Overview

Binary Valentine is the free and open-source executable files static analyzer. It detects a range of various issues, which are usually out of reach of other tools (such as static code analysis).

When developing desktop software, compilers and static code analysis tools only warn about issues with the code. However, when built into a binary, compiled code is surrounded by various structures which tell the operating system how to run the executable file. They also contain a lot of auxiliary information, such as version descriptions or digital signatures. These extra structures are not normally analyzed by any tools. Alas, this does not mean they can not contain any errors or security issues! And in fact, they often do. To reveal these issues and to get guidance on how to fix them, you can use tools like Binary Valentine.

Main features

  • Finds bugs, misconfigurations, format and security issues related to the executable format and not the code it contains. Suggests security hardening and execution optimization techniques.
  • Supports flexible project configuration (file path, rule filters), which can be supplied as a separate file (see XML project) or in the command line (see Command line).
  • Supports several report formats (terminal output, plain text, SARIF, HTML).
  • Supports both single executable rules and combined (cross-executable) rules.
  • Easy to include in the SSDLC (Secure Software Development Lifecycle).
  • Provides a fluent graphical user interface (GUI), which allows to analyze executable files in real time, as well as create, load and save projects without manual XML modifications.
  • Multithreaded and fast. With the fast SSD drive, scans the whole Windows 10 System32 folder in 10-20 seconds.

Flexible project configuration

An XML project file can be supplied to Binary Valentine, which would scan the project according to selected rules and filters. Binary Valentine provides an intuitive GUI to create and edit projects files.

In addition to project-based execution, Binary Valentine can be invoked by supplying all parameters to its Command line.

Industry standard output formats

Binary Valentine supports several output formats to ease integration with other systems. In addition to terminal, plain text, and HTML reports, it supports the Static Analysis Results Interchange Format (SARIF) 2.1.0, which is the industry standard format for the output of static analysis tools.

Graphical user interface

Binary Valentine graphical user interface

Binary Valentine provides a fluent user interface (GUI) created with Qt libraries, which allows to analyze executable files in real time. It is also a project editor, allowing to create, edit, save and load projects without manual XML modifications.

Cross-platform

Binary Valentine can be built for a range of platforms with a set of C++20 compilers:

  • Windows 10/11, MSVC 2022 (Visual Studio solution and CMake build are provided)
  • Linux, GCC 13.0 (CMake build)
  • Linux, Clang 16 (CMake build)

Windows 10/11 and modern Linux (kernel version 5.1 or newer with io_uring enabled) are supported as of today.