Static analysis tool for examining binaries

GrammaTech announced a static-analysis tool for analyzing binary libraries and executables. CodeSonar for Binaries enables users to examine software for security vulnerabilities and malicious code, without the need for source code.

Because the technology does not rely on debug or symbol-table information, it can examine the stripped executables normally shipped by software vendors. As a result, users can use CodeSonar for Binaries to perform a security analysis on software without any cooperation from the vendor.

The analysis engine is the result of a 10-year collaboration between GrammaTech and the University of Wisconsin-Madison, involving 21 experts in program analysis and $15 million in R&D. As GrammaTech increased its R&D spending, several key researchers at the University of Wisconsin joined the company. The innovative technology has received prestigious awards at Computer Science conferences.

“Disassembly tools have been available for analyzing binaries, but analyzing low-level machine code manually, or even with scripts, is extremely time consuming and not really a scalable approach to identifying vulnerabilities,” said Paul Anderson, VP of Engineering at GrammaTech.

“CodeSonar for Binaries makes it easy to examine large executables rapidly. Furthermore, the tool is fully integrated with GrammaTech’s source-code analysis technology, allowing customers to analyze projects that are a combination of source and binary code,” Anderson added.