SaBRe is a modular selective binary rewriter. It is able to rewrite system calls, vDSO and named functions. We currently support two architectures: x86_64 and RISC-V.


Binary rewriting is a technique that consists in disassembling a program to modify its instructions, with many applications in software reliability and security. However, existing solutions suffer from well-known shortcomings in terms of soundness and performance.

We present SaBRe, a novel load-time system for selective binary rewriting. SaBRe rewrites specific constructs—particularly system calls and function prologues—when the program is loaded into memory, and intercepts them using a modular architecture that allows third-party plugins to be loaded into \sabre using a simple and flexible API. We also discuss the theoretical underpinnings of disassembling and rewriting, including conditions for coverage, accuracy, and correctness; and how they affect SaBRe.

We developed two backends for SaBRe—one for x86_64 and one for RISC-V—which were in turn used to implement three plugins: a fast system call tracer, a multi-version executor and a fault injector. Our evaluation shows that SaBRe imposes little performance overhead, between 0.2% and 4.3% on average.

Video Presentation

Watch a video presentation to see the main idea behind our project.


SaBRe is available on GitHub.