This Week in Falcon - 05 Aug 2017

Falcon is a Binary Analysis Framework in Rust.

Falcon Symbolically Executes

Falcon now symbolically executes its simple-0 example. I added in copy-on-write SymbolicMemory, and with this addition the example executes in less than a second. Since it’s such a quick example, I went ahead and made it a test.

With an end-to-end symbolic execution test, z3 is now a dependency for for tests… and therefor continuous integration. Travis CI now tests from the docker. The Dockerfile used to build z3 from scratch, but this was taking 30 minutes in Travis CI, most of the time spent building Z3. A statically-linked z3 for Ubuntu Xenial x64 is being made available at https://files.reversing.io/, and will be pulled down in the docker build. This drops Travis CI times from 30 minutes to 6.

I will now be moving through GitHub issues towards the 0.1.0 milestone.

Other Falcon-related things:

Unfortunately I didn’t do a good job tracking chances this week. Some notes are:

• EngineDriver has been added to falcon::engine.
• Platform is implemented, and we have a basic LinuxX86 platform.
• Engine has an additional SuccessorType for Raise instructions.
• All setup for Linux X86 environment has been moved under that platform.

Other Things Across the Internet

• Writing a Basic Windows Debugger
• Grokking Diesel
• Microsoft didn’t sandbox Windows Defender, so I did
• https://www.reddit.com/r/rust/comments/6rerw5/tutorial_cross_compiling_a_gtk_program_from_linux/