Skip to content

Latest commit

 

History

History
110 lines (67 loc) · 2.57 KB

dumpmasm.pod

File metadata and controls

110 lines (67 loc) · 2.57 KB
Raw

NAME

dumpmasm - Dump assembly listing using Pharos partitioner

SYNOPSIS

dumpmasm [...Pharos options...] EXECUTABLE_FILE

dumpmasm --help

@PHAROS_OPTS_POD@

DESCRIPTION

The dumpmasm command shows the disassembly and function partitioning results from the Pharos framework. Function partitioning is the assignment of instructions to functions. The dumpmasm command also reports the control flow graph recovered by the Pharos framework.

The file format is a comma separated value (CSV) format with three primary record record types:

"PART", address, "INSN", function_address, hex_bytes, mnemonic, operands

"PART", address, "DATA", function_address, hex_bytes, "db", "???"

"FLOW", from_address, to_address, flow_type

The PART/INSN record type represents a disassembled instruction from the function partitioner (disassembler). The mnemonic and operands fields are intended to communicate which instruction was found, but is not an authoritative disassembly in a rigorously valid MASM format.

The PART/DATA record type represents data discovered in the program by the function partitioner. The trailing "???" field was left for future expansion to include data type information. In contrast to INSN records, the DATA records indicate that Pharos does not believe that the bytes represent executable code.

The FLOW record type describes control flow discovered by the Pharos framework. The flow type field is one of several keywords that are documented in detail in the PDGEdgeType enumeration in the graph.hpp source file.

OPTIONS

dumpmasm OPTIONS

The following options are specific to the dumpmasm program.

--format=STRING

Write output in specified format. The string "csv" is the only valid option, and also the default, making this option fairly useless in the most recent version of this command.

@PHAROS_OPTIONS_POD@

EXAMPLES

dumpmasm test.exe | grep '^"PART"'

dumpmasm test.exe | grep '^"FLOW"'

ENVIRONMENT

    @PHAROS_ENV_POD@

FILES

    @PHAROS_FILES_POD@

NOTES

This program is an internal tool used for debugging the function partitioner, and hasn't been well maintained.

AUTHOR

Written by the Software Engineering Institute at Carnegie Mellon University. The primary author was Cory Cohen.

COPYRIGHT

Copyright 2018 Carnegie Mellon University. All rights reserved. This software is licensed under a "BSD" license. Please see LICENSE.txt for details.