RIVER: A Binary Analysis Framework Using Symbolic Execution and Reversible x86 Instructions
نویسندگان
چکیده
We present a binary analysis framework based on symbolic execution with the distinguishing capability to execute stepwise forward and also backward through the execution tree. It was developed internally at Bitdefender and code-named RIVER. The framework provides components such as a taint engine, a dynamic symbolic execution engine, and integration with Z3 for constraint solving.
منابع مشابه
Insight: An Open Binary Analysis Framework
We present Insight, a framework for binary program analysis and two tools provided with it: CFGRecovery and iii. Insight is intended to be a full environment for analyzing, interacting and verifying executable programs. Insight is able to translate x86, x86-64 and msp430 binary code to our intermediate representation and execute it symbolically in an abstract domain where each variable (registe...
متن کاملContext-sensitive analysis without calling-context
Since Sharir and Pnueli, algorithms for context-sensitivity have been defined in terms of ‘valid’ paths in an interprocedural flow graph. The definition of valid paths requires atomic call and ret statements, and encapsulated procedures. Thus, the resulting algorithms are not directly applicable when behavior similar to call and ret instructions may be realized using non-atomic statements, or w...
متن کاملAutomating Mimicry Attacks Using Static Binary Analysis
Intrusion detection systems that monitor sequences of system calls have recently become more sophisticated in defining legitimate application behavior. In particular, additional information, such as the value of the program counter and the configuration of the program’s call stack at each system call, has been used to achieve better characterization of program behavior. While there is common ag...
متن کاملIntScope: Automatically Detecting Integer Overflow Vulnerability in X86 Binary Using Symbolic Execution
The number of identified integer overflow vulnerabilities has been increasing rapidly in recent years. In this paper, we present a system, IntScope, which can automatically detect integer overflow vulnerabilities in x86 binaries before an attacker does, with the goal of finally eliminating the vulnerabilities. IntScope first translates the disassembled code into our own intermediate representat...
متن کاملCase Study on LLVM as suitable intermediate language for binary analysis
Many binary analysis tools and compilers, instead of directly working on code, use an intermediate representation of it. The idea of this thesis is to use the well-tested intermediate representation from LLVM for binary analysis tasks. We take a look at McSema, a tool to translate x86 and x86_64 binaries to LLVM, describe its translation process in detail and additionally implement Python bindi...
متن کامل