v0.9.6
-
New loader backed with LLVM
BAP now have another loader (image reader), that
supports MACH-O, ELF, COFF, PE. This loader is
backed with LLVM library. -
Online plugin system
New extension point is added - "bap.project". Plugins marked with
this plugin system will not be loaded automatically when
Plugins.loadis called, instead, they can be loaded dynamically
(or online, hence the title), by using-loption to thebap
utility. After being loaded the plugin is applied to aproject
data structure that contains all information about disassembled
binary. Plugin can functionally update this data structure, to
push information to other plugins or back to thebaputility.In addition to a common way of creating plugins with
oasis, we
extendedbapbuildutility with a new rule the will product a
pluginfile. This is just a shared library underneath the hood,
and you can load a plugin, created with this method directly,
without installing it anywhere.baputility will try to find the
plugin, specified with-loption in a current folder, then in all
folders specified inBAP_PLUGIN_PATHenvironment variable, and,
finally in the system, usingocamlfind.In order to provide a typesafe way of interacting between plugins,
we added extensible variants to BAP. But instead of using one from
the 4.02, we're using universal types, based on that one, that Core
library provides. First of all this is more portable, second it is
more explicit and a little bit more safe. -
New ABI and CPU interfaces
Modules that implementsCPUinterface are used to describe
particular CPU in BIL terminology, e.g., it tells which variable
corresponds to which register, flag, etc. To obtain such module,
one should usetarget_of_cpufunction.ABI is used to capture the procedure abstraction, starting from
calling convetions and stack frame structure and ending with special
function handling and support for different data-types.See d5cab1a for more information
and examples. -
Bap-objdump renamed to bap
bap-objdump has outgrown its name. Actually it was never really a
bap-objdump at all. From now, it is just an entry point to thebapas
platform. We will later unitebapwith other utilities, to make them
subcommands, e.g.bap byteweight. -
Cleanup of BIL modules
Now there is a separation between BIL fur uns, and BIL fur
OCaml. For writing BIL programs (as EDSL in OCaml) one should use
Bilmodule, e.g.Bil.(x = y)will evaluate to a BIL
expression. For using BIL entities as OCaml values, one should use
corresponding module, e.g.Exp.(x = y)will compare to expressions
and evaluate to a value of typebool. -
Enhanced IDA integration
IDA intergation is now more robust. We switched toIDA-32by default,
since 64-bit version doesn't support decompiler. Alsobaputility
can now output IDA python scripts. Andbapplugins can annotate project
withpythoncommands, that later will be dumped into the script. -
In ARM switched to ARMv7 by default
-
Introduce LNF algorithm and Sema library
A new layer of BAP is started in this release. This would be a third pass
of decompilation, where the semantic model of program will be built. Currently,
there is nothing really interesting here, e.g., an implementation of the
Loop nesting forest, that is not very usable right now. But the next release,
will be dedicated to this layer. So, stay tuned. -
Add support for OCamlGraph
Now we provide a helper utilities for those who would like to use
ocamlgraph library for analysis. -
Extended bap-mc utility
bap-mcutility now prints results in plethora of formats,
including protocol buffers, from the piqi library, that was revived
by Kenneth Miller. -
Interval trees, aka memory maps
For working with arbitrary overlapping memory regions we now have a
memory map data structure, aka interval trees, segment trees, etc. It
is based on AVL trees, and performs logarithmic searches. -
Simplified CI
We put Travis on a diet. Now only 4 machines with 20 ETA for all test
suites to pass. (Instead of 8 * 40).