Echo is an experimental generic, static analysis, symbolic execution and emulation framework, that aims to help out with binary code analysis for a variety of platforms.
Echo is released under the LGPLv3 license.
- Control flow analysis
- Create static and symbolic flow graphs
- Dominator analysis
- Serialize into scoped flow blocks or a list of instructions
- Data flow analysis
- Create data flow graphs
- Inspect stack and variable dependencies of instructions.
- AST building
- Lift control flow graphs to Abstract Syntax Trees (ASTs).
- Unified generic API.
- Serialize any kind of graph to the dot file format.
- Adding a new platform for flow analysis requires minimal effort
Supported platforms:
Architecture | Back-end | Control Flow | Data Flow | AST | Purity Classification | Emulation |
---|---|---|---|---|---|---|
CIL | AsmResolver | ✓ | ✓ | ✓ | ✓ | ✓ (WIP) |
CIL | dnlib | ✓ | ✓ | ✓ | ✓ | |
x86 (32-bit) | Iced | ✓ | ✓ | ✓ | ||
x86 (64-bit) | Iced | ✓ | ✓ | ✓ |
Echo can be built using dotnet build
, or any IDE that is capable of building .NET Standard 2.0 projects (such as Visual Studio or JetBrains Rider).
Not all projects need to be built for a working binary to be produced. Only the core libraries found in src/Core
are required to be built. Any other project, such as the platform-specific back-ends in the src/Platforms
directory and the test projects in test/
, is optional and can be unloaded safely.
Branch | Status (Linux) |
---|---|
master |
Check out the wiki for guides and information on how to use the library!
See CONTRIBUTING.md.
Please use the issue tracker. Try to be as descriptive as possible.