Insight: An Open Binary Analysis Framework

  • Emmanuel FleuryEmail author
  • Olivier Ly
  • Gérald Point
  • Aymeric Vincent
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9035)


We present Insight, a framework for binary program analysis and two tools provided with it: CFGRecovery and iii.

Insight is intended to be a full environment for analyzing, interacting and verifying executable programs. Insight is able to translate x86, x86-64 and msp430 binary code to our intermediate representation and execute it symbolically in an abstract domain where each variable (register, memory cell) is substituted by a formula representing all its possible values along the current execution path.

CFGRecovery aims at automatically rebuilding the program control flow based only on the executable file. It heavily relies on SMT solvers.

iii provides an interactive and a (Python) programmable interface to a coherent set of features from the Insight framework. It behaves like a debugger except that the execution traces that are examined are symbolic and cover a collection of possible concrete executions at once. For example, iii allows to perform an interactive reconstruction of the CFG.


binary analysis CFG recovery symbolic debugging 


  1. 1.
    Balakrishnan, G., Gruian, R., Reps, T., Teitelbaum, T.: CodeSurfer/x86—A platform for analyzing x86 executables. In: Bodik, R. (ed.) CC 2005. LNCS, vol. 3443, pp. 250–254. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  2. 2.
    Balakrishnan, G., Reps, T.: WYSINWYX: What You See Is Not What You eXecute. Journal of ACM Transactions on Programming Languages and Systems (TOPLAS) 32 (2010)Google Scholar
  3. 3.
    Ballabriga, C., Cassé, H., Rochange, C., Sainrat, P.: OTAWA: An open toolbox for adaptive WCET analysis. In: Min, S.L., Pettit, R., Puschner, P., Ungerer, T. (eds.) SEUS 2010. LNCS, vol. 6399, pp. 35–46. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  4. 4.
    Bardin, S., Herrmann, P.: OSMOSE: automatic structural testing of executables. Software Testing, Verification and Reliability 21(1), 29–54 (2011)CrossRefGoogle Scholar
  5. 5.
    Bardin, S., Herrmann, P., Leroux, J., Ly, O., Tabary, R., Vincent, A.: The BINCOA framework for binary code analysis. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 165–170. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  6. 6.
    Brumley, D., Jager, I., Avgerinos, T., Schwartz, E.J.: BAP: A binary analysis platform. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 463–469. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  7. 7.
    Cifuentes, C.: Reverse Compilation Techniques. Ph.D. thesis, Queensland University of Technology, Department of Computer Science (1994)Google Scholar
  8. 8.
    Cimatti, A., Griggio, A., Schaafsma, B.J., Sebastiani, R.: The mathSAT5 SMT solver. In: Piterman, N., Smolka, S.A. (eds.) TACAS 2013 (ETAPS 2013). LNCS, vol. 7795, pp. 93–107. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  9. 9.
    Franzn, A., Cimatti, A., Nadel, A., Sebastiani, R., Shalev, J.: Applying SMT in symbolic execution of microcode. In: Proc. of Int. Conf. on Formal Methods in Computer-Aided Design (FMCAD 2010), pp. 121–128. IEEE (2010)Google Scholar
  10. 10.
    Kinder, J., Veith, H.: Jakstab: A static analysis platform for binaries. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 423–427. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  11. 11.
    Kinder, J., Zuleger, F., Veith, H.: An abstract interpretation-based framework for control flow reconstruction from binaries. In: Jones, N.D., Müller-Olm, M. (eds.) VMCAI 2009. LNCS, vol. 5403, pp. 214–228. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  12. 12.
    Mycroft, A.: Type-based decompilation (or program reconstruction via type reconstruction). In: Swierstra, S.D. (ed.) ESOP 1999. LNCS, vol. 1576, pp. 208–223. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  13. 13.
    Song, D., Brumley, D., Yin, H., Caballero, J., Jager, I., Zhenkai, K.M.G.a.L., James, N., Pongsin, P., Prateek, S.: BitBlaze: A new approach to computer security via binary analysis. In: Proc. of Int. Conf. on Information Systems Security (ICISS). LNCS, pp. 1–25. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  14. 14.
    Thakur, A., Lim, J., Lal, A., Burton, A., Driscoll, E., Elder, M., Andersen, T., Reps, T.: Directed proof generation for machine code. In: Touili, T., Cook, B., Jackson, P. (eds.) CAV 2010. LNCS, vol. 6174, pp. 288–305. Springer, Heidelberg (2010)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2015

Authors and Affiliations

  • Emmanuel Fleury
    • 1
    • 2
    Email author
  • Olivier Ly
    • 1
    • 2
  • Gérald Point
    • 3
  • Aymeric Vincent
    • 4
  1. 1.LaBRI, UMR 5800TalenceFrance
  2. 2.Université de BordeauxTalenceFrance
  3. 3.CNRSTalenceFrance
  4. 4.INP Bordeaux AquitaineTalenceFrance

Personalised recommendations