Usage: mcsema-disass --disassembler path-to-IDA --os operating-system --arch architecture --output cfg-path --binary input-binary --entrypoint function [--log_file log-path]
Where:
path-to-IDA= the path to your IDA Pro disassembler executable, e.g.,~/ida-6.9/idal64operating-system= the OS of the binary being disassembled:linux, orwindowsarchitecture= the instruction set architecture of the binary being disassembled:amd64,amd64_avx,x86,x86_avx, oraarch64(64-bit ARMv8)cfg-path= the path a .cfg file where you want the recovered control flow graph to be savedinput-binary= the path to a binary executable to be disassembledfunction= the entry point function where the disassembler should start recovering control flow, e.g.,mainlog-path= (optional) the path to a log file to save the logging output of McSema
Usage: mcsema-lift-${version} --arch architecture --os platform --cfg cfg-path [--output output-path] [--libc_constructor init-function] [--libc_destructor fini-function]
Where:
architecture= architecture to use for the instruction semantics during lifting:amd64,amd64_avx,x86,x86_avx, oraarch64(64-bit ARMv8)platform= the operating system of the binary that was disassembled to generate this CFG. Currently the valid options arelinuxorwindows. This option is required for certain aspects of translation, like ABI compatibility for external functions, etc.cfg-path= path to the control flow graph file emitted bymcsema-disassthat you want to convert into bitcodeoutput-path= path to a .bc file where you want the lifted code to be saved. If the--outputoption is not specified, the bitcode will be written to stdoutinit-function= constructor function for running pre-maininitializers. It is executed before themainand constructs the global objects. This feature is important for lifting the C++ programs. On GNU-based systems, this is typically__libc_csu_init.fini-function= destructor function for running post-mainfinalizers. It is executed after themainfunction at program exit. On GNU-based systems, this is typically__libc_csu_fini.