Skip to content

v0.1.0

Choose a tag to compare

View all tags
@BinFlip BinFlip released this 13 Apr 03:06
· 3 commits to main since this release
v0.1.0
62569b0
  • | Detection | 11 independent fingerprint probes — reliable even on stripped -d:danger builds |
  • | GC mode | refc (legacy) vs arc/orc (modern) from RTTI symbol presence |
  • | Entry shims | NimMain, PreMain, NimMainModule, etc. with addresses |
  • | Init functions | *Init000 / *DatInit000 with decoded build-host module paths |
  • | Module map | Every Nim module compiled into the binary, with per-function name, address, and size (ELF) |
  • | Symbol demangling | Reverses Nim's <ident>__<module>_u<id> mangling back to identifiers |
  • | RTTI | TNimTypeV2 fields (size, align, depth, destructor) and TNimType with field-name recovery |
  • | String literals | V2 (NIM_STRLIT_FLAG) and V1 (NimStringDesc) scans |
  • | Stack traces | Proc names and .nim file paths — absolute paths leak the build host |
  • | Nimble paths | .nimble/pkgs leaks parsed into package name, version, hash, and username |
  • | Exception types | *Error / *Defect cstrings found in rodata |
  • | Raise sites | Full (type, proc, file, line) tuples recovered via x86_64/AArch64 instruction analysis |
Assets 2
Loading