I want to get the system call graph of the executable. Is this option available？I know -dcallgraph can get the call graph.

BinaryAnalysisPlatform / bap

Binary Analysis Platform

MIT License

2.07k stars 273 forks source link

I want to get the system call graph of the executable. Is this option available？I know -dcallgraph can get the call graph. #1372

Closed lkpama closed 2 years ago

ivg commented 2 years ago

Can you please define what do you mean by the "system call graph"?

lkpama commented 2 years ago

Can you please define what do you mean by the "system call graph"?

In fact, I want to get system calls , not all calls, like NtCreateFile,NeOpenFile , GetModuleHandle etc.

ivg commented 2 years ago

Typically, those calls a not made by a binary but by the corresponding system libraries that are linked by the binary, so you won't see them. If you will analyze the system libraries directly, you might see them, with encodings that depend on that binary and OS, e.g., they could be encoded as function calls or as CPU exceptions (CpuExn).

ivg commented 2 years ago

Feel free to drop by our gitter channel for further discussion. https://gitter.im/BinaryAnalysisPlatform/bap