We hope you had a pleasant festive season and wish you all the best for 2026.
To kick off the new year on the right foot, we are proud to introduce you to the new BINSEC version
0.11, and all the things we shipped inside.
On the agenda:
- architectures that well-behaved were gifted with a new core dump support for easy initialization
(BINSEC now supports
ARM,RISCV32,RISCV64andPowerPC64in addition tox86_32,x86_64andAARCH64), together with new utilities to make core dump more practical; - the symbolic execution plugin API has been heavily amended to open up a new world of possibilities and its documentation and write-ups have been updated (shadow stack part 1, part 2, quick-merge);
- a large code base refactoring with a more principled library organization.
Core dump initialization.
Initializing the symbolic execution can quickly become tricky. To make it simpler, it is possible to start from a fully concrete state borrowed from a snapshot of the process memory.
The main downside? The program under test has to match your host architecture. Want to analyze foreign programs? We can now combine QEMU and GDB to extract the core dump. We updated the script make_coredump.sh to take care of that. But we still need to analyze the core dump in the same file system it was generated. Want to use a core dump generated by someone else? We can make a local copy of the target file system (only the used files) and instruct BINSEC to use it from the process perspective with the option -sse-sysroot. We shipped the script archive_sysroot.sh to save the required files for us. Given that BINSEC supports the core dump initialization for x86_32, x86_64, ARM, AARCH64, RISCV32, RISCV64 and PowerPC64, there is no longer any excuse for not trying it.
The new plugin interface.
Still, beware, this version introduces a considerable amount of code-breaking changes. We achieved a (big) step toward making BINSEC a library in addition to a command line tool. This is particularly noticeable in the symbolic execution engine that has been split and reorganized into two main libraries Binsec_symbolic and Binsec_sse. Every care has been taken to document the new interfaces, including the plugins API which has been extensively amended. We trust the changes are worth as they offer new powerful capabilities to plugin developers, such as disassembly hooks or path merging, while making the old ones clearer most of the time. We updated the plugin tutorial to reflect these changes (shadow stack part 1, part 2) and added a how-to use a plugin to merge sibling paths.
As of the beginning of this year, here again, we want to thank you for using BINSEC, reporting issues and sharing feedback. We hope this will continue in 2026.
Happy New Year! :-)