Homemade stuff that help me (or try to) analyse malwares.
Output functions in ascending size order
python3 exe_stats.py test.exe -o size
Output examples:
+---------------------------+--------------------+----------------------+------+
| Function name | Number refs to fct | Number refs from fct | Size |
+===========================+====================+======================+======+
| fcn.0040100b | 1 | 1 | 1 |
+---------------------------+--------------------+----------------------+------+
| fcn.005b4a92 | 1 | 1 | 3 |
+---------------------------+--------------------+----------------------+------+
| fcn.005b100a | 1 | 1 | 4 |
+---------------------------+--------------------+----------------------+------+
| entry0 | 190 | 1 | 11 |
+---------------------------+--------------------+----------------------+------+
| fcn.005b76be | 1 | 1 | 21 |
+---------------------------+--------------------+----------------------+------+
| fcn.005bb4ae | 1 | 1 | 26 |
+---------------------------+--------------------+----------------------+------+
| fcn.005b46de | 1 | 1 | 38 |
+---------------------------+--------------------+----------------------+------+
| fcn.005c872a | 1 | 1 | 46 |
+---------------------------+--------------------+----------------------+------+
| fcn.005c7ef2 | 1 | 1 | 244 |
+---------------------------+--------------------+----------------------+------+
| sym.imp.kernel32.dll_GetP | 0 | 1 | 381 |
| rocAddress | | | |
+---------------------------+--------------------+----------------------+------+
| fcn.005b1014 | 2 | 6 | 585 |
+---------------------------+--------------------+----------------------+------+
| fcn.005b26e6 | 1 | 1 | 966 |
+---------------------------+--------------------+----------------------+------+
| fcn.00473367 | 2 | 1 | 1010 |
+---------------------------+--------------------+----------------------+------+
| fcn.005c0122 | 1 | 1 | 1020 |
+---------------------------+--------------------+----------------------+------+
| sym.imp.user32.dll_GetKey | 0 | 1 | 1286 |
| boardType | | | |
+---------------------------+--------------------+----------------------+------+
At the moment, it just supports size ordering, call references from the functions and xrefs to the functions.
python3 call_graph_to_x32_db.py -f 0x00425234 -o test.dd32 text.exe