Triton - A DBA Framework

Version 0.3

This version is a big step forward for the project. The version v0.3 allows you to plug any kind of tracers (e.g: Valgrind, Qemu, Pin, DynamoRIO, ...), allows you to simplify your symbolic expressions, to perform symbolic optimizations, to perform online or offline analysis, the libTriton is now available for OSX, Linux and Windows (without pintool), there is a new C++ and Python API and many more... Below, the short list of the main features added.

  • Externalize analysis from pintool (see #226)
  • libTriton available for OSX, Linux and Windows (without the pintool)
  • Tracer independent (see doc)
  • SMT Simplification Passes (see doc)
  • New semantics format (see source)
  • Offline / Online analysis
  • Symbolic Optimizations (see doc)
  • New C++ and Python API
  • Switch to Capstone for a multi-arch design
  • Semantics bug fix
  • Engines bug fix


Version 0.2

For this version, we have pushed 272 commits and closed 84 issues since the v0.1. Several efforts have been done around the execution speed and the RAM management. Then, a big step forward has been done on the semantics manipulation. To be short, below is the list of the main features added.

  • 32-bits support
  • Semantics representation as AST
  • Eval SMT expressions
  • Generate several models
  • Create and modify your own AST
  • Speed up execution
  • Blacklist and whitelist of jited images
  • Less RAM consumption
  • Engines improved
  • Semantics added
  • Bugs fixed
  • Code coverage tool


Version 0.1

Basically, this first version contains:

  • A dynamic symbolic execution engine
  • A translation of instructions into SMT-LIB v2.0
  • A solver interface
  • A snapshot engine
  • A taint engine
  • Python bindings on Triton and Pin's features
  • 114 supported semantics
  • A memory tracer tool
  • A database generation tool
  • A format string bug analysis tool
  • A use-after-free bug analysis tool
  • A documentation