binSpector - a graphical binary analyzer for LLVM-IR

VERY EARLY STAGE OF DEVELOPMENT

Die zum Projekt zugehörige Studienarbeit befindet sich hier.

Overview

binSpector is a Qt5-driven open-source application that uses dagger and fracture for disassembling and decompiling ARM, PPC and x86 (i386 and x86_64)-binaries to LLVM-IR.

After the decompilation to LLVM-IR the binary will be analysed to present the code-structure in different graphics:

• Call Graph
• Control-Flow Graph
• Control-Flow and Data-Flow Graph
• (Memory) Dependence (not implemented yet)

The UI consists of a 3-pane view.

The leftmost is a tabbed-dock that presents technical information about the binary actually analysed. The combo-boxes Architecture and Compiler are used to determine the project to use for the disassembly. Later these switches could be used for cross-compilation or other fun-stuff.

The main-area is meant to present everything that is code or the manual. It is possible to create an simple code-viewer which uses pygments to highlight its code or you can use the class codeEditor() and program your own syntax-parser. An example implementation for C++-parser is included under ./lib/control/syntax/clangHighlighter.cpp.

The rightmost pane is also a tabbed-dock that presents all the visualized graphs. These graphs are created with the graphviz-dot-utility upon the decompiled LLVM-IR. At the moment only image-files are supported. For better interaction it would be much better to implement postscript-support for zoom and graph-manipulation.

At the moment the program can open a binary-file and present its assembly-code. Everytime the user opens a binary, a structure of subfolders with the binary's name is created under /tmp/binSpector/:

/
`--tmp
   `-- binSpector
       |-- texts
       `-- graphs

This structure is used to save all the intermediate and visualized files until the user saves the project elsewhere. When the user saves the project to a specified location, the program copies every content from its /tmp/binSpector/-subfolder recursively to the new location and attaches an .binsp-extension.

Prerequisits

binSpector is intended to run on nearly every available OS. At this stage of developement only the usage under Mac OSX 10.9.4 is guaranteed. It can be possible to run binSpector also on different operating systems but you may need to set some paths differently.

It is recommended to use the package-manager Homebrew for easy installation of the missing programs. Homebrew uses its own directory to compile its applications and links them to /usr/local/bin afterwards.

XCode

You need to have XCode and its command-line-tools installed:

xcode-select --install

Also accept the License Agreement which is presented when opening XCode.

CMake

This project uses the CMake-build-system. The build-system can easily be maintained and altered.

brew install cmake

Qt5

Qt5 is needed for all the GUI-elements to provide an easy programming interface independent of the targeted operating system.

brew install qt5

Graphviz

This is used to create the graphs for analysation and the documentation.

brew install graphviz

Pandoc

This is used to convert Markdown *.md-files instantly into temporary html-code to present for example the manual in an appaeling way.

brew install pandoc

Pygments

This Python-tool is used to highlight every file that will be shown in the central-area of binSpector. Every highlighted file will also be saved in the folder-structure under /texts/{architecture}.{language}.html. That saves some time on resize-events because the highlighted code can be reused.

sudo easy_install Pygments

Doxygen

This is used to compile the documentation with every build, this way the documentation is always up-to-date.

brew install doxygen

Installation

1. Set your desired installation-path (everything after =):

export DESTINATION=$HOME/Developer/binSpector

2. Clone this repository:

git clone [email protected]:gismo141/binSpector $DESTINATION

3. Change to the cloned repository:

cd $DESTINATION

4. Create build-directory:

mkdir build && cd build

5. Compile the documentation and binSpector:

cmake .. && make

Usage

After the installation you will have a folder $DESTINATION/build/tools/binSpector which contains the newly compiled binSpector.app.

Under $DESTINATION/build/docs/html you'll find the documentation made wit Doxygen. Just open index.html in your browser.

Opening a project or creating a new analysis

When opening binSpector.app the user is presented with a file-dialog where he can select a binary-file or an existing *.binsp-project to analyse. The following images illustrate binSpector's capabilities using it's own binary for analysis.

Reading the manual

Saving your analysation

Disassemble with standard options

Disassemble with user-set options

Decompile to LLVM-IR (at the moment this is not suppported)

When clicking the decompile-button binSpector will disassemble the binary with the standard -tV-options but the output will be highlighted using the LLVM-syntax. There is no LLVM-IR code produced in this process!!!!

For every problem send me an email or create an issue.

How could you contribute?

1. Fork this project to your account.
2. Create a new branch for the improvements, you intend to make.
3. Make the changements in your fork.
4. Send a pull-request from your fork’s branch to my master branch.

You can always use the web-interface to make the changes you want. It helps you automizing the workflow from above.