Usage: mcsema-disass --disassembler path-to-IDA --os operating-system --arch architecture --output cfg-path --binary input-binary --entrypoint function [--log_file log-path]
Where:
path-to-IDA
= the path to your IDA Pro disassembler executable, e.g.,~/ida-6.9/idal64
operating-system
= the OS of the binary being disassembled:linux
, orwindows
architecture
= the instruction set architecture of the binary being disassembled:amd64
,amd64_avx
,x86
,x86_avx
, oraarch64
(64-bit ARMv8)cfg-path
= the path a .cfg file where you want the recovered control flow graph to be savedinput-binary
= the path to a binary executable to be disassembledfunction
= the entry point function where the disassembler should start recovering control flow, e.g.,main
log-path
= (optional) the path to a log file to save the logging output of McSema
Usage: mcsema-lift --arch architecture --os platform --cfg cfg-path [--output output-path] [--libc_constructor init-function] [--libc_destructor fini-function]
Where:
architecture
= architecture to use for the instruction semantics during lifting:amd64
,amd64_avx
,x86
,x86_avx
, oraarch64
(64-bit ARMv8)platform
= the operating system of the binary that was disassembled to generate this CFG. Currently the valid options arelinux
orwindows
. This option is required for certain aspects of translation, like ABI compatibility for external functions, etc.cfg-path
= path to the control flow graph file emitted bymcsema-disass
that you want to convert into bitcodeoutput-path
= path to a .bc file where you want the lifted code to be saved. If the--output
option is not specified, the bitcode will be written to stdoutinit-function
= constructor function for running pre-main
initializers. It is executed before themain
and constructs the global objects. This feature is important for lifting the C++ programs. On GNU-based systems, this is typically__libc_csu_init
.fini-function
= destructor function for running post-main
finalizers. It is executed after themain
function at program exit. On GNU-based systems, this is typically__libc_csu_fini
.