Here is a script I wrote about two years ago, that produces a graph (using Graphviz) of branches and calls from a 8051 hex file, disassembled with Dis51. This µC can be found, for instance, in Cypress USB bridges, that load the firmware from USB when the device is plugged in, and are used for many kinds of applications (I have a DSL modem and a TV tuner that use them, for instance).

It can be used like this:

dis51 -l [entrypoints list] < firmware.hex > firmware.a51
python graphviz_generator.py firmware.a51 [entrypoints list] > graph.gv
dot -Tgif graph.gv > firmware_graph.gif

("entrypoints list" being a list of whitespace separated addresses, like "0x0000 0x0010", without the quotes)

The graph will look as follows:

- Red circles are functions (branches that update the stack pointer)
- Grey circles are RET statements (end of functions, also modify the SP)
- Blue circles are entrypoints
- Squares are normal branch instruction
- plain lines mean the branch is always taken (or when the branch condition is false)
- dashed lines mean the branch is taken if the branch condition is true (JZ, JNZ ...)
- red dashed lines mean a function call

As a small picture usually talks more than a long text, so here is a really BIG picture.

And finally, the script.