{"id":17922868,"url":"https://github.com/laurmaedje/symflow","last_synced_at":"2025-04-28T18:33:30.431Z","repository":{"id":160900713,"uuid":"193970925","full_name":"laurmaedje/symflow","owner":"laurmaedje","description":"Data flow analysis for x86-64 ELF binaries based on symbolic execution. 🔎","archived":false,"fork":false,"pushed_at":"2020-09-27T15:23:28.000Z","size":2378,"stargazers_count":9,"open_issues_count":0,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-03-30T11:51:12.394Z","etag":null,"topics":["data-flow-analysis","static-analysis","x86-64"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/laurmaedje.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-06-26T20:10:45.000Z","updated_at":"2024-12-21T16:37:40.000Z","dependencies_parsed_at":null,"dependency_job_id":"4c024dbf-6aca-43da-913d-51979a108995","html_url":"https://github.com/laurmaedje/symflow","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/laurmaedje%2Fsymflow","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/laurmaedje%2Fsymflow/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/laurmaedje%2Fsymflow/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/laurmaedje%2Fsymflow/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/laurmaedje","download_url":"https://codeload.github.com/laurmaedje/symflow/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251366303,"owners_count":21578103,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["data-flow-analysis","static-analysis","x86-64"],"created_at":"2024-10-28T20:41:08.023Z","updated_at":"2025-04-28T18:33:30.408Z","avatar_url":"https://github.com/laurmaedje.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Symflow\n**Data flow analysis for x86-64 ELF binaries based on symbolic execution.** 🔎\n\nSymflow tracks the flow of values throughout the execution of a program and builds a _data dependency graph_, a structure describing how values flow through registers and memory locations within the program, enabling further analysis in need of such information. Along normal location nodes it also contains nodes for input and output, which represent bytes read from the standard input or written to the standard output, and constant nodes for constant values. Sometimes a value read from the input is only written to the output in specific circumstances. To account for such flows, the graph annotates edges with conditions in which the data flows.\n\nThis work is a _proof of concept_ and works only on a very small subset of _x86-64_ binaries.\n\n## Building\nThis crate depends on the Z3 theorem solver and needs its library installed.\n```bash\n# Install the Z3 development libraries with apt\n# or the package manager of your choice.\napt install libz3-dev\ncargo build\n\n# To run the tests and see the graph outputs, you will need\n# to compile the examples with make and install graphviz.\ncd test \u0026\u0026 make\napt install graphviz\ncargo test\n```\n\n## Example\nThe following code performs some pointer arithmetic based on values read from the standard input. In this example, the buffers are arranged in such a way that the secret value read from standard input is written to the output if `x = 64 + y` holds true. This can also be seen in the data dependency graph shown below: The secret byte corresponds to the third byte read from standard input, namely `stdin2` (starts at zero). The (only) value that is written to the output corresponds to `stdout0`. A chain of arrows through a lot of registers and memory locations exists from `stdin2` to `stdin0` in the graph (at the right end), with one arrow holding exactly the condition discussed above.\n\n#### Code\n```c\nvoid main() {\n    char buf[1024];\n\n    unsigned char x = read_one_byte();\n    unsigned char y = read_one_byte();\n    char secret = read_one_byte();\n\n    char* a = buf + x;\n    char* b = buf + 64 + y;\n\n    a[x] = secret;\n    char s = b[x];\n\n    write_one_byte(s);\n}\n```\n\n#### Data Dependency Graph\n![Data Dependency Graph](https://github.com/laurmaedje/symflow/blob/master/Graph.png)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flaurmaedje%2Fsymflow","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flaurmaedje%2Fsymflow","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flaurmaedje%2Fsymflow/lists"}