Often, you see a function in IDA and want to know, what it can do? What can execute? But you only see its body...
This script is different from previous, it will draw a callgraph starting at current function, recursively diving deep, down to some limit, because the whole callgraph can be huge to navigate on.
For example, vsnprintf() function in Linux kernel: kernel_vsnprintf.png. Now you can say something about it. And it's different from the standard one. "..." at the end means there are more calls, which are suppressed by limit.
Unlike my previous IDAPython script, this one doesn't require external networkx library. But you need GraphViz to render *.gv files.
Also, a list of all possible paths in graph can be huge, so only a list of functions is dumped.
NtOpenProcess() from ntoskrnl.exe (Win10).
CryptImportPublicKeyInfoEx() from crypt32.dll (Win10).
One of the main functions in PING.EXE (Win10).
The script itself.
Please drop me email about bug(s) and/or suggestion(s): email@example.com. List of other blog posts. BTW, I'm teaching. Follow me in social networks: Twitter, Telegram, GitHub, Discord, Facebook.