angr生成的ddg

angr 生成的ddg

使用如下方式生成的ddg图如下所示

>>> import angr
>>> from angrutils import *
>>> b = angr.Project("test", load_options={"auto_load_libs": False})
WARNING  | 2023-02-07 19:38:28,921 | cle.loader     | The main binary is a position-independent executable. It is being loaded with a base address of 0x400000.
>>> cfg = b.analyses.CFGEmulated(keep_state=True,
... state_add_options=angr.sim_options.refs)
WARNING  | 2023-02-07 19:39:01,909 | angr.storage.memory_mixins.default_filler_mixin | The program is accessing register with an unspecified value. This could indicate unwanted behavior.
WARNING  | 2023-02-07 19:39:01,909 | angr.storage.memory_mixins.default_filler_mixin | angr will cope with this by generating an unconstrained symbolic variable and continuing. You can resolve this by:
WARNING  | 2023-02-07 19:39:01,909 | angr.storage.memory_mixins.default_filler_mixin | 1) setting a value to the initial state
WARNING  | 2023-02-07 19:39:01,909 | angr.storage.memory_mixins.default_filler_mixin | 2) adding the state option ZERO_FILL_UNCONSTRAINED_{MEMORY,REGISTERS}, to make unknown regions hold null
WARNING  | 2023-02-07 19:39:01,909 | angr.storage.memory_mixins.default_filler_mixin | 3) adding the state option SYMBOL_FILL_UNCONSTRAINED_{MEMORY,REGISTERS}, to suppress these messages.
WARNING  | 2023-02-07 19:39:01,910 | angr.storage.memory_mixins.default_filler_mixin | Filling register r15 with 8 unconstrained bytes referenced from 0x401237 (__libc_csu_init+0x37 in test (0x1237))
WARNING  | 2023-02-07 19:39:02,035 | angr.storage.memory_mixins.default_filler_mixin | Filling register rbx with 8 unconstrained bytes referenced from 0x401240 (__libc_csu_init+0x40 in test (0x1240))
WARNING  | 2023-02-07 19:39:02,036 | angr.storage.memory_mixins.default_filler_mixin | Filling register r15 with 8 unconstrained bytes referenced from 0x401240 (__libc_csu_init+0x40 in test (0x1240))
>>> ddg = b.analyses.DDG(cfg)
>>> ddg.graph
at 0x7fbf3f890d30>
>>> plot_ddg_stmt(ddg.graph,"ddg_stmt",format='svg')

生成的cfg图和ddg图展示如下,请问ddg中的节点的含义是什么?(是指每一个汇编语句吗?)每个节点前面的地址值和后面的id是什么关系,又如何和cfg图相对应查看呢?

img

回答不易,求求您采纳点赞哦

DDG图中的节点表示了一条汇编语句,每个节点前面的地址值是该汇编语句执行的代码地址,而后面的ID是该汇编语句的唯一标识。而这些汇编语句之间的关系,和CFG图中该汇编语句执行完之后的流程是密切相关的,可以通过对DDG图和CFG图的对比,来查看每个汇编语句的流程走向。