Skip to content
binary toolkit
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

Binary Toolkit

Binary Toolkit is my latest formal binary analysis framework. For the moment, I am working on ensuring the IR is clean and functional, and building out the basic components for performing analysis.


Working on translating ARM. Current instructions as of 03APR2017:

  • ADC
  • ADD

Should I care?

Not yet. If things work out well, I will begin Semantic Versioning. If you see an 0.1 release, that's the time to begin caring.

One IR for everything

BT's IR should be:

  • Usable for multiple tasks, such as jit recompilation across architectures, analysis, translation to SMTLIB2, etc.
  • Easily extensible, so that additional analysis can be easily, "Tacked on," without requiring hacking of the original framework.
  • Implemented in C, and then interacted with through scripting engines. While I have originally used lua for scripting analysis, I am leaning towards duktape and guile for this project.

Some decisions evident now towards this effect are:

  • A clean object-oriented implementation in C, with basic data structures, based off that which I created during (
  • Arithmetic operations operate over operands of the same bit-width. Truncate, zero-extend, and sign-extend are used extensively.
  • All reads and writes are 8-bytes, and read/writes of a larger site are expanded during translation. (This may change because it's super annoying)
  • No explicit definition of a target architecture is required for JIT. JIT will just run.

What works

What to expect

This is a freetime hacking project of mine. I'm not sure where it will lead, but if results look promising I will pursue documentation.

If I publish translators from real architectures, those translators will be most likely implemented on top of capstone.

Other documents

You can’t perform that action at this time.