Proximity view

The proximity view is accessed using the F3 shortcut twice. It allows you to navigate the control flow graph of the current function. You can click on the different labels or references to follow the control flow of the program.

Note

The proximity view will only work within an identified function, i.e a function recognized by the Functions recovery.

The proximity view being a standard view found in many other tools (e.g. IDA), we will only focus on the few less common features.

Basics

The proximity view needs you to be located within an identified function. If you are outside the scope of a function, you’ll first need to jump to one, either by hitting f or F, or by clicking on any of the identified function in the Functions tab left of the window.

The proximity view interface

The proximity view then displays the graph of basic blocks for the current function. Basic blocks are linked by edge when the control flow may go from one block to another:

• plain arrow edges represent the normal control flow, i.e flow going from one instruction to another without any jump

• hollow arrow edges represent changes in control flow, e.g. a (un)conditional jump

The current basic block is highlighted with a red border to make it easily identifiable. Several options are at your disposition to make the graph suit your need:

• the type of edge routing

  • polyline: straight lines that do not overlap nodes

  • ortho: best-looking but takes more place and has some rare crashes

  • line: direct lines that overlap nodes (fastest)

• the zoom factor: you can also zoom in and out holding Ctrl and using the mouse wheel.

• whether to display or not exception edges. For big try blocks, an exception edge is added between every basic block of the try block to the start of the catch block. This can quickly become a mess.

Zooming out can provide you with some insight: this functions looks obfuscated

Note that we are using the graphviz library to layout the graph nodes. While the library is pretty fast and provides good-looking result, it can still be somewhat slow for large graphs (1000+ nodes).

Navigation

Navigating in the proximity view is mainly done using the mouse, by following labels. A few keyboard shortcuts are still available:

Shortcut	Action
LeftMouse grab	Move view around
Ctrl+MouseWheel	Zoom in/out
←	Scroll left
→	Scroll right
↑	Scroll up one line
↓	Scroll down one line
Home	Goto top of graph
End	Goto end of graph
PageUp	Goto back one page
PageDown	Display next page
Ctrl+G	Goto address (opens a dialog)
Backspace	Go back
f or F	Goto next/previous Function

If you want to go up one level and display the Function call graph, you can click on the button Show call graph on top of the view.

Editing

Currently, the graph is read-only. But we plan to let you move nodes and color them in the future.