Git Product home page Git Product logo

idametrics's Introduction

IDAMetrics-static.py

IDA plugins for static software complexity metrics collection.

This IDA script collects static software complexity metrics for binary executables of x86 architecture.

Minimal requirements:

IDA 5.5.0 (32 bit)

Python 2.5

IDAPython 1.2.0

Supported the following metrics:

1. Lines of code (function/module)

2. Average lines of code per basic block (module)

3. Basic blocks count (function/module)

4. Functions count (module)

5. Conditions count (function/module)

6. Assignments count (function/module)

7. Cyclomatic complexity metric (function/module)

8. Jilb's metric (function/module)

9. ABC metric (function/module)

10. Pivovarsky metric (function/module)

11. Halstead metric (function/module)

12. Harrison metric (function/module)

13. Boundary value metric (function/module)

14. Span metric (function/module)

15. Global variables access count (function/module)

16. Oviedo metric (function/module)

17. Chepin metric (function/module)

18. Card & Glass metric (function/module)

19. Henry & Cafura metric (function/module)

20. Cocol metric (function/module)

Additional functionality:

 - node graph generation (function)
 
 - basic block boundaries generation (function)

The tool is based on this paper.

BibTeX:

@inproceedings{shudrak2015improving,
    title={Improving fuzzing using software complexity metrics}, 
    author={Shudrak, Maksim O and Zolotarev, Vyacheslav V},
    booktitle={International Conference on Information Security and Cryptology},  
    pages={246--261},
    year={2015},
    organization={Springer}
}

IDAMetrics-dynamic.py

IDA plugins for trace complexity assessment.

This IDA script allows to calculate complexity of executed trace. The pincc.cpp described below may be used to extract such trace from an application.

pincc.cpp

Intel PIN DBI tool that allows to get trace of executed basic blocks.

Metrics efficiency analysis

We tested metrics to predict bugs in the following list of vulnerable apps: http://goo.gl/4dKypy

The raw results are here: http://goo.gl/Kl0qBa

sorter.py

This IDA Python script aimed to prioritize some test cases based on their coverage complexity. By default Halstead B metric is used to get coverage complexity. Also script excludes not unique cases based on executed trace.

#Bugs

Please read attentively current issues before using these scripts. Many metrics were not originally created for binary code, so I made a lot of assumptions during implementation and you should use results of these scripts carefully. Please mail me if you find any inaccuracy or mistakes in the implementation.

idametrics's People

Contributors

mxmssh avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar

Forkers

sucof nihilus rhettc chubbymaggie jackbro fuzzamos pfsun trietptm-on-coding-algorithms jasenhuang macromachine karthik2112 jack51706 asdyxcyxc clayne enheng5

idametrics's Issues

i#10 ida_metrics_static script need refactoring

ida_metrics_static script needs refactoring b/c we need to provide Metrics and Metrics_function class as a set of independent functions which is called by user. Now we're calling all metrics one by one which is very inefficiently.

64bit bin file support issue

Hi,

Again, we are appreciate your plugin file. It is very powerful and useful.

However, we want to use 64bit version for our research.

I know you are busy in the other project currently.

Can you give some tips for us to modify this plugin to 64 bit by ourselves? (e.g : Offset setting)

Thanks

Michael

Create wiki

We need the following pages:

  1. How to install
  2. How to use IDAMetrics-static, dynamic, code coverage tool
  3. Metrics description
  4. Detailed results of effectiveness assessment

Got the issue for using tool

Hi

I am doing the research with This tool.

I install the plugin in IDApro 6.8 with Python 2.7 (is good )

I run the IDAmetrics_dynamic .py (Alt +F7) in IDA

And I choose the a.out which is build by GCC on Linux (just a hello world program)

I got the error log here

Exception in Tkinter callback
Traceback (most recent call last):
File "C:\Python27\Lib\lib-tk\Tkinter.py", line 1470, in call
return self.func(*args)
File "E:/CSE_Lei/IDA/IDAmetrics-master\IDAMetrics_static.py", line 1103, in
command = lambda: self.GetUserChoice(callback)).pack(side=LEFT)
File "E:/CSE_Lei/IDA/IDAmetrics-master\IDAMetrics_static.py", line 1126, in GetUserChoice
callback(self.metrics_used)
File "E:/CSE_Lei/IDA/IDAmetrics-master/IDAMetrics_dynamic.py", line 284, in prepare
metrics_dynamic.get_dynamic_metrics(fname, metrics_used)
File "E:/CSE_Lei/IDA/IDAmetrics-master/IDAMetrics_dynamic.py", line 165, in get_dynamic_metrics
self.get_basic_dynamic_metrics(trace, metrics_static, metrics_used)
File "E:/CSE_Lei/IDA/IDAmetrics-master/IDAMetrics_dynamic.py", line 85, in get_basic_dynamic_metrics
instr_addr = int(instr_addr, 0) + self.image_base
ValueError: invalid literal for int() with base 0: '\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00>\x00\x01\x00\x00\x000\x04@\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\xe0\x19\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x008\x00\t\x00@\x00\x1f\x00\x1c\x00\x06\x00\x00\x00\x05\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00@\x00@\x00\x00\x00\x00\x00@\x00@\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\xf8\x01\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x04\x00\x00\x008\x02\x00\x00\x00\x00\x00\x008\x02@\x00\x00\x00\x00\x008\x02@\x00\x00\x00\x00\x00\x1c\x00\x00\x00\x00\x00\x00\x00\x1c\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\xf4\x06\x00\x00\x00\x00\x00\x00\xf4\x06\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x00\x00\x01\x00\x00\x00\x06\x00\x00\x00\x10\x0e\x00\x00\x00\x00\x00\x00\x10\x0e\x00\x00\x00\x00\x00\x10\x0e\x00\x00\x00\x00\x00(\x02\x00\x00\x00\x00\x00\x000\x02\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00(\x0e\x00\x00\x00\x00\x00\x00(\x0e\x00\x00\x00\x00\x00(\x0e\x00\x00\x00\x00\x00\xd0\x01\x00\x00\x00\x00\x00\x00\xd0\x01\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x04\x00\x00\x00T\x02\x00\x00\x00\x00\x00\x00T\x02@\x00\x00\x00\x00\x00T\x02@\x00\x00\x00\x00\x00D\x00\x00\x00\x00\x00\x00\x00D\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00P\xe5td\x04\x00\x00\x00\xcc\x05\x00\x00\x00\x00\x00\x00\xcc\x05@\x00\x00\x00\x00\x00\xcc\x05@\x00\x00\x00\x00\x004\x00\x00\x00\x00\x00\x00\x004\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00Q\xe5td\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00R\xe5td\x04\x00\x00\x00\x10\x0e\x00\x00\x00\x00\x00\x00\x10\x0e\x00\x00\x00\x00\x00\x10\x0e\x00\x00\x00\x00\x00\xf0\x01\x00\x00\x00\x00\x00\x00\xf0\x01\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00/lib64/ld-linux-x86-64.so.2\x00\x04\x00\x00\x00\x10\x00\x00\x00\x01\x00\x00\x00GNU\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00 \x00\x00\x00\x04\x00\x00\x00\x14\x00\x00\x00\x03\x00\x00\x00GNU\x00\x88\xd2"C\x02\xa7\xce2\xc6\xfa\x00\xeb\xfdR\xd9t\xf2\x13&\xa3\x01\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x12\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00$\x00\x00\x00 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00libc.so.6\x00printf\x00__libc_start_main\x00__gmon_start__\x00GLIBC_2.2.5\x00\x00\x00\x00\x02\x00\x02\x00\x00\x00\x01\x00\x01\x00\x01\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00u'
done

What's this mean? or should I set up any environment for building a.out?

If I got the wrong step, please tell me

Thanks

Michael

i#7: New algorithm of edges and boundaries constructing is required

Now boundaries and edges are making by using internal IDA functionality but it doesn't work for functions which have jumps beyond function boundaries (or jumps to "red" areas of code). Now we're generating warning in such situations but we need to manually parse all instructions.

Get error - no attribute "get_func_name"

I use IDA pro 6.95, and python 2.7, I get the attributeError:"module" object has no attribute "get_func_name" in line 269 of start_analysis function_name = idc.get_func_name(function_ea)
Can you please help me and give me some suggestions, I am trying to fix it.
Thanks.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.