Skip to content
Go to file

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

Binary Toolkit

Binary Toolkit is my latest formal binary analysis framework. For the moment, I am working on ensuring the IR is clean and functional, and building out the basic components for performing analysis.


Working on translating ARM. Current instructions as of 03APR2017:

  • ADC
  • ADD

Should I care?

Not yet. If things work out well, I will begin Semantic Versioning. If you see an 0.1 release, that's the time to begin caring.

One IR for everything

BT's IR should be:

  • Usable for multiple tasks, such as jit recompilation across architectures, analysis, translation to SMTLIB2, etc.
  • Easily extensible, so that additional analysis can be easily, "Tacked on," without requiring hacking of the original framework.
  • Implemented in C, and then interacted with through scripting engines. While I have originally used lua for scripting analysis, I am leaning towards duktape and guile for this project.

Some decisions evident now towards this effect are:

  • A clean object-oriented implementation in C, with basic data structures, based off that which I created during (
  • Arithmetic operations operate over operands of the same bit-width. Truncate, zero-extend, and sign-extend are used extensively.
  • All reads and writes are 8-bytes, and read/writes of a larger site are expanded during translation. (This may change because it's super annoying)
  • No explicit definition of a target architecture is required for JIT. JIT will just run.

What works

What to expect

This is a freetime hacking project of mine. I'm not sure where it will lead, but if results look promising I will pursue documentation.

If I publish translators from real architectures, those translators will be most likely implemented on top of capstone.

Other documents


binary toolkit





No releases published


No packages published
You can’t perform that action at this time.