CFG

I’m not an expert, do not hesitate to correct me

The Control Flow Graph is a way to represente subroutines to show the decision mechanism inside of it.

I will take as an example this code :

#include <stdio.h>

int main(int argc, char**argv)
{
	printf("Argument count\n");
	if (argc == 1)
	{
		printf("There is no argument\n");
	}
	for (int i = 1; i < argc;i++)
	{
		printf("There is %d arguments\n",i);
	}
	return 0;
}

Which give the following CFG

CFG extracted with IDA Free software

With this example you can see the components of the CFG, the basics blocks (the assembly box) and the conditional paths (the arrow).

It’s a great way to see different path of the code and in malware analysis it’s a very usefull tool to go find the condition to deliver a payload.

With experience you car recognize the different kind of loop, the if, the switch case. It’s also a usefull tool to say of the program went through automated obfuscation.

I also heard about ICFG (Interpolated CFG), as much as i understand it just a big CFG which will make link between subroutines and procedure. (I’m not very sure of myself on this one)