Latest release

v1.4.0

@ivg ivg released this Mar 1, 2018 · 45 commits to master since this release

Features

  • PR#762 MIPS and MIPS64 lifters
  • PR#739 PowerPC and PowerPC64 lifters
  • PR#744 LLVM 5.0 compatibility
  • PR#734 BARE Binary Analysis Rule Engine
  • PR#734 New Taint Analysis Framework
  • PR#734 Primus Lisp 2.0 with symbols and methods
  • PR#734 Recipes
  • PR#734 Primus Test Framework
  • PR#734 Dataflow and Abstract Interpretation Framework
  • PR#734 Progress Reports and Profilers
  • PR#773 New primitives for BML

Bug fixes

  • PR#782 Incorrect error handling in x86 lifter
  • PR#734 Failure to decode ICC binaries
  • PR#772 Fixes equiv type in Graphlib
  • PR#771 Unhardcodes llvm backed in the linear sweep disassembler
  • PR#770 Fixes the memory printer
  • PR#761 Fixes handling relocations in reconstructor
  • PR#759 Fixes race condition in the source merge procedure
  • PR#758 Restores the source-type command line option
  • PR#755 Proper handling of tail calls in IR lifter
  • PR#754 Fixes segment registers in mov instruction
  • PR#746 Fixes xor in the BIL simplfication procedure
  • PR#728 Fixes flag calculation in the x86 sub instruction
  • PR#727 Fixes numerous missed sign extensions in x86 lifter
  • PR#725 Adds modulo operation to x86 rot/rol instructions
  • PR#724 Fixes operands order in the x86 xadd instruction
  • PR#723 Fixes segment duplication

v1.3.0

@ivg ivg released this Aug 27, 2017 · 86 commits to master since this release

1.3.0

Features

  • PR#700 LLVM-4.0 is now supported
  • PR#688 Primus - the microexecution framework
  • PR#688 BIL type checker and normalizer
  • PR#688 New constant folding with effect analysis
  • PR#688 SSA transformation plugin
  • PR#688 Dead code elimination plugin
  • PR#688 New pretty-printer for BIL and bitvectors
  • PR#684 Support for cmdliner 1.0
  • PR#682 Severely reduces memory consumption
  • PR#680 New thin bitvector representation
  • PR#663 Adds topic tags to bundle
  • PR#654 New OGRE based loader that supports:
    • Linux Kernel Modules
    • MachO Kernel Bundles (LLVM 3.8+ only)
    • Plain object files
    • Shared libraries
  • PR#630 Enhancments in IDA plugin

Bug fixes

  • PR#688 Type errors in the x86 lifter
  • PR#688 Type errors in the ARM lifter
  • PR#688 Fixes constant folding
  • PR#672 Fixes demangler plugin
  • PR#665 Fixes symbol cases in objdump
  • PR#644 Robustness fixes in x86 lifter

v1.2.0

@ivg ivg released this Feb 9, 2017 · 120 commits to master since this release

  • PR#609 compilation with ocaml 4.04.0
  • PR#621 don't store api files in api plugin
  • PR#627 beagle - obfuscated string solver
  • binary release (deb, rpm, tgs)
  • c-bindings
  • better error handling in the LLVM backend

v1.1.0

@ivg ivg released this Dec 23, 2016 · 137 commits to master since this release

Bug fixes

  • #586 segfault with short or damaged files fed to bap.
  • #590 llvm 3.8 specific issues
  • #592 a bug in lifting x86 PSHUFD/PSHUFB instructions
  • #595 bap exit status
  • #596 most of the compilation warnings

Features

  • #593 bapbundle: it is no longer needed to specify the .plugin extension
  • #597 API pass will stop processing in case of the error
  • #599 print backtraces from passes
  • #600 documented memory interface

v1.0.0

@ivg ivg released this Sep 27, 2016 · 157 commits to master since this release

  • rich and safe plugin system
  • the project can be saved and loaded
  • caching to speed up things
  • lots of injection points to facilitate extensibility
  • new python interface
  • full duplex IDA integration
  • multipass disassembling
  • new x86 lifter
  • llvm-3.8 support (in addition to 3.4)
  • C language support
  • support for a dozen of different ABI

v0.9.9

@ivg ivg released this Aug 6, 2015 · 406 commits to master since this release

  1. Graphlib library

    Graphlib is a generic library that extends a well known
    OCamlGraph library. Graphlib uses its own, more reach and modern,
    Graph interface that is isomorphic to OCamlGraph's Sigs.P
    signature for persistant graphs. This interface is developed
    according to the Janestreet's style guidlines and depends on
    Core_kernel library. Other than the new interface, Graphlib
    provides several graph implementations, and generic algorithms. To
    make our algorithms polymorphic over chosen graph representation we
    use first-class modules, instead of functors, that makes library
    syntactically more light weight.

  2. Refined IR.

    phi and arg terms were refined. a phi term now is a discriminated
    set of expressions, and arguments are made more like a defintions.

  3. SSA form

    A transformation to a semipruned SSA form was added to a library

  4. Changed Var interface.

    Variables can now be versioned, that plays well with SSA form. A
    version is used to represent the same variable but at different
    point of time.

  5. Extended and fixed Trie data structure

    Several bug-fixes to a Trie data structure were made. Added
    walk function, that allows to perform generic queries over a trie.
    Also added prefix and suffix variants of String tries, as well as
    provided a functor to create tries with an array keys.

  6. Redesigned abi interface.

    Now abi works on an IR level.

  7. Added argument reconstruction algorithms.

    Two argument reconstructions algorithm, based on a new abi
    interface, were added - for ARM gnueabi ABI and System V amd64 ABI.
    Currently only parameters passed via registers are reconstructed.

  8. Added free_vars algorithm to BIL and BIR terms.

v0.9.8

@ivg ivg released this Jun 4, 2015 · 448 commits to master since this release

  1. BAP IR is introduced

    BAP Intermediate Representation is based on BAP Instruction
    Language and is a semigraphical representation of a program.

    See documentation and following PR's for more information.
    a2a4621
    74cdee4

  2. Refactored structure of the Project
    Module Project now a proper entry point to the library.
    Many stuff from bap utility moved there.
    See 96bd334 for more details.

    This is a breaking change. It hides project record and removes
    access to some information, that was previously marked as deprecated:

    • symbols as a mapping from memory to string
    • base as a memory.

    Instead of old symbols table we now have a better interface, see
    below. Instead of base, we now represent all memory as an interval
    map (Memmap).

  3. New model for symbols

    Previosly symbols were modeled as contiguous chunk of memory,
    marked with name. Moreover, data sharing between different symbols
    weren't allowed. Since this release, symbols can be a noncontiguous,
    and share data. A new interface is implemented in Symtab module.

  4. Plugins dependency and autoloading

    Plugins now can now specify dependencies to other plugins, that may
    be auto-loaded by the library.
    See db2a175

  5. Extended BIL helpers
    See 65f472c

  6. Exposed ELF library

  7. Fixed segment/section/region name hell
    See 9a57449

  8. New universal values library

    The library is based on Core_kernel's Univ, but with addition of
    serialization, comparison and pretty-printing.
    See 383003d

  9. Added bap-fsi-benchmark utility

    8038211

  10. Fixed BIL piqi serialization

    2a5c467

  11. Fixed installation on more recent ubuntu

    By defaulting LLVM version to 3.4 (and more clever
    searching procedure)

  12. Lot's of bugfixes and small extensions

v0.9.7

@ivg ivg released this May 1, 2015 · 494 commits to master since this release

  1. BAP structure is refactored

    Complex hierarchy is now hidden under one umbrella bap.mli.
    Bap_* modules are marked as internal and is no more installable
    and, thus, they do not polute the namespace. This will of course,
    break the code that used this internal modules. It is intended
    behavior.

  2. New documentation generator

    camlp4 messes with mli files, rendering autogenerated API
    unreadable. To mitigate this, a small bapdoc tool was written
    that preprocess file and removes all syntax extensions, and then
    run ocamldoc on a preprocessed file. The tool was integrated
    with build system.

  3. Disabled peer checking when downloading signatures

  4. Fixed assembly pretty-printing

  5. Fixed reading PE-64

  6. Fixed Block.dfs exhaustiveness issue.
    Also Block.dfs now has an order parameter, allowing to
    choose between post-order and pre-order traversal.

  7. Fixed to_graph issue, i.e., #181

  8. Fixed bapbuild double linking, see #193

  9. Ordered block destinations, see #191

  10. Fixed an issue in x86 lifter, see #198

  11. Fixed interaction with IDA, see #189

v0.9.6

@ivg ivg released this Apr 22, 2015 · 516 commits to master since this release

  1. New loader backed with LLVM
    BAP now have another loader (image reader), that
    supports MACH-O, ELF, COFF, PE. This loader is
    backed with LLVM library.

  2. Online plugin system
    New extension point is added - "bap.project". Plugins marked with
    this plugin system will not be loaded automatically when
    Plugins.load is called, instead, they can be loaded dynamically
    (or online, hence the title), by using -l option to the bap
    utility. After being loaded the plugin is applied to a project
    data structure that contains all information about disassembled
    binary. Plugin can functionally update this data structure, to
    push information to other plugins or back to the bap utility.

    In addition to a common way of creating plugins with oasis, we
    extended bapbuild utility with a new rule the will product a
    plugin file. This is just a shared library underneath the hood,
    and you can load a plugin, created with this method directly,
    without installing it anywhere. bap utility will try to find the
    plugin, specified with -l option in a current folder, then in all
    folders specified in BAP_PLUGIN_PATH environment variable, and,
    finally in the system, using ocamlfind.

    In order to provide a typesafe way of interacting between plugins,
    we added extensible variants to BAP. But instead of using one from
    the 4.02, we're using universal types, based on that one, that Core
    library provides. First of all this is more portable, second it is
    more explicit and a little bit more safe.

  3. New ABI and CPU interfaces
    Modules that implements CPU interface are used to describe
    particular CPU in BIL terminology, e.g., it tells which variable
    corresponds to which register, flag, etc. To obtain such module,
    one should use target_of_cpu function.

    ABI is used to capture the procedure abstraction, starting from
    calling convetions and stack frame structure and ending with special
    function handling and support for different data-types.

    See d5cab1a for more information
    and examples.

  4. Bap-objdump renamed to bap
    bap-objdump has outgrown its name. Actually it was never really a
    bap-objdump at all. From now, it is just an entry point to the bap as
    platform. We will later unite bap with other utilities, to make them
    subcommands, e.g. bap byteweight.

  5. Cleanup of BIL modules
    Now there is a separation between BIL fur uns, and BIL fur
    OCaml. For writing BIL programs (as EDSL in OCaml) one should use
    Bil module, e.g. Bil.(x = y) will evaluate to a BIL
    expression. For using BIL entities as OCaml values, one should use
    corresponding module, e.g. Exp.(x = y) will compare to expressions
    and evaluate to a value of type bool.

  6. Enhanced IDA integration
    IDA intergation is now more robust. We switched to IDA-32 by default,
    since 64-bit version doesn't support decompiler. Also bap utility
    can now output IDA python scripts. And bap plugins can annotate project
    with python commands, that later will be dumped into the script.

  7. In ARM switched to ARMv7 by default

  8. Introduce LNF algorithm and Sema library
    A new layer of BAP is started in this release. This would be a third pass
    of decompilation, where the semantic model of program will be built. Currently,
    there is nothing really interesting here, e.g., an implementation of the
    Loop nesting forest, that is not very usable right now. But the next release,
    will be dedicated to this layer. So, stay tuned.

  9. Add support for OCamlGraph
    Now we provide a helper utilities for those who would like to use
    ocamlgraph library for analysis.

  10. Extended bap-mc utility
    bap-mc utility now prints results in plethora of formats,
    including protocol buffers, from the piqi library, that was revived
    by Kenneth Miller.

  11. Interval trees, aka memory maps
    For working with arbitrary overlapping memory regions we now have a
    memory map data structure, aka interval trees, segment trees, etc. It
    is based on AVL trees, and performs logarithmic searches.

  12. Simplified CI
    We put Travis on a diet. Now only 4 machines with 20 ETA for all test
    suites to pass. (Instead of 8 * 40).

v0.9.5

@ivg ivg released this Mar 4, 2015 · 608 commits to master since this release

Changelog

  • removed tag warnings from the ocamlbuild
  • fixed #114
  • moved Bap_plugins out of Bap library
  • plugin library can now load arbitrary files
  • bap-objdump is now pluggable
  • added new extension point in the plugin system
  • updated BAP LICENSE, baptop is now QPLed
  • IDA can now work in a headless mode
  • enhanced symbol resolution algorithm
  • cleaned up image backend interface
  • constraint OPAM file