- Reduce implementation effort for individual analysis
- Only 250 LoCs in C++ to implement an analysis for validating function properties.
- Highly configurable
- An abstract interpretation based framework that allows user to define abstract domains and configure instruction evaluation.
- Sound and precise reasoning about stack memory
- A stack memory model at byte-level granularity, and sound and efficient approximations for imprecise updates on stack.
- Architecture-neutral
- Decouple analysis from architecture specifics such as assembly languages and ABI specifications.
sudo apt-get install g++ ocaml camlp4-extra camlp4 tar cmake make
mkdir build && cd build
cmake .. && make -j4
To analyze a binary object ~/obj, use the following command:
./jump_table x86_64.auto ~/obj
By default, SBA creates temporary files and outputs result in /tmp/sba/. These paths can be specifed using -d and -o as follows:
./jump_table -d /tmp/sba/ -o /tmp/sba/result x86_64.auto ~/obj
SBA has contributed significantly to the implementation of the following works:
- Scalable, Sound, and Accurate Jump Table Analysis. ISSTA 2024.
- Accurate Disassembly of Complex Binaries Without Use of Compiler Metadata. ASPLOS 2023.
- SAFER: Efficient and Error-Tolerant Binary Instrumentation. USENIX 2023.
- Practical fine-grained binary code randomization. ACSAC 2020.