BINSIDE. Static binary code analysis tool
The importance of binary code analysis
Software developers often face a problem of incorporating complex computations, data encryption and compression algorithms, and similar common notions into their code. This is typically done by using standard libraries specializing in a group of tasks; these libraries are often distributed in binary code only. On the other hand, software maintenance is gradually becoming more and more important within the development cycle; software maintenance incorporates the task of updating both its code and external libraries. External libraries and auxiliary programs, distributed in binary form, need to conform to quality and security standards.
Static binary code analysis tool
At the Institute for System Programming of the Russian Academy of Sciences we have developed a static binary code analysis tool. This tool includes the following features:
- Support for various processor architectures: x86, x64 (ARM, PowerPC, MIPS to be added);
- Support for various platforms: Linux, Windows;
- Support for various binary code formats: ELF for Linux and PE for Windows;
- Support for binary code analysis without debug information or symbol tables;
- Automatic defect detection: invalid usage of format string functions, buffer overfiows, invalid usage of dynamic memory.
The analysis tool transforms executable and library binary code into the specialized architecture independent internal representation used to create control fiow graphs and call graphs; these graphs are used to perform contextsensitive intra-procedural data fiow analysis in order to identify potential runtime defects and vulnerabilities. The context-sensitive analysis core automatically generates function specifications and propagates them through function call code points.
We currently provide automatic checkers that identify problems with format string functions, potential buffer overfiow defects and invalid usage of dynamic memory.
Our analysis tool provides an API for accessing internal code representation and models and can be used to design new checkers.
Our analysis tool employs IDA Pro -- a de facto standard in the field of program disassembly and reverse engineering -- and additional tools (Google (Zynamics) BinNavi and BinExport) modified to our needs; these tools transform program binary code into REIL -- an architecture-independent intermediate representation language. We are extending these tools in order to improve the efficiency of intraprocedural analysis, abstract interpretation, defect detection, tainted data fiow analysis, PDG (Program Dependence Graph) generation and other methods. Certain extensions (e.g. x64 support for REIL transformation) were successfully released into the community.