Yet another symbolic execution engine. Based on Ghidra's P-Code. Built for fun.
Pull the repo and the submodules:
git clone https://github.com/borzacchiello/naaz.git
cd naaz
git submodule update --init
Compile third_party libraries:
cd third_party
./build.sh
Compile naaz:
cd ..
mkdir build
cd build
cmake ..
make -j`nproc`
The command line tools are under the directory build/tools/
naaz comes with two command line utilities:
naaz_finder
which looks for a state that reaches a given address.naaz_path_generator
, which generates inputs that covers multiple paths.
examples on how to use this tools can be found in this repo.
- Implement COW memory
- Implement handlers for all P-Code statements
- Syscalls support
- Windows/PE support
- More library models
- Support more loaders (e.g., one based on rizin)
- Support for library loading
- Bindings for Python