McSema

Whether you want to generate application tests with high code coverage, find security bugs in binary programs, or independently validate a vendor’s source code, your options up to this point have been limited. Reasoning about x86 instructions is extremely difficult.

That’s why we created McSema, a machine code lifter that converts x86 and x86-64 binaries into LLVM bitcode. McSema opens the way to easier vulnerability discovery, software optimization, and the creation of security protections tools such as obfuscators.

With this tool, security practitioners can convert a program compiled for the Intel architecture into a processor-independent representation. Anyone familiar with program analysis tools such as KLEE and the LLVM toolchain can now analyze binary code.

Though there are other x86 to LLVM bitcode translators, McSema is the only option that separates control flow recovery from translation, permitting the use of custom control flow recovery front-ends. It also supports FPU instructions, and it’s open source and licensed under a permissive license (BSD).

McSema formed the basis of our Cyber Reasoning System and other tools we’ve built and use in our work. We continue to work on McSema in several other pursuits. Other DARPA programs and companies use it. Yours should, too.

Contact us with your questions about McSema.

Next Project