-based disassembler to obtain the control flow graphs from the binaries, then matches the patterns against them.
Patterns are user-defined graphs with instruction conditions ("opcode is xor and arg1 is eax") and repetition conditions (3 identical instructions, basic blocks...).
grap is available as a standalone tool with a disassembler and python bindings, and as an IDA plugin which takes advantage of the disassembly done by IDA and the reverser.
Create patterns interactively from IDA:



Patterns file can put into the folder: IDA 7.0\plugins\idagrap\patterns\test\misc\files


Example highlight_call.grapp:


Matching call in IDA:


More info: https://github.com/quoscient/grap

snowfox

谢谢分享, 看起来不错

6767

个人看法：模式匹配用的东西，可以用来寻找汇编产品的相关性质的东西。
机器翻译一下：
grap：定义和匹配二进制文件中的图形模式
grap采用模式和二进制文件，使用基于Casptone的反汇编程序从二进制文件中获取控制流图，然后将模式与它们进行匹配。

模式是用户定义的图形，带有指令条件（“操作码是xor和arg1是eax”）和重复条件（3个相同的指令，基本块......）。


grap可以作为带有反汇编和python绑定的独立工具使用，也可以作为IDA插件使用IDA和反向器进行的反汇编。

chenyuning2010

谢谢分享, 看起来不错

pojie5201314

谢谢分享 新年快乐

m4n0w4r

Thanks and Happy New Year to all members!