GoGrapher is a Control Flow Graph (CFG) similarity tool to identify matching functions between two binaries.
To build GoGrapher use cargo's usual build command :
cargo build --releaseAlternatively to build GoGrapher as a python library use maturin instead:
maturin build --releaseYou can then install the generated .whl file.
Once installed, a new utility gographer will be available.
Usage: gographer [OPTIONS] <SAMPLE_PATH> [REFERENCE_PATH]...
Arguments:
<SAMPLE_PATH> Path to the GO sample to analyze
[REFERENCE_PATH]... Path to the GO reference samples to compare to
Options:
-o, --output <OUTPUT_PATH> Path of the output JSON report
-t, --threshold <THRESHOLD> Value at which matches are considered significant [default: 0.0]
-h, --help Print help
Here is a typical workflow using GoGrapher :
gographer path/to/sample.exe path/to/reference.exe -o path/to/report.jsonUpon execution, GoGrapher will dissassemble each binary, then compute the similarity between the sample and each reference binary.
Depending on the command line options used, the resulting similarity report will be either printed colorized to STDOUT or saved to the designated output file.
Volexity would like to thanks Mr. Hyun-li Lim of the South Korean university of Kyungnam for his paper on CFG similarity algorithm which was the basis of GoGrapher's similarity algorithm implementation.