Ghidra: Extracting CFG for the whole program

I'm not a Ghidra developer or affiliated with the NSA, but I've written some code to generate control flow graphs as part of my program analysis library. I haven't pushed the latest code to the repo yet; I plan on publishing it in the very near future (ideally by the end of the week).

In the meantime, check out the documentation for the following:

• Instruction.getFlowType()
• Instruction.getFlows()
• FlowType.isConditional()
• FlowType.isUnConditional()
• FlowType.isComputed()
• FlowType.hasFallthrough()
• Instruction.getFallThrough()
• GDirectedGraph, GVertex, DefaultGEdge

The comments in #289 may be of use, as well. TLDR: there's a script in the main repo called GraphAST that gives you a per-function CFG and some scripts in https://github.com/d-millar/ghidra_pcode_scripts for dumping other pcode data that should help with stitching functions together. Not a canned solution admittedly, but...

You can also use the block models, specifically the SimpleBlockModel.

SimpleBlockModel model = new SimpleBlockModel(program)

Then iterate over all the blocks using

model.getBlocks(monitor)

or using the blocks and their destination references.

You can then extract the instructions from the blocks using:

program.getListing().getInstructions(block,true)

It all depends on what type of information (you mention instructions) you want in your CFG, and if you want the CFG in pcode form and simplified by the decompiler as in the method suggested by @d-millar.