├── .envrc ├── src ├── smtlib │ ├── dune │ ├── smtlib_options.ml │ ├── locations.mli │ ├── smtlib_options.mli │ └── locations.ml ├── loader │ ├── README │ ├── elf_options.mli │ ├── loader_dump.mli │ ├── loader_types.mli │ ├── elf_options.ml │ └── loader.mli ├── parser │ ├── dune │ ├── SMTLexerWp.mll │ ├── SMTParserWp.mly │ └── parse_utils.mli ├── dune ├── sse │ ├── sse_stats.mli │ ├── sse_pack.ml │ ├── sse_pack.mli │ ├── sse.mli │ ├── sse_graph.mli │ ├── sse_prune.mli │ ├── sse_utils.mli │ ├── sse_symbolic.mli │ └── sse_smt.mli ├── relse │ ├── Readme.md │ ├── relse.mli │ └── relse_stubs.mli ├── base │ ├── base_logger.mli │ ├── base_logger.ml │ ├── bigint.ml │ ├── natural.mli │ ├── natural.ml │ ├── fstack.mli │ ├── array_utils.ml │ ├── mnemonic.mli │ ├── utils.ml │ ├── mnemonic.ml │ ├── file_utils.mli │ ├── fstack.ml │ ├── sequence.mli │ ├── prettytbl.mli │ ├── virtual_address.mli │ ├── size.mli │ ├── utils.mli │ ├── file_utils.ml │ ├── array_utils.mli │ ├── hashamt.mli │ ├── virtual_address.ml │ └── machine.mli ├── disasm │ ├── disasm_cfg.mli │ ├── simplify │ │ ├── simplification_dba.mli │ │ ├── simplification_dba_prog.mli │ │ ├── simplification_dba_block.mli │ │ ├── simplification_options.mli │ │ ├── simplification_dba_utils.mli │ │ └── simplification_dba.ml │ ├── x86 │ │ ├── x86_options.mli │ │ ├── x86decoder.mli │ │ ├── x86Instruction.mli │ │ ├── x86_options.ml │ │ ├── x86Instruction.ml │ │ ├── x86pp.mli │ │ ├── x86toDba.mli │ │ └── predba.mli │ ├── arm │ │ ├── arm_options.mli │ │ ├── armToDba.mli │ │ └── arm_options.ml │ ├── riscv │ │ ├── riscv_options.mli │ │ ├── riscv_to_dba.mli │ │ └── riscv_options.ml │ ├── decode_utils.mli │ └── disasm_options.mli ├── formula │ ├── smtlib_to_formula.mli │ ├── formula_main.mli │ ├── formula_to_smtlib.mli │ ├── prover.mli │ ├── formula_options.mli │ └── formula_transformation.mli ├── dwarf │ ├── dwarf_options.mli │ ├── dwarf_options.ml │ ├── dwarf.mli │ ├── dwarf_expr.mli │ ├── dwarf.ml │ ├── dwarf_frame.mli │ └── dwarf_lines.mli ├── ida │ ├── ida_options.mli │ ├── ida.mli │ ├── ida_options.ml │ ├── ida_utils.mli │ ├── README.md │ ├── ida_cg.mli │ └── ida.ml ├── kernel │ ├── kernel_core.mli │ ├── kernel_functions.mli │ ├── kernel_core.ml │ ├── kernel_functions.ml │ └── kernel_options.mli ├── dba │ └── dba_to_formula.mli ├── ast │ ├── cfgraph.mli │ └── instr_cfg.mli └── utils │ ├── colors.mli │ └── colors.ml ├── CHANGES ├── dune-project ├── relse.opam └── .gitignore /.envrc: -------------------------------------------------------------------------------- 1 | opam switch binsec 2 | 3 | eval $(opam env) 4 | -------------------------------------------------------------------------------- /src/smtlib/dune: -------------------------------------------------------------------------------- 1 | (menhir 2 | (modules smtlib_parser)) 3 | 4 | (ocamllex 5 | (modules smtlib_lexer)) 6 | -------------------------------------------------------------------------------- /src/loader/README: -------------------------------------------------------------------------------- 1 | Do not edit these files, they are automatically generated from the Hpex project. 2 | Instead, open an issue on the Hpex project. 3 | -------------------------------------------------------------------------------- /src/parser/dune: -------------------------------------------------------------------------------- 1 | (menhir 2 | (modules parser) 3 | (flags --fixed-exception)) 4 | 5 | (ocamllex 6 | (modules lexer)) 7 | 8 | (menhir 9 | (modules parser_infos)) 10 | 11 | (ocamllex 12 | (modules lexer_infos)) 13 | 14 | (menhir 15 | (modules dbacsl_parser)) 16 | 17 | (ocamllex 18 | (modules dbacsl_token)) 19 | -------------------------------------------------------------------------------- /src/dune: -------------------------------------------------------------------------------- 1 | (include_subdirs unqualified) 2 | 3 | (executable 4 | (public_name binsec) 5 | (package relse) 6 | (name main) 7 | (modules main) 8 | (flags 9 | (:standard -open Binsec)) 10 | (libraries binsec)) 11 | 12 | (library 13 | (public_name relse) 14 | (name binsec) 15 | (modules 16 | (:standard \ main)) 17 | (modules_without_implementation 18 | loader_sigs 19 | loader_types 20 | sigs 21 | smtlib 22 | sse_stats 23 | x86Types) 24 | (library_flags 25 | (:standard -linkall)) 26 | (flags 27 | (:standard -w -3)) 28 | (libraries str bigarray ocamlgraph zarith mmap unisim_archisec.arm32dba)) 29 | -------------------------------------------------------------------------------- /src/sse/sse_stats.mli: -------------------------------------------------------------------------------- 1 | type t = { 2 | queries : int; 3 | queries_unsat : int; 4 | queries_sat : int; 5 | queries_err : int; 6 | enumerations : int; 7 | query_time : float; 8 | branches_explored : int; 9 | instructions : int; 10 | merged_paths : int; 11 | refused_mergers : int; 12 | aborted_mergers : int; 13 | start_time : float; 14 | } 15 | 16 | val empty: t 17 | 18 | val add_query : float -> unit 19 | val add_sat_check : Formula.status -> unit 20 | val add_enumeration : unit -> unit 21 | val add_instruction : unit -> unit 22 | val add_branch : unit -> unit 23 | val add_merged_path : unit -> unit 24 | val add_refused_merger : unit -> unit 25 | val add_aborted_merger : unit -> unit 26 | val set_start : unit -> unit 27 | 28 | val get : unit -> t 29 | 30 | val pp : Format.formatter -> t -> unit 31 | val pp_csv : with_header:bool -> Format.formatter -> string * t -> unit 32 | 33 | -------------------------------------------------------------------------------- /CHANGES: -------------------------------------------------------------------------------- 1 | * 0.3 2 | 3 | ** Features 4 | 5 | - New architecture support : RISC-V 32 bits 6 | - Support for DWARF-4 debug instruction format 7 | - Support to import IDA control-flow graph 8 | - Add documented plugin creation example : mnemonic count [mcount] 9 | - New Makefile 'library' to ease plugin creation 10 | 11 | ** Fixes 12 | 13 | - Fix (vectorized instructions) x86 decoder 14 | 15 | ** Misc 16 | 17 | - Detach PINSEC to own repository (support to be deprecated in later version) 18 | 19 | * 0.2 [2018-10-01 Mon] 20 | 21 | - New symbolic execution engine 22 | - New interpreter for binary code 23 | - Improved logical representation for formulas 24 | - New internal control-flow-graph representation 25 | - Directive language for symbolic execution control 26 | - Support for new PIN tool xtrasec 27 | - Improved x86 decoder 28 | - Fixed bugs reported by KAIST 29 | - Docker support 30 | - includes Unisim-vp ARM v7 decoder 31 | - includes new PIN tool xtrasec 32 | 33 | 34 | 35 | * 0.1 [2017-03-01 Wed] 36 | 37 | First release 38 | -------------------------------------------------------------------------------- /dune-project: -------------------------------------------------------------------------------- 1 | (lang dune 2.8) 2 | (using menhir 2.0) 3 | (generate_opam_files true) 4 | 5 | (name relse) 6 | (version "0.3.0") 7 | (maintainers "Lesly-Ann Daniel ") 8 | (authors 9 | "Adel Djoudi" 10 | "Benjamin Farinier" 11 | "Frédéric Recoules" 12 | "Josselin Feist" 13 | "Lesly-Ann Daniel" 14 | "Manh-Dung Nguyen" 15 | "Mathilde Ollivier" 16 | "Matthieu Lemerre" 17 | "Olivier Nicole" 18 | "Richard Bonichon" 19 | "Robin David" 20 | "Ta Thanh Dinh" 21 | "Yaëlle Vinçont" 22 | "Guillaume Girol" 23 | ) 24 | (license LGPL-2.1-or-later) 25 | (homepage "https://binsec.github.io") 26 | (source (github binsec/Rel)) 27 | (bug_reports "https://github.com/binsec/Rel/issues") 28 | 29 | (package 30 | (name relse) 31 | (synopsis "Symbolic Binary Analyzer for Constant-Time and Secret-Erasure") 32 | (description " 33 | Binsec/Rel is an extension of the binary analysis plateform Binsec that implements relational symbolic execution (RelSE) for constant-time and secret-erasure verification.") 34 | (depends 35 | (ocaml (and (>= 4.05) (< 4.14))) 36 | (menhir (and :build (>= 20181113))) 37 | (ocamlgraph (>= 1.8.5)) 38 | (zarith (>= 1.4)) 39 | mmap 40 | unisim_archisec)) 41 | -------------------------------------------------------------------------------- /src/relse/Readme.md: -------------------------------------------------------------------------------- 1 | # Information on the Rel plugin 2 | 3 | ## Global structure 4 | The main file, [relse](relse.ml), initializes the symbolic execution and 5 | executes instructions. 6 | 7 | The sate of a symbolic path is defined in the module 8 | [Relse_path.Path_state](relse_path.mli). This module mostly defines interfaces 9 | between other modules and symbolic state. 10 | 11 | Symbolic states are defined in [Relse_symbolic](Relse_symbolic.mli). It is a 12 | crucial part of RelSE that contains operations on the symbolic memory, the 13 | symbolic store, and the path constraint. 14 | 15 | Relational expressions are defined in the file [Rel_expr](rel_expr.mli) 16 | 17 | The interface with the solver is defined in [Relse_smt.Solver](relse_smt.mli) 18 | and translation of DBAs to Formulas is defined in 19 | [Relse_smt.Translate](relse_smt.mli). 20 | 21 | Insecurity checks are handled in the module 22 | [Relse_insecurity](Relse_insecurity.mli). 23 | 24 | Finally, [Relse_utils](relse_utils.mli) provides utility functions, 25 | [Relse_options](relse_options.mli) defines the input options of the RelSE, 26 | [Relse_stats](relse_stats.mli) handles the metrics outputted by the RelSE, and 27 | [Relse_stubs](relse_stubs.mli) defines the function/instruction that are stubbed 28 | during RelSE. 29 | 30 | -------------------------------------------------------------------------------- /relse.opam: -------------------------------------------------------------------------------- 1 | # This file is generated by dune, edit dune-project instead 2 | opam-version: "2.0" 3 | version: "0.3.0" 4 | synopsis: "Symbolic Binary Analyzer for Constant-Time and Secret-Erasure" 5 | description: """ 6 | 7 | Binsec/Rel is an extension of the binary analysis plateform Binsec that implements relational symbolic execution (RelSE) for constant-time and secret-erasure verification.""" 8 | maintainer: ["Lesly-Ann Daniel "] 9 | authors: [ 10 | "Adel Djoudi" 11 | "Benjamin Farinier" 12 | "Frédéric Recoules" 13 | "Josselin Feist" 14 | "Lesly-Ann Daniel" 15 | "Manh-Dung Nguyen" 16 | "Mathilde Ollivier" 17 | "Matthieu Lemerre" 18 | "Olivier Nicole" 19 | "Richard Bonichon" 20 | "Robin David" 21 | "Ta Thanh Dinh" 22 | "Yaëlle Vinçont" 23 | "Guillaume Girol" 24 | ] 25 | license: "LGPL-2.1-or-later" 26 | homepage: "https://binsec.github.io" 27 | bug-reports: "https://github.com/binsec/Rel/issues" 28 | depends: [ 29 | "dune" {>= "2.8"} 30 | "ocaml" {>= "4.05" & < "4.14"} 31 | "menhir" {build & >= "20181113"} 32 | "ocamlgraph" {>= "1.8.5"} 33 | "zarith" {>= "1.4"} 34 | "mmap" 35 | "unisim_archisec" 36 | "odoc" {with-doc} 37 | ] 38 | build: [ 39 | ["dune" "subst"] {dev} 40 | [ 41 | "dune" 42 | "build" 43 | "-p" 44 | name 45 | "-j" 46 | jobs 47 | "@install" 48 | "@runtest" {with-test} 49 | "@doc" {with-doc} 50 | ] 51 | ] 52 | dev-repo: "git+https://github.com/binsec/Rel.git" 53 | -------------------------------------------------------------------------------- /src/sse/sse_pack.ml: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of Binsec. *) 3 | (* *) 4 | (* Copyright (C) 2016-2017 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | -------------------------------------------------------------------------------- /src/sse/sse_pack.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of Binsec. *) 3 | (* *) 4 | (* Copyright (C) 2016-2017 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | -------------------------------------------------------------------------------- /src/base/base_logger.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | include Logger.S 23 | -------------------------------------------------------------------------------- /src/disasm/disasm_cfg.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | val run : unit -> unit 23 | -------------------------------------------------------------------------------- /src/formula/smtlib_to_formula.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | val script : Smtlib.script -> Formula.formula 23 | -------------------------------------------------------------------------------- /src/relse/relse.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | (** Run relational symbolic execution *) 23 | val run : unit -> unit 24 | -------------------------------------------------------------------------------- /src/sse/sse.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | (** Static Symbolic Execution (SSE) *) 23 | 24 | val run : unit -> unit 25 | -------------------------------------------------------------------------------- /src/base/base_logger.ml: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | include Logger.Make( 23 | struct 24 | let name = "base" 25 | end 26 | ) 27 | -------------------------------------------------------------------------------- /src/dwarf/dwarf_options.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | (** Options for debug information printing *) 23 | 24 | include Cli.S 25 | -------------------------------------------------------------------------------- /src/disasm/simplify/simplification_dba.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | val simplify_dba : Simplification_options.pmap -> Simplification_options.pmap 23 | -------------------------------------------------------------------------------- /src/dwarf/dwarf_options.ml: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | include Cli.Make( 23 | struct 24 | let name = "Debug" 25 | let shortname = "g" 26 | end 27 | ) 28 | -------------------------------------------------------------------------------- /src/base/bigint.ml: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | include Big_int_Z 23 | 24 | type t = big_int 25 | 26 | let of_bits = Z.of_bits 27 | let num_bits = Z.numbits 28 | -------------------------------------------------------------------------------- /src/disasm/x86/x86_options.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | module Logger: Logger.S 23 | 24 | module HandleSegments : Cli.STRING_SET 25 | 26 | module ProtectedMode : Cli.BOOLEAN 27 | -------------------------------------------------------------------------------- /src/formula/formula_main.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | 23 | (** Main entry point for formula handling *) 24 | 25 | val transform: filename:string -> Smtlib.script * string 26 | -------------------------------------------------------------------------------- /src/ida/ida_options.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | include Cli.S 23 | 24 | module IdaOutputFile : Cli.STRING 25 | 26 | module IdaCfg : Cli.BOOLEAN 27 | 28 | module IdaSimpleCfg : Cli.BOOLEAN 29 | -------------------------------------------------------------------------------- /src/disasm/arm/arm_options.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | module Logger : Logger.S 23 | 24 | type supported_mode = Thumb | Arm 25 | 26 | module SupportedMode : Cli.GENERIC with type t = supported_mode 27 | -------------------------------------------------------------------------------- /src/disasm/x86/x86decoder.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | (** Decode a function from a reader *) 23 | 24 | val read : 25 | Lreader.t -> X86Instruction.t * X86Types.rep * X86Types.segment_reg option 26 | -------------------------------------------------------------------------------- /src/disasm/riscv/riscv_options.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | include Cli.S ;; 23 | 24 | (** Only used in [Test] module. Sets objdump file to compare ourselves to *) 25 | module Odump_file : Cli.STRING_OPT ;; 26 | -------------------------------------------------------------------------------- /src/disasm/riscv/riscv_to_dba.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | (** [decode r addr] decodes what is at address [addr] in reader [r]. *) 23 | val decode : 24 | Lreader.t -> Virtual_address.t -> Instruction.Generic.t * Dhunk.t 25 | ;; 26 | -------------------------------------------------------------------------------- /src/ida/ida.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | val parse_cg : unit -> Ida_cg.t 23 | (** Callgraph *) 24 | 25 | val parse_cfg : simple:bool -> ida_file:string -> Ida_cfg.G.t 26 | (** Control-flow graph *) 27 | 28 | val run : unit -> unit 29 | -------------------------------------------------------------------------------- /src/disasm/simplify/simplification_dba_prog.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | val remove_mustkill_lfp : Simplification_options.pmap -> Simplification_options.pmap 23 | 24 | val remove_goto : Simplification_options.pmap -> Simplification_options.pmap 25 | -------------------------------------------------------------------------------- /src/disasm/x86/x86Instruction.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | (** Interface for X86 instructions *) 23 | 24 | include Instruction.Basic with type mnemonic = X86Types.instruction_kind 25 | 26 | 27 | val to_generic_instruction : t -> Instruction.Generic.t 28 | -------------------------------------------------------------------------------- /src/kernel/kernel_core.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | (** Core kernel functions *) 23 | 24 | val read_configuration_file : unit -> unit 25 | (** [read_configuration_file ()] reads the configuration file given by 26 | [Kernel_options.Config_file] 27 | *) 28 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.cmi 2 | *.cmti 3 | *.conflicts 4 | /src/_build/* 5 | *.o 6 | *.info 7 | *.objdump 8 | *.annot 9 | *.cmt 10 | *.dir-locals.el 11 | /.projectile 12 | *.piqi 13 | *.dba 14 | *.dot 15 | *.opc 16 | *.trace 17 | *.cmo 18 | **/#* 19 | **/.#* 20 | autom4te* 21 | /src/test_runner 22 | /src/oUnit-*.log 23 | /src/oUnit-*.cache 24 | /src/parser/lexer_infos.ml 25 | /src/parser/parser.ml 26 | /src/parser/parser.mli 27 | /src/parser/parser_infos.ml 28 | /src/parser/parser_infos.mli 29 | /src/parser/policy_parser.ml 30 | /src/parser/policy_parser.mli 31 | /src/parser/policy_token.ml 32 | *.cmx 33 | /tests/simulation/test_runner 34 | /src/smtutils/smtlib_lexer.ml 35 | /src/smtutils/smtlib_parser.ml 36 | /src/smtutils/smtlib_parser.mli 37 | /config.status 38 | /config.log 39 | *.pb.cc 40 | *.pb.h 41 | /Config.mk 42 | cfg_dba.pdf 43 | cfg_opcode.pdf 44 | /configure 45 | /.depend 46 | apiref 47 | /www/htdocs/distrib/binsec.tgz 48 | plateforme/*.tgz 49 | /src/binsec.docdir 50 | /pinsec/build/ 51 | /src/config.ml 52 | /src/binsec* 53 | /src/piqi 54 | /src/.depend 55 | /src/main.native 56 | /src/parser/SMTLexerWp.ml 57 | /src/parser/SMTParserWp.ml 58 | /src/parser/SMTParserWp.mli 59 | /src/parser/dbacsl_parser.ml 60 | /src/parser/dbacsl_parser.mli 61 | /src/parser/dbacsl_token.ml 62 | /src/parser/lexer.ml 63 | /src/smtlib/smtlib_lexer.ml 64 | /src/smtlib/smtlib_parser.ml 65 | /src/smtlib/smtlib_parser.mli 66 | /_build/ 67 | /_opam/ 68 | 69 | # Vim 70 | .*.swp 71 | 72 | # Emacs 73 | **/**~ 74 | 75 | # macOS 76 | .DS_Store 77 | .AppleDouble 78 | .LSOverride 79 | .DocumentRevisions-V100 80 | .fseventsd 81 | .Spotlight-V100 82 | .TemporaryItems 83 | .Trashes 84 | .VolumeIcon.icns 85 | .com.apple.timemachine.donotpresent 86 | .AppleDB 87 | .AppleDesktop 88 | Network Trash Folder 89 | Temporary Items 90 | .apdisk 91 | /src/kernel/config.ml 92 | /src/kernel/config.mli 93 | -------------------------------------------------------------------------------- /src/loader/elf_options.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | module Logger : Logger.S 23 | 24 | module Alloc : Cli.BOOLEAN 25 | (** Arbitrary but consistently allocate memory for relocatable object file *) 26 | 27 | module Reloc : Cli.BOOLEAN 28 | (** Limited support for static relocation entry *) 29 | -------------------------------------------------------------------------------- /src/disasm/simplify/simplification_dba_block.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | (** Intra-block simplifications *) 23 | 24 | val block_simplifications : Simplification_options.pmap -> Simplification_options.pmap 25 | 26 | module Constant_propagation : sig 27 | val eval : Dhunk.t -> Dhunk.t 28 | end 29 | -------------------------------------------------------------------------------- /src/sse/sse_graph.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | module G: sig 23 | include Cfg.S with 24 | type addr = Dba_types.Caddress.t 25 | and type inst = Dba_types.Instruction.t 26 | and type symb = unit 27 | end 28 | 29 | val populate_from : G.t -> Virtual_address.t -> int -> unit 30 | -------------------------------------------------------------------------------- /src/loader/loader_dump.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | (* A loader for memory dumps and raw files. *) 23 | 24 | 25 | include Loader_sigs.S 26 | 27 | val add_section: 28 | flag:int -> name:string -> 29 | pos:int -> size:int -> 30 | Binstream.t -> Img.t -> Img.t 31 | 32 | val initial_img: 33 | entry:int -> arch:Machine.t -> Img.t 34 | -------------------------------------------------------------------------------- /src/smtlib/smtlib_options.ml: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | include Cli.Options( 23 | struct 24 | let name = "smtlib" 25 | let shortname = name 26 | end 27 | ) 28 | 29 | module Model_from_file = Builder.String_option ( 30 | struct 31 | let name = "model-from-file" 32 | let doc = "Parse model from given file." 33 | end 34 | ) 35 | -------------------------------------------------------------------------------- /src/smtlib/locations.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | (** Locations in a file *) 23 | type t = private { 24 | loc_start: Lexing.position; 25 | loc_end: Lexing.position; 26 | } 27 | 28 | val mk_loc : Lexing.position -> Lexing.position -> t 29 | 30 | val none : t 31 | val dummy_loc : t 32 | 33 | val pp_lines : Format.formatter -> t -> unit 34 | -------------------------------------------------------------------------------- /src/disasm/riscv/riscv_options.ml: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | include Cli.Make( 23 | struct 24 | let name = "Risc-V" 25 | let shortname = "rv" 26 | end 27 | ) 28 | 29 | 30 | module Odump_file = 31 | Builder.String_option( 32 | struct 33 | let name = "odfile" 34 | let doc = "Test with this obdjump file" 35 | end 36 | ) 37 | -------------------------------------------------------------------------------- /src/dwarf/dwarf.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | type t = private 23 | { 24 | units : Dwarf_cunit.t list; 25 | frame : Dwarf_frame.t; 26 | lines : Dwarf_lines.t; 27 | } 28 | 29 | val load : Loader.Img.t -> t 30 | (** [load img] extract and interpret the content of debugging sections *) 31 | 32 | include Sigs.PRINTABLE with type t := t 33 | 34 | -------------------------------------------------------------------------------- /src/sse/sse_prune.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | module Distance : sig 23 | type t = Finite of int | Infinite 24 | val add : t -> t -> t 25 | val lt : t -> t -> bool 26 | val min : t -> t -> t 27 | val pp : Format.formatter -> t -> unit 28 | end 29 | 30 | val get_distances_to_goals : Sse_graph.G.t -> Virtual_address.t -> int -> 31 | Dba_types.Caddress.t -> Distance.t (* distance au but le plus proche *) 32 | -------------------------------------------------------------------------------- /src/smtlib/smtlib_options.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | module Logger : Logger.S 23 | 24 | module Model_from_file : Cli.STRING_OPT 25 | (** When given a filename, this switch enables parsing from a given SMT model 26 | ** file, printing the obtained model, in BINSEC's internal format. 27 | ** 28 | ** This option is in particular useful to integrate and test new SMT model 29 | ** format, as most provers have their own way of displaying a model. 30 | **) 31 | -------------------------------------------------------------------------------- /src/formula/formula_to_smtlib.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | (** Translation functions from BINSEC inner representation to SMT-LIB terms *) 23 | 24 | val bl_term : Formula.bl_term -> Smtlib.term 25 | val bv_term : Formula.bv_term -> Smtlib.term 26 | val ax_term : Formula.ax_term -> Smtlib.term 27 | 28 | val term : Formula.term -> Smtlib.term 29 | val entry : Formula.entry -> Smtlib.command 30 | val formula : Formula.formula -> Smtlib.script 31 | -------------------------------------------------------------------------------- /src/kernel/kernel_functions.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | (** Basic kernel functions *) 23 | 24 | val get_ep : unit -> Virtual_address.t option 25 | 26 | val get_img : unit -> Loader.Img.t 27 | 28 | module Loader : sig 29 | val set_arch : Loader.Img.t -> unit 30 | (** [set_arch img] retrieves and sets the machine as determined by the loader **) 31 | 32 | val set_arch_from_file : filename:string -> unit 33 | 34 | val pp_loader_summary : Format.formatter -> string -> unit 35 | end 36 | -------------------------------------------------------------------------------- /src/base/natural.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | type t = private int 23 | val create : int -> t 24 | val add : t -> t -> t 25 | val add_int : t -> int -> t 26 | val sub : t -> t -> t 27 | val sub_int : t -> int -> t 28 | val mul : t -> t -> t 29 | val div : t -> t -> t 30 | 31 | val eq : t -> t -> bool 32 | val gt : t -> t -> bool 33 | val ge : t -> t -> bool 34 | 35 | val pred : t -> t 36 | 37 | val is_zero : t -> bool 38 | 39 | val to_int : t -> int 40 | val pp : Format.formatter -> t -> unit 41 | -------------------------------------------------------------------------------- /src/base/natural.ml: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | type t = int 23 | 24 | let create n = 25 | assert (n >= 0); 26 | n 27 | 28 | let add_int n i = create (n + i) 29 | let add n1 n2 = add_int n1 n2 30 | let sub_int n i = create (n - i) 31 | let sub n1 n2 = sub_int n1 n2 32 | 33 | let mul n1 n2 = n1 * n2 34 | let div = (/) 35 | 36 | let eq = (=) 37 | let gt = (>) 38 | let ge = (>=) 39 | 40 | let is_zero = eq 0 41 | let pred n = create (n - 1) 42 | let to_int n = n 43 | 44 | let pp ppf = Format.fprintf ppf "%d" 45 | -------------------------------------------------------------------------------- /src/dwarf/dwarf_expr.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | val map : int -> Dba.Expr.t 23 | (** [map n] according to the DWARF Register Number Mapping *) 24 | 25 | type t 26 | 27 | val load : [ `x32 | `x64 ] -> Loader_buf.cursor -> t 28 | (** [load cursor] read a DWARF expression at the current cursor position *) 29 | 30 | val loc : ?cfa:Dba.Expr.t -> t -> Dba.Expr.t 31 | (** [loc ~cfa expr] interpret the expression expr 32 | according to the Canonical Frame Address *) 33 | 34 | include Sigs.PRINTABLE with type t := t 35 | -------------------------------------------------------------------------------- /src/disasm/x86/x86_options.ml: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | include Cli.Options( 23 | struct 24 | let name = "x86" 25 | let shortname = name 26 | end 27 | ) 28 | 29 | module HandleSegments = 30 | Builder.String_set( 31 | struct 32 | let name = "handle-seg" 33 | let doc = "Activate set of segments" 34 | end) 35 | 36 | module ProtectedMode = Builder.False ( 37 | struct 38 | let name = "protected-mode" 39 | let doc = 40 | "Activate protected mode memory addressing (using segment selectors)" 41 | end 42 | ) 43 | -------------------------------------------------------------------------------- /src/base/fstack.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | (** Simple functional stack *) 23 | 24 | module type Typed = sig 25 | type t 26 | end 27 | 28 | module Make (X : Typed) : sig 29 | type elem = X.t 30 | type t 31 | 32 | val empty : t 33 | val singleton : elem -> t 34 | val push : elem -> t -> t 35 | 36 | val pop : t -> elem * t 37 | val top : t -> elem 38 | 39 | val is_empty : t -> bool 40 | val length : t -> int 41 | 42 | val iter : (elem -> unit) -> t -> unit 43 | val fold : ('a -> elem -> 'a) -> 'a -> t -> 'a 44 | end 45 | -------------------------------------------------------------------------------- /src/base/array_utils.ml: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | let rec untili p t i = 23 | if i = Array.length t then raise Not_found 24 | else if p t.(i) then i 25 | else untili p t @@ i + 1 26 | 27 | let findi p t = untili p t 0 28 | 29 | let find p t = t.(findi p t) 30 | 31 | let fold_lefti f a t = 32 | let a = ref a in 33 | for i = 0 to Array.length t - 1 do 34 | a := f i !a t.(i) 35 | done; 36 | !a 37 | 38 | let fold_righti f a t = 39 | let a = ref a in 40 | for i = Array.length t - 1 downto 0 do 41 | a := f i !a t.(i) 42 | done; 43 | !a 44 | -------------------------------------------------------------------------------- /src/base/mnemonic.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | (** {1 Mnemonic } *) 23 | 24 | type t = private 25 | | Unknown (** Opcodes which do not have a valid mnemonic translation *) 26 | | Unsupported of string option (** Opcodes which have a valid mnemonic but do not have a handled mnemonic translation *) 27 | | Supported of string 28 | 29 | 30 | val supported : 'a -> (Format.formatter -> 'a -> unit) -> t 31 | val unsupported : ?mnemonic_hint:string -> unit -> t 32 | val unknown : t 33 | val pp : Format.formatter -> t -> unit 34 | val to_string : t -> string 35 | -------------------------------------------------------------------------------- /src/base/utils.ml: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | let get_opt_or_default default = function 23 | | None -> default 24 | | Some x -> x 25 | 26 | let unsafe_get_opt = function 27 | | None -> assert false 28 | | Some x -> x 29 | 30 | let is_none = function 31 | | None -> true 32 | | Some _ -> false 33 | 34 | let time f = 35 | let tinitial = Unix.gettimeofday () in 36 | let res = f () in 37 | let tend = Unix.gettimeofday () in 38 | tend -. tinitial, res 39 | 40 | let random_max_int = 41 | let max_n = int_of_float (2. ** 30. -. 1.) in 42 | fun () -> Random.int max_n 43 | -------------------------------------------------------------------------------- /src/disasm/simplify/simplification_options.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | include Cli.S 23 | 24 | module Display_statistics : Cli.BOOLEAN 25 | 26 | (** Defaults to [false] *) 27 | 28 | type pmap = 29 | (Dba.Instr.t * Instruction.Generic.t option) 30 | Dba_types.Caddress.Map.t 31 | 32 | 33 | 34 | type specifics = 35 | | All 36 | | NoInline 37 | | NoSummaries 38 | 39 | type simplification = 40 | | No_simplification 41 | | Program 42 | | Function of specifics 43 | | Sequence of specifics 44 | 45 | module Simplification : Cli.GENERIC with type t = simplification 46 | -------------------------------------------------------------------------------- /src/relse/relse_stubs.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | module Make(IS : Relse_insecurity.INSECURITY_STATE) : sig 22 | type return_type = 23 | | Continue of Relse_path.Path_state.t * IS.t 24 | | Skip of Relse_path.Path_state.t * IS.t 25 | | Terminated 26 | 27 | type t 28 | 29 | val init : unit -> t 30 | 31 | (** [check ctx ps] Updates the stub context [ctx] and the path state 32 | [ps] according to the current instruction. *) 33 | val check : t -> Relse_path.Path_state.t -> IS.t -> return_type 34 | 35 | (** The empty list of stubs *) 36 | val empty: t 37 | end 38 | -------------------------------------------------------------------------------- /src/base/mnemonic.ml: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | open Format 23 | type t = 24 | | Unknown 25 | | Unsupported of string option 26 | | Supported of string 27 | 28 | let unknown = Unknown 29 | let unsupported ?mnemonic_hint () = Unsupported mnemonic_hint 30 | let supported v pp = Supported (asprintf "%a" pp v) 31 | 32 | let pp ppf = function 33 | | Supported v -> fprintf ppf "%s" v 34 | | Unknown -> fprintf ppf "unknown" 35 | | Unsupported None -> fprintf ppf "unsupported" 36 | | Unsupported (Some descr) -> fprintf ppf "unsupported %s" descr 37 | 38 | let to_string v = asprintf "%a" pp v 39 | -------------------------------------------------------------------------------- /src/disasm/arm/armToDba.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | val decode : 23 | Lreader.t -> Virtual_address.t -> Instruction.Generic.t * Dhunk.t 24 | (** [decode r addr] decodes what is at address [addr] in reader [r]. 25 | *) 26 | 27 | 28 | val cached_decode: 29 | Lreader.t -> Virtual_address.t -> Instruction.Generic.t * Dhunk.t 30 | (** Use 31 | [let decode = cached_decode reader in 32 | decode addr1; 33 | ... 34 | decode addrn; ] 35 | 36 | if you want to use a cached decoder, adapted for a new reader. 37 | 38 | The cached decoder assumes that the code will not change dynamically. 39 | *) 40 | -------------------------------------------------------------------------------- /src/loader/loader_types.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | type section_flag = Read | Write | Exec 23 | 24 | type 'a map = { 25 | raw : 'a; 26 | virt : 'a; 27 | } 28 | 29 | (** Some aliases to make more explicit the nature of values being read. As a 30 | first approximation, all values are expected to fit in OCaml integers. *) 31 | type u8 = int 32 | type u16 = int 33 | type u32 = int 34 | type u64 = int (* Bye bye 32 bits. 63 bits ought to be enough for anyone. *) 35 | 36 | type s8 = int 37 | type s16 = int 38 | type s32 = int 39 | type s64 = int (* Bye bye 32 bits. 63 bits ought to be enough for anyone. *) 40 | -------------------------------------------------------------------------------- /src/disasm/decode_utils.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | val int64_to_littleendian_bin : Int64.t -> int -> string 23 | 24 | val hex_string_to_bin : string -> string 25 | 26 | val string_to_hex : ?with_space:bool -> string -> string 27 | 28 | val little_string_to_big_string : ?with_space:bool -> string -> string 29 | 30 | val string_to_big_int : string -> Bigint.t 31 | 32 | val decode_hex_opcode : ?addr:Int64.t -> string -> string * Dhunk.t 33 | val decode_bin_opcode : ?addr:int64 -> string -> string * Dhunk.t 34 | val decode_opcode : ?addr:Int64.t -> Binstream.t -> string * Dhunk.t 35 | 36 | 37 | val int64_to_char: int64 -> char 38 | -------------------------------------------------------------------------------- /src/disasm/x86/x86Instruction.ml: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | include Instruction.Make( 23 | struct 24 | type t = X86Types.instruction_kind 25 | let pp ppf v = X86pp.pp_instr ppf v 26 | end) 27 | 28 | 29 | let to_generic_mnemonic = function 30 | | X86Types.Bad -> Mnemonic.unknown 31 | | X86Types.Unsupported mnemonic_hint -> 32 | Mnemonic.unsupported ~mnemonic_hint () 33 | | other -> Mnemonic.supported other X86pp.pp_instr 34 | 35 | 36 | let to_generic_instruction v = 37 | let mnemonic = to_generic_mnemonic v.mnemonic in 38 | let size = Size.Byte.to_int v.size in 39 | Instruction.Generic.create size v.opcode mnemonic 40 | -------------------------------------------------------------------------------- /src/base/file_utils.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | (** Extra functions over files *) 23 | 24 | 25 | val load : string -> string 26 | (** [load filename] return a string with the complete text of the file *) 27 | 28 | val copy : string -> string -> unit 29 | (** [copy src dst] copies filename [src] to filename [dst]*) 30 | 31 | val readlines : string -> string list 32 | (** [readlines filename] return the list of the lines of the complete text of 33 | the file [filename] *) 34 | 35 | val has_suffix : suffixes:string list -> string -> bool 36 | (** [has_suffix ~suffixes filenam] returns [true] if [filename] ends with any 37 | of the provied [suffixes] *) 38 | -------------------------------------------------------------------------------- /src/base/fstack.ml: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | module type Typed = sig 23 | type t 24 | end 25 | 26 | module Make (X : Typed) = struct 27 | 28 | type elem = X.t 29 | type t = elem list 30 | 31 | let empty = [] 32 | 33 | 34 | let is_empty l = l = [] 35 | 36 | let push e l = e :: l 37 | 38 | let singleton e = push e empty 39 | 40 | let top = function 41 | | e :: _ -> e 42 | | [] -> raise Not_found 43 | 44 | let pop = function 45 | | e :: es -> e, es 46 | | [] -> raise Not_found 47 | 48 | 49 | let iter f s = List.iter f s 50 | 51 | let fold f acc s = List.fold_left f acc s 52 | 53 | let length = List.length 54 | 55 | end 56 | -------------------------------------------------------------------------------- /src/disasm/x86/x86pp.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | (** Pretty-printers for X86 *) 23 | 24 | val pp_address : Format.formatter -> X86Types.address -> unit 25 | 26 | val pp_bytes : int -> Format.formatter -> int -> unit 27 | (** [pp_bytes n ppf v] prints the first [n] bytes of [v] into [ppf]. 28 | [n] must be between 0 (excluded) and 4 (included) as [v] represents a X86 29 | word (32 bits). 30 | *) 31 | 32 | val pp_byte : Format.formatter -> int -> unit 33 | (** [pp_byte ppf v] is [pp_bytes 1 ppf v] *) 34 | 35 | val pp_word : Format.formatter -> int -> unit 36 | (** [pp_word ppf v] is [pp_bytes 4 ppf v] *) 37 | 38 | val pp_instr : Format.formatter -> X86Types.instruction_kind -> unit 39 | -------------------------------------------------------------------------------- /src/ida/ida_options.ml: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | include Cli.Make( 23 | struct 24 | let shortname = "ida" 25 | let name = "IDA Pro interface" 26 | end 27 | ) 28 | 29 | module IdaOutputFile = 30 | Builder.String( 31 | struct 32 | let name = "o-ida" 33 | let default = "out.ida" 34 | let doc = " Set IDA output file" 35 | end) 36 | 37 | 38 | module IdaCfg = 39 | Builder.False( 40 | struct 41 | let name = "cfg-dot" 42 | let doc = " Generate CFGs in dot format" 43 | end 44 | ) 45 | 46 | module IdaSimpleCfg = 47 | Builder.True( 48 | struct 49 | let name = "simple" 50 | let doc = "Simple CFG containing basic blocks" 51 | end 52 | ) 53 | -------------------------------------------------------------------------------- /src/formula/prover.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | type executable = string ;; 23 | type arguments = string array ;; 24 | 25 | module Command : sig 26 | type t = private { 27 | executable : executable; 28 | arguments : arguments; 29 | } ;; 30 | 31 | val to_string : t -> string ;; 32 | end 33 | 34 | type t = Formula_options.solver ;; 35 | 36 | val pp : Format.formatter -> t -> unit ;; 37 | 38 | val is_boolector : t -> bool ;; 39 | val is_yices : t -> bool ;; 40 | 41 | (** {2 Accessors} *) 42 | val name_of : t -> string ;; 43 | 44 | val command : ?incremental:bool -> int -> t -> Command.t ;; 45 | 46 | val command_string : ?incremental:bool -> int -> t -> string ;; 47 | 48 | val timeout_s : int -> t -> int ;; 49 | -------------------------------------------------------------------------------- /src/sse/sse_utils.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | val temp_file : unit -> string 23 | (** [temp_file ()] create a new temporary file in 24 | [Sse_options.SMT_dir] 25 | *) 26 | 27 | val dump_file : unit -> string 28 | (** [dump_file ()] create a new temporary file in 29 | [Sse_options.SMT_log_directory] 30 | *) 31 | 32 | 33 | val mk_var_name : string -> int -> string 34 | (** [mk_var_name basename idx] *) 35 | 36 | val get_goal_addresses: unit -> Virtual_address.Set.t 37 | (** Returns the set of virtual addresses to reach according to 38 | [Sse_options.GoalAddresses] *) 39 | 40 | val get_avoid_addresses: unit -> Virtual_address.Set.t 41 | (** Returns the set of virtual addresses to avoid according to 42 | [Sse_options.AvoidAddresses] *) 43 | -------------------------------------------------------------------------------- /src/base/sequence.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | type 'a t 23 | 24 | val empty : 'a t 25 | val length : 'a t -> int 26 | val append : 'a t -> 'a t -> 'a t 27 | 28 | val push_front : 'a -> 'a t -> 'a t 29 | val push_back : 'a -> 'a t -> 'a t 30 | 31 | val peek_front : 'a t -> 'a option 32 | val peek_back : 'a t -> 'a option 33 | 34 | val pop_front : 'a t -> 'a t option 35 | val pop_back : 'a t -> 'a t option 36 | 37 | val map_forward : ('a -> 'b) -> 'a t -> 'b t 38 | val map_backward : ('a -> 'b) -> 'a t -> 'b t 39 | 40 | val iter_forward : ('a -> unit) -> 'a t -> unit 41 | val iter_backward : ('a -> unit) -> 'a t -> unit 42 | 43 | val fold_forward : ('a -> 'b -> 'b) -> 'a t -> 'b -> 'b 44 | val fold_backward : ('a -> 'b -> 'b) -> 'a t -> 'b -> 'b 45 | -------------------------------------------------------------------------------- /src/loader/elf_options.ml: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | include Cli.Make ( 23 | struct 24 | let shortname = "elf" 25 | let name = "Elf loader" 26 | end 27 | ) 28 | 29 | module Alloc = Builder.False ( 30 | struct 31 | let name = "alloc" 32 | let doc = "arbitrary but consistently allocate memory \ 33 | for relocatable object file" 34 | end 35 | ) 36 | 37 | module Reloc = Builder.False ( 38 | struct 39 | let name = "reloc" 40 | let doc = "limited support for static relocation entry" 41 | end 42 | ) 43 | -------------------------------------------------------------------------------- /src/parser/SMTLexerWp.mll: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | { 23 | open SMTParserWp 24 | exception Eof 25 | let line = ref 1 26 | } 27 | 28 | let digit = ['0'-'9''a'-'f'] 29 | let id = ['a'-'z''A'-'Z'] ['a'-'z' 'A'-'Z' '_' '0'-'9']* 30 | 31 | 32 | rule token = parse 33 | | "sat" { SATT } 34 | | "unsat" { UNSATT } 35 | | "(" { LPAREN} 36 | | ")" { RPAREN} 37 | | "error" {ERROR} 38 | | '"' "line " digit+ " column " digit+": model is not available" '"' {ERROR_MSG} 39 | | id as ident { IDENT(ident)} 40 | | ('#' ['x' 'b' 'o'] digit+ as num) { NUM(num)} 41 | | '\n' { incr line; Lexing.new_line lexbuf; token lexbuf } 42 | | [' ' '\t'] { token lexbuf } 43 | | eof { EOF } 44 | | _ as c { let m = Format.asprintf "SMTLexerWp: Unexpected symbol : '%c' at line %d" c !line in failwith m } 45 | -------------------------------------------------------------------------------- /src/dba/dba_to_formula.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | (** Convert some DBA structure to Smtlib *) 23 | 24 | (** Raised if trying to convert DBA operators 25 | that don't have equivalent in smtlib2. The 26 | two operators that don't have equivalent are: 27 | {!const:Dba.LeftRotate} and {!const:Dba.RightRotate} that 28 | can take a variable shift value while smtlib2 29 | only support constant *) 30 | exception NoSmtEquivalent 31 | 32 | (** convert a DBA unary operator to a Smtlib 33 | unary operator *) 34 | val unary: Dba.Unary_op.t -> Formula.bv_unop 35 | 36 | (** convert a DBA binary operator to a Smtlib 37 | binary operator *) 38 | val binary: Dba.Binary_op.t -> 39 | [ `Unop of Formula.bv_unop | `Bnop of Formula.bv_bnop | `Comp of Formula.bv_comp] 40 | -------------------------------------------------------------------------------- /src/base/prettytbl.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | type alignment = L | C | R 23 | 24 | module Column : sig 25 | type t 26 | 27 | val default : t 28 | 29 | val make: ?min_length:int -> ?max_length:int 30 | -> ?left_border:string -> ?right_border:string 31 | -> ?align:alignment -> unit -> t 32 | (** [make ~min_lenght ~max_length ~left_border ~right_border ~align ()] *) 33 | end 34 | 35 | type t 36 | 37 | val make: Column.t array -> t 38 | (** [make columns] create a new table of [Array.length columns] columns *) 39 | 40 | val append: t -> string array -> unit 41 | (** [append tbl row] append a new row [row] to the table [tbl]. [row] should 42 | have the length equal to the column array used to create [tbl] *) 43 | 44 | include Sigs.PRINTABLE with type t := t 45 | -------------------------------------------------------------------------------- /src/ast/cfgraph.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | type state = private 23 | | Active 24 | | Inactive 25 | 26 | module Node : Graph.Sig.COMPARABLE with type t = string * state 27 | 28 | module Edge : Graph.Sig.ORDERED_TYPE_DFT with type t = string 29 | 30 | module G : sig 31 | include Graph.Sig.P with type V.t = Node.t 32 | and type V.label = Node.t 33 | and type E.t = Node.t * Edge.t * Node.t 34 | and type E.label = Edge.t 35 | 36 | val mk_active_node : string -> V.t 37 | val mk_inactive_node : string -> V.t 38 | end 39 | 40 | module Dot : sig 41 | val fprint_graph : Format.formatter -> G.t -> unit 42 | val output_graph : Pervasives.out_channel -> G.t -> unit 43 | val output_graph_to_file : string -> G.t -> unit 44 | end 45 | -------------------------------------------------------------------------------- /src/base/virtual_address.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | (** {2 Virtual addresses} 23 | 24 | A virtual address is a simple location information corresponding to a 25 | physical (virtual) address of the underlying machine. 26 | *) 27 | 28 | type t = private int 29 | val create : int -> t 30 | val to_int : t -> int 31 | val equal: t -> t -> bool 32 | 33 | val of_int64 : int64 -> t 34 | val of_bitvector : Bitvector.t -> t 35 | 36 | val to_int64 : t -> int64 37 | 38 | val of_bigint : Bigint.t -> t 39 | val to_bigint : t -> Bigint.t 40 | 41 | val of_string : string -> t 42 | 43 | val add_int : int -> t -> t 44 | val succ : t -> t 45 | val pred : t -> t 46 | 47 | include Sigs.PRINTABLE with type t := t 48 | include Sigs.Collection with type t := t 49 | 50 | val pp_set : Format.formatter -> Set.t -> unit 51 | -------------------------------------------------------------------------------- /src/smtlib/locations.ml: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | type t = { 23 | loc_start: Lexing.position; 24 | loc_end: Lexing.position; 25 | } 26 | ;; 27 | 28 | let mk_loc loc_start loc_end = { loc_start; loc_end; } ;; 29 | 30 | let in_file name = 31 | let loc = { 32 | Lexing.pos_fname = name; 33 | Lexing.pos_lnum = 1; 34 | Lexing.pos_bol = 0; 35 | Lexing.pos_cnum = -1; 36 | } 37 | in 38 | { loc_start = loc; loc_end = loc; } 39 | ;; 40 | 41 | let none = in_file "_none_";; 42 | 43 | let dummy_loc = { loc_start = Lexing.dummy_pos; loc_end = Lexing.dummy_pos; } 44 | 45 | let pp_lines ppf loc = 46 | let lstart = loc.loc_start.Lexing.pos_lnum 47 | and lend = loc.loc_end.Lexing.pos_lnum in 48 | if lstart = lend then Format.fprintf ppf "%d" lstart 49 | else Format.fprintf ppf "%d-%d" lstart lend 50 | 51 | -------------------------------------------------------------------------------- /src/ast/instr_cfg.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | 23 | 24 | module type S = sig 25 | include Cfg.S 26 | 27 | val ordered_iter_vertex: 28 | compare:(vertex -> vertex -> int) -> (vertex -> unit) -> t -> unit 29 | 30 | val iter_vertex_by_address : (vertex -> unit) -> t -> unit 31 | 32 | val output_graph : Pervasives.out_channel -> 33 | t -> entry:vertex -> Virtual_address.t list -> unit 34 | 35 | val dump : filename:string -> t -> unit 36 | end 37 | 38 | 39 | module Make(H:Hashtbl.HashedType): S with type addr = Virtual_address.t 40 | and type inst = Instruction.t 41 | and type symb = H.t 42 | 43 | include S with type addr = Virtual_address.t 44 | and type inst = Instruction.t 45 | and type symb = string 46 | -------------------------------------------------------------------------------- /src/loader/loader.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | type ('a,'b,'c) t_pack = ELF of 'a | PE of 'b | Dump of 'c 23 | type ('a,'b,'c) header_pack = ELF_header of 'a | PE_header of 'b | Dump_header of 'c 24 | 25 | include Loader_sigs.S 26 | with type Section.t = (Loader_elf.Section.t, Loader_pe.Section.t, Loader_dump.Section.t) t_pack 27 | and type Symbol.t = (Loader_elf.Symbol.t, Loader_pe.Symbol.t, Loader_dump.Symbol.t) t_pack 28 | and type Img.t = (Loader_elf.Img.t, Loader_pe.Img.t, Loader_dump.Img.t) t_pack 29 | and type Section.header = (Loader_elf.Section.header, Loader_pe.Section.header, Loader_dump.Section.header) header_pack 30 | and type Symbol.header = (Loader_elf.Symbol.header, Loader_pe.Symbol.header, Loader_dump.Symbol.header) header_pack 31 | and type Img.header = (Loader_elf.Img.header, Loader_pe.Img.header, Loader_dump.Img.header) header_pack 32 | -------------------------------------------------------------------------------- /src/disasm/arm/arm_options.ml: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | include Cli.Options( 23 | struct 24 | let name = "arm" 25 | let shortname = name 26 | end 27 | ) 28 | 29 | type supported_mode = Thumb | Arm 30 | 31 | module SupportedMode = Builder.Variant_choice (struct 32 | type t = supported_mode 33 | 34 | let name = "supported-mode" 35 | 36 | let default = Arm 37 | 38 | let doc = 39 | "Can be used to decode thumb instructions or arm instructions \ 40 | (default: arm)." 41 | 42 | let to_string = function Thumb -> "thumb" | Arm -> "arm" 43 | 44 | let of_string = function 45 | | "thumb" -> Thumb 46 | | "arm" -> Arm 47 | | x -> 48 | raise 49 | (Invalid_argument 50 | (x 51 | ^ " is not a valid arm decoding mode. Expected one of both, thumb \ 52 | or arm.")) 53 | 54 | let choices = [ "thumb"; "arm" ] 55 | end) 56 | -------------------------------------------------------------------------------- /src/base/size.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | (** {2 Size} *) 23 | 24 | module type Size = sig 25 | type t = private Natural.t 26 | val create : int -> t 27 | val of_string : string -> t 28 | val of_int32 : int32 -> t 29 | val to_int : t -> int 30 | val eq : t -> t -> bool 31 | val pp : Format.formatter -> t -> unit 32 | val pp_hex : Format.formatter -> t -> unit 33 | val add : t -> t -> t 34 | val sub : t -> t -> t 35 | val div : t -> t -> t 36 | val mul : t -> t -> t 37 | val pred : t -> t 38 | val is_zero : t -> bool 39 | end 40 | 41 | module Bit : sig 42 | include Size 43 | 44 | val bits1 : t 45 | val bits8 : t 46 | val bits16 : t 47 | val bits32 : t 48 | val bits64 : t 49 | val bits128 : t 50 | end 51 | 52 | module Byte : sig 53 | include Size 54 | val to_bitsize : t -> Bit.t 55 | val of_bitsize : Bit.t -> t 56 | val unsafe_of_bits : int -> t 57 | end 58 | -------------------------------------------------------------------------------- /src/disasm/simplify/simplification_dba_utils.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | (** Generic utility functions for DBA simplification *) 23 | 24 | type stats 25 | val statistics : 26 | (Dba.Instr.t * 'a) Dba_types.Caddress.Map.t -> stats 27 | 28 | val display_results : 29 | stats -> 30 | (Dba.Instr.t * 'a) Dba_types.Caddress.Map.t -> 31 | Format.formatter -> float -> unit 32 | 33 | 34 | val must_lhs_expr_equal : Dba.LValue.t -> Dba.Expr.t -> bool 35 | 36 | val lhs_mustkilled_by_lhs : Dba.LValue.t -> Dba.LValue.t -> bool 37 | val lhs_mayused_in_expr : Dba.LValue.t -> Dba.Expr.t -> bool 38 | val lhs_mayused_in_lhs : Dba.LValue.t -> Dba.LValue.t -> bool 39 | 40 | val is_not_mayused : 41 | (Dba.Instr.t * 'a) Dba_types.Caddress.Map.t -> 42 | Dba_types.Caddress.Map.key -> int -> Dba.LValue.t -> 43 | bool Basic_types.String.Map.t Dba_types.Caddress.Map.t -> 44 | bool Basic_types.String.Map.t Dba_types.Caddress.Map.t * bool 45 | -------------------------------------------------------------------------------- /src/base/utils.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | (** Generic utilities *) 23 | 24 | (** {2 Option types }*) 25 | val get_opt_or_default : 'a -> 'a option -> 'a 26 | (** [get_opt_or_default default vopt] returns [default] if [vopt] is None, the 27 | contents of [vopt] otherwise *) 28 | 29 | val unsafe_get_opt : 'a option -> 'a 30 | (** [unsafe_get_opt vopt] retrieves the contents of [vopt]. 31 | Raise [Assert_failure] if [vopt] is [None]. 32 | *) 33 | 34 | val is_none : 'a option -> bool 35 | (** [is_none vopt] tests if [vopt] is indeed [None]. *) 36 | 37 | (** {2 Timing } *) 38 | 39 | val time: (unit -> 'a) -> float * 'a 40 | (** [time f] times the execution of function f and returns both the time taken 41 | and the result *) 42 | 43 | 44 | val random_max_int : unit -> int 45 | (** [random_max_int ()] generates a random number between 0 and 2^30 - 1. 46 | This second value is the maximum accepted by Random.int. 47 | *) 48 | -------------------------------------------------------------------------------- /src/disasm/simplify/simplification_dba.ml: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | let simplify_dba inst_map = 23 | match Simplification_options.Simplification.get () with 24 | | Simplification_options.No_simplification -> inst_map 25 | | _ -> 26 | begin 27 | let simplify () = 28 | Simplification_dba_prog.remove_mustkill_lfp inst_map |> 29 | Simplification_dba_block.block_simplifications |> 30 | Simplification_dba_prog.remove_goto 31 | in 32 | Simplification_options.Logger.debug "Starting DBA simplification ..."; 33 | let stats = Simplification_dba_utils.statistics inst_map in 34 | let t, res = Utils.time simplify in 35 | if Simplification_options.Display_statistics.get () && 36 | not (Dba_types.Caddress.Map.is_empty res) then 37 | Simplification_options.Logger.info "%a" 38 | (Simplification_dba_utils.display_results stats res) t; 39 | res 40 | end 41 | -------------------------------------------------------------------------------- /src/ida/ida_utils.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | module VA = Virtual_address 23 | 24 | val to_vaddr : string -> VA.t 25 | val strip_enclosing_chars : string -> string 26 | val parse_calls : string -> (VA.t * VA.t * VA.t) list 27 | val clean_mnemonic : string -> string 28 | val to_supported : VA.t -> Mnemonic.t -> Mnemonic.t 29 | val read_list : string -> string list 30 | 31 | module Dot : sig 32 | val pp_id : Format.formatter -> Graph.Dot_ast.id -> unit 33 | val pp_a : Format.formatter -> 34 | Graph.Dot_ast.id * Graph.Dot_ast.id option -> unit 35 | val pp_attr : Format.formatter -> 36 | (Graph.Dot_ast.id * Graph.Dot_ast.id option) list -> unit 37 | val pp_attrs : Format.formatter -> 38 | (Graph.Dot_ast.id * Graph.Dot_ast.id option) list list -> unit 39 | val pp_node_id : Format.formatter -> Graph.Dot_ast.id * 'a -> unit 40 | val pp_node : Format.formatter -> Graph.Dot_ast.node -> unit 41 | val pp_stmt : Format.formatter -> Graph.Dot_ast.stmt -> unit 42 | end 43 | -------------------------------------------------------------------------------- /src/utils/colors.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | (** General color definitions for outputs *) 23 | 24 | type color = int 25 | 26 | val rgb : int -> int -> int -> color 27 | 28 | val pp_with_prefix : string -> Format.formatter -> color -> unit 29 | val pp : Format.formatter -> color -> unit 30 | (** [pp ppf color] is [pp_with_prefix "#" ppf color] *) 31 | 32 | module FlatUI : sig 33 | val turquoise : color 34 | val greensea : color 35 | val emerland : color 36 | val nephritis : color 37 | val peterriver : color 38 | val belizehole : color 39 | val amethyst : color 40 | val wisteria : color 41 | val wetasphalt : color 42 | val midnightblue : color 43 | val sunflower : color 44 | val orange : color 45 | val carrot : color 46 | val pumpkin : color 47 | val alizarin : color 48 | val pomegranate : color 49 | val clouds : color 50 | val silver : color 51 | val concrete : color 52 | val asbestos : color 53 | end 54 | -------------------------------------------------------------------------------- /src/base/file_utils.ml: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | let load (filename:string): string = 23 | let ic = open_in filename in 24 | let n = in_channel_length ic in 25 | let s = Bytes.create n in 26 | Pervasives.really_input ic s 0 n; 27 | close_in ic; 28 | Bytes.unsafe_to_string s 29 | 30 | let copy (input:string) (output:string): unit = 31 | let s = load input in 32 | let ic = open_out output in 33 | output_string ic s; 34 | close_out ic 35 | 36 | let readlines (filename:string): string list = 37 | let fd = open_in filename in 38 | let lines = ref [] in 39 | try 40 | while true do 41 | let line = input_line fd in 42 | lines := line :: !lines 43 | done; 44 | assert false 45 | with End_of_file -> 46 | begin 47 | close_in fd; 48 | List.rev !lines 49 | end 50 | 51 | 52 | let has_suffix ~suffixes filename = 53 | let rec loop = function 54 | | [] -> false 55 | | sfx :: sfxs -> Filename.check_suffix filename sfx || loop sfxs 56 | in loop suffixes 57 | -------------------------------------------------------------------------------- /src/ida/README.md: -------------------------------------------------------------------------------- 1 | ## Install 2 | - IDA Pro version 6.9.151221 (32-bit) and python version 2.7 3 | - Graph-Easy version 0.7.6 (https://metacpan.org/pod/Graph::Easy) 4 | - BINSEC (see README) 5 | 6 | ## Workflow 7 | The goal of the BINIDA plugin is to extract information of the input binary in 8 | x86 using the disassembler IDA Pro, then construct the control flow graphs (CFG) 9 | that is represented by the data structure of BINSEC's CFG. It provides an 10 | additional option to disassemble x86 binaries apart from the existing module 11 | `src/disasm`. The structure of the BINIDA source code is as follows: 12 | 13 | `src/ida` 14 | - `ida.py`: IDAPython script for parsing the input binary, generating the call 15 | graph and outputting the ida file containing the binary information. 16 | - `run_ida.py`: Python script for executing the plugin BINIDA. 17 | - `ida.ml(i)`: the main function. 18 | - `ida_options.ml(i)`: identifying input arguments. 19 | - `ida_cg.ml(i)`: parsing the callgraph. 20 | - `ida_cfg.ml(i)`: parsing the ida file to generate CFGs. 21 | - `ida_utils.ml(i)`: some utilities. 22 | 23 | The ida file contain the information of functions, basic blocks and instructions as follows: 24 | ``` 25 | Function {start_addr; func_name} 26 | BasicBlock [start_addr; (instructions); (bb_preds); (bb_succs); \ 27 | (caller_call_addr-callee_start_addr-caller_return_addr)] 28 | Instruction (addr; disasm; opcodes; bb_start_addr; func_name) 29 | ``` 30 | 31 | ## Usage 32 | 33 | #### 1. Runing IDAPython script `ida.py` 34 | - `--output-dir`: the absolute path of the output directory. 35 | - `--call-graph` (True/False): generate the call graph. 36 | - `--ida-graph` (True/False): if True, generate the original IDA graph, meaning 37 | one basic block could have multiple call instructions. Otherwise, we consider 38 | function calls as basic block boundaries. 39 | 40 | ``` 41 | export IDA_PATH=/path/to/ida-6.9/idaq 42 | export BINSEC_PATH=/path/to/binsec 43 | $IDA_PATH -B "-S$BINSEC_PATH/src/ida/ida.py --output-dir=/output/path \ 44 | --call-graph=True --ida-graph=True" /path/to/binary 45 | ``` 46 | 47 | #### 2. Running `run_ida.py` 48 | - `--bin_file`: the absolute path of the x86 binary. 49 | - `--ida_graph`: similar to the option `--ida-graph` of `ida.py`. 50 | - `--simple`: nodes of CFG are basic blocks. If not, nodes are instructions. 51 | 52 | ``` 53 | export IDA_PATH=/path/to/ida-6.9/idaq 54 | export BINSEC_PATH=/path/to/binsec 55 | export GRAPH_EASY_PATH=/path/to/graph-easy 56 | $BINSEC_PATH/src/ida/run_ida.py --bin_file /path/to/binary --ida_graph --simple 57 | ``` 58 | -------------------------------------------------------------------------------- /src/parser/SMTParserWp.mly: -------------------------------------------------------------------------------- 1 | /**************************************************************************/ 2 | /* This file is part of BINSEC. */ 3 | /* */ 4 | /* Copyright (C) 2016-2019 */ 5 | /* CEA (Commissariat à l'énergie atomique et aux énergies */ 6 | /* alternatives) */ 7 | /* */ 8 | /* you can redistribute it and/or modify it under the terms of the GNU */ 9 | /* Lesser General Public License as published by the Free Software */ 10 | /* Foundation, version 2.1. */ 11 | /* */ 12 | /* It is distributed in the hope that it will be useful, */ 13 | /* but WITHOUT ANY WARRANTY; without even the implied warranty of */ 14 | /* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the */ 15 | /* GNU Lesser General Public License for more details. */ 16 | /* */ 17 | /* See the GNU Lesser General Public License version 2.1 */ 18 | /* for more details (enclosed in the file licenses/LGPLv2.1). */ 19 | /* */ 20 | /**************************************************************************/ 21 | 22 | %token SATT UNSATT LPAREN RPAREN EOF ERROR ERROR_MSG 23 | %token IDENT 24 | %token NUM 25 | 26 | 27 | %start main 28 | %type main 29 | %% 30 | 31 | verdict: 32 | | SATT { Some Formula.SAT } 33 | | UNSATT { Some Formula.UNSAT } 34 | ; 35 | 36 | main: 37 | | v=verdict; m=main; { v, snd m } 38 | | args=delimited(LPAREN, args, RPAREN); m=main; 39 | { None, args @ (snd m)} 40 | | EOF { (None, []) } 41 | | error { 42 | Kernel_options.Logger.error "SMTParserWp: Unexpected token in main"; 43 | None, [] } 44 | ; 45 | 46 | args : 47 | | ERROR ERROR_MSG { [] } 48 | | values=list(value); { [values] } 49 | ; 50 | 51 | memory_ident : 52 | | LPAREN id1=IDENT; id2=IDENT; n=NUM; RPAREN 53 | { Format.sprintf "%s %s %s" id1 id2 n } 54 | ; 55 | 56 | value: 57 | | id=IDENT; n=NUM; { id, n } 58 | | id=memory_ident; n=NUM; { id, n } 59 | | LPAREN v=value; RPAREN { v } 60 | ; 61 | -------------------------------------------------------------------------------- /src/parser/parse_utils.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | 23 | (** General BINSEC related utilities *) 24 | 25 | (** parses a file with nice error messages *) 26 | val read_file: 27 | parser:('a -> Lexing.lexbuf -> 'b) -> lexer:'a -> filename:string -> 'b 28 | 29 | (** parses the content of a string with nice error messages *) 30 | val read_string: 31 | parser:('a -> Lexing.lexbuf -> 'b) -> lexer:'a -> string:string -> 'b 32 | 33 | val read_dba_file : string -> Dba_types.program 34 | 35 | val read_optional_config_file : string option -> Infos.t 36 | (** [read_optional_config_file optfile] parses [optfile] if it is not [None]. 37 | Otherwise, or in case of parse error, it returns [Infos.default]. 38 | If a start address has been set on the command line, it tries to set it. 39 | 40 | Caveat: if an entry point has been set both through a configuration file and 41 | the command line, [read_optional_config_file] fails. 42 | *) 43 | 44 | exception Invalid_dba_string of string 45 | 46 | val instruction_of_string : string -> Dba.Instr.t 47 | -------------------------------------------------------------------------------- /src/formula/formula_options.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | include Cli.S 23 | 24 | module Flatten_memory : Cli.BOOLEAN 25 | (** Remove the array theory from formula generated. 26 | 27 | {b Warning: 28 | only works when providing a full concrete memory addressing 29 | as concretization policy} 30 | *) 31 | 32 | module No_stitching: Cli.BOOLEAN 33 | 34 | (** {2 Formula optimizations} *) 35 | module OptimAll : Cli.BOOLEAN 36 | 37 | module OptimCst : Cli.BOOLEAN 38 | 39 | module OptimItv : Cli.BOOLEAN 40 | 41 | module OptimPrn : Cli.BOOLEAN 42 | 43 | module OptimRbs : Cli.BOOLEAN 44 | 45 | module OptimRow : Cli.BOOLEAN 46 | 47 | module OptimSsa : Cli.BOOLEAN 48 | 49 | module OptimLst : Cli.INTEGER 50 | 51 | type solver = 52 | | Boolector 53 | | Z3 54 | | CVC4 55 | | Yices 56 | 57 | module Solver : sig 58 | include Cli.GENERIC with type t = solver 59 | 60 | module Timeout : Cli.INTEGER 61 | (** Default timeout for solver queries *) 62 | 63 | module Options : Cli.STRING_OPT 64 | (** Set solver options -- ignore default ones *) 65 | end 66 | -------------------------------------------------------------------------------- /src/base/array_utils.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | (** Extra functions over arrays *) 23 | 24 | val find : ('a -> bool) -> 'a array -> 'a 25 | (** [find p a] returns the first element of the array [a] that satisfies the predicate [p]. 26 | @raise Not_found if there is no value that satisfies [p] in the array [a] 27 | *) 28 | 29 | val findi : ('a -> bool) -> 'a array -> int 30 | (** [find p a] returns the index of the first element of the array [a] that 31 | satisfies the predicate [p]. 32 | @raise Not_found if there is no value that satisfies [p] in the array [a] 33 | *) 34 | 35 | val fold_lefti : (int -> 'a -> 'b -> 'a) -> 'a -> 'b array -> 'a 36 | (** Same as Array.fold_left, but the function is applied with the index 37 | of the element as first argument, and the element itself as third argument 38 | *) 39 | 40 | val fold_righti : (int -> 'a -> 'b -> 'a) -> 'a -> 'b array -> 'a 41 | (** Same as Array.fold_right, but the function is applied with the index 42 | of the element as first argument, and the element itself as third argument 43 | *) 44 | -------------------------------------------------------------------------------- /src/disasm/disasm_options.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | include Cli.S 23 | 24 | (** Command-line options specific to disassembly *) 25 | 26 | module DbaOutputFile : Cli.STRING 27 | 28 | module OpcodeOutputFile : Cli.STRING_OPT 29 | 30 | module NoLoaderMode : Cli.BOOLEAN 31 | (** Default to [false]. Loader is activated by default *) 32 | 33 | module IgnoreUnhandledInstructions : Cli.BOOLEAN 34 | (** Defaults to [true] **) 35 | 36 | module ShowInstructionCount : Cli.BOOLEAN 37 | 38 | module Sections : Cli.STRING_SET 39 | 40 | module Functions : Cli.STRING_SET 41 | 42 | module SimplifiedDisassembly : Cli.BOOLEAN 43 | 44 | type disassembly_mode = 45 | | Recursive | Linear | Linear_byte_wise | Extended_linear 46 | 47 | module Disassembly_mode : Cli.GENERIC with type t = disassembly_mode 48 | 49 | module Decode_instruction : Cli.STRING_OPT 50 | 51 | module Decode_replacement : Cli.STRING_OPT 52 | 53 | module Decode_llvm : Cli.STRING_OPT 54 | 55 | module CFG_graph : Cli.BOOLEAN 56 | 57 | module Disasm_at : Cli.INTEGER ;; 58 | 59 | module Cache_decoder : Cli.BOOLEAN ;; 60 | -------------------------------------------------------------------------------- /src/disasm/x86/x86toDba.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | (** Lifter from X86 to DBA *) 23 | 24 | exception InstructionUnhandled of string 25 | 26 | (** {2 Access to internal statistics} *) 27 | 28 | val handled_instructions : unit -> int * int 29 | (** insertions / unique insertions *) 30 | 31 | val unknown_instructions : unit -> int * int 32 | (** insertions / unique insertions *) 33 | 34 | val native_instructions_decoded : unit -> int 35 | (** Number of decoded instructions. 36 | This is always equal to 37 | [fst (handled_instructions ()) + fst (unknown_instructions ())] 38 | *) 39 | 40 | val pp_unknown_instructions : Format.formatter -> unit -> unit 41 | 42 | val decode: 43 | Lreader.t -> Virtual_address.t -> X86Instruction.t * Dhunk.t 44 | 45 | val decode_binstream: 46 | ?base_addr:Virtual_address.t -> Binstream.t -> X86Instruction.t * Dhunk.t 47 | (** [decode_binstream base_addr bstream] decodes a binary stream whose address 48 | is supposed to be [base_addr] into an instruction and its DBA hunk encoding. 49 | 50 | - [base_addr] defaults to 0 51 | *) 52 | -------------------------------------------------------------------------------- /src/ida/ida_cg.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | module Node : sig 23 | module T : sig 24 | type t = 25 | | Entrypoint 26 | | Text 27 | | Plt 28 | val to_string : t -> string 29 | val pp : Format.formatter -> t -> unit 30 | end 31 | type t 32 | val nid : t -> Graph.Dot_ast.id 33 | val func : t -> Ida_cfg.Function.t 34 | val typ : t -> T.t 35 | val create : ?nid:Graph.Dot_ast.id -> 36 | Ida_cfg.Function.t -> T.t -> t 37 | val pp : Format.formatter -> t -> unit 38 | val pp_short : Format.formatter -> t -> unit 39 | val pp_list : Format.formatter -> t list -> unit 40 | val equal : t -> t -> bool 41 | end 42 | 43 | module Edge : sig 44 | type t 45 | val src : t -> Node.t 46 | val dst : t -> Node.t 47 | val create : Node.t -> Node.t -> t 48 | val pp : Format.formatter -> t -> unit 49 | val pp_list : Format.formatter -> t list -> unit 50 | end 51 | 52 | include Cfg.S with type addr = Node.t 53 | and type inst = Node.t 54 | and type symb = Node.t 55 | 56 | module Parse : sig 57 | val build_cg : cg_file:string -> t 58 | end 59 | -------------------------------------------------------------------------------- /src/dwarf/dwarf.ml: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | type t = 23 | { 24 | units : Dwarf_cunit.t list; 25 | frame : Dwarf_frame.t; 26 | lines : Dwarf_lines.t; 27 | } 28 | 29 | let load img : t = 30 | let units = Dwarf_cunit.load img in 31 | let frame = Dwarf_frame.load img in 32 | let lines = Dwarf_lines.load img in 33 | {units; frame; lines} 34 | 35 | let pp ppf debug : unit = 36 | Format.fprintf ppf "@[Contents of the .debug_info section:@ "; 37 | List.iter 38 | (fun unit -> Format.pp_print_space ppf (); Dwarf_cunit.pp ppf unit) 39 | debug.units; 40 | Format.fprintf ppf "@]@ @[Contents of the frame section:@ @ "; 41 | Dwarf_frame.pp ppf debug.frame; 42 | Format.fprintf ppf 43 | "@]@ @[Decoded dump of debug contents of section .debug_line:@ @ "; 44 | Dwarf_lines.pp ppf debug.lines; 45 | Format.pp_close_box ppf () 46 | 47 | let run () = 48 | if Kernel_options.ExecFile.is_set () 49 | && Dwarf_options.is_enabled () then 50 | Dwarf_options.Logger.result "@\n%a" pp 51 | (load (Kernel_functions.get_img ())) 52 | 53 | let _ = 54 | Cli.Boot.enlist ~name:"g" ~f:run 55 | -------------------------------------------------------------------------------- /src/sse/sse_symbolic.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | (** Symbolic state *) 23 | 24 | module State : sig 25 | type t 26 | 27 | val initializations : t -> int Bitvector.Collection.Map.t 28 | 29 | val create : unit -> t 30 | 31 | val assign : ?wild:bool -> string -> Formula.sort -> Formula.term -> t -> t 32 | val declare : ?wild:bool -> string -> Formula.sort -> t -> t 33 | 34 | val constrain : Formula.bl_term -> t -> t 35 | (** [constrain c s] adds constraint [c] to state [s] *) 36 | 37 | val comment : string -> t -> t 38 | (** [comment cmt s] *) 39 | 40 | val formula : t -> Formula.formula 41 | 42 | val memory_term : Formula.ax_term -> string * Formula.sort * Formula.term 43 | 44 | val get_memory : t -> Formula.ax_term 45 | 46 | val get_bv : string -> Size.Bit.t -> t -> Formula.bv_term 47 | 48 | val init_mem_at : addr:Bitvector.t -> size:int -> t -> t 49 | 50 | val uncontrolled : t -> Formula.VarSet.t 51 | 52 | val pp : Format.formatter -> t -> unit 53 | 54 | (* Do not use *) 55 | val add_entry : Formula.entry -> t -> unit 56 | 57 | (* Do not use *) 58 | val sync : t -> t 59 | end 60 | -------------------------------------------------------------------------------- /src/dwarf/dwarf_frame.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | type rule = Undef | Same | Value of Dba.Expr.t 23 | 24 | type entry 25 | 26 | val addresses : entry -> int Interval.t 27 | (** [address entry] return the address range of the entry *) 28 | 29 | val cfa : entry -> Dba.Expr.t 30 | (** [cfa entry] return the canonical frame address of the entry *) 31 | 32 | val rule : int -> entry -> rule 33 | (** [rule n entry] return the rule of the n'th column of the entry *) 34 | 35 | type t 36 | 37 | val load : Loader.Img.t -> t 38 | (** [load img] extract and interpret the content 39 | of either .debug_frame or .eh_frame section *) 40 | 41 | val fold : 42 | ('a -> return_address:int -> columns:int array -> entry -> 'a) -> 43 | 'a -> t -> 'a 44 | (** [fold f frame] iterate through the frame matrix 45 | columns is the list of valid column indexes of the given entry 46 | return_address is the column index of the return address of the function *) 47 | 48 | val iter : 49 | (return_address:int -> columns:int array -> entry -> unit) -> 50 | t -> unit 51 | (** [iter frame] same as fold but without return *) 52 | 53 | include Sigs.PRINTABLE with type t := t 54 | -------------------------------------------------------------------------------- /src/base/hashamt.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | (** Implementation of Hash-Array Mapped Tries *) 23 | 24 | (** HAMT is a very efficient persistent data structures for dictionaries *) 25 | 26 | module type S = sig 27 | type key 28 | type 'a t 29 | 30 | val empty : 'a t 31 | 32 | val is_empty : 'a t -> bool 33 | 34 | val singleton : key -> 'a -> 'a t 35 | 36 | val add : key -> 'a -> 'a t -> 'a t 37 | 38 | val remove : key -> 'a t -> 'a t 39 | 40 | val mem : key -> 'a t -> bool 41 | 42 | val find : key -> 'a t -> 'a 43 | 44 | val union : (key -> 'a -> 'a -> 'a option) -> 'a t -> 'a t -> 'a t 45 | 46 | val join : (key -> 'a -> 'a -> 'a option) -> 'a t -> 'a t -> 'a t 47 | 48 | val fold : (key -> 'a -> 'b -> 'b) -> 'a t -> 'b -> 'b 49 | 50 | val iter : (key -> 'a -> unit) -> 'a t -> unit 51 | 52 | val map : ('a -> 'b) -> 'a t -> 'b t 53 | 54 | val mapi : (key -> 'a -> 'b) -> 'a t -> 'b t 55 | 56 | val cardinal : 'a t -> int 57 | 58 | val bindings : 'a t -> (key * 'a) list 59 | end 60 | 61 | 62 | module Make(H : Hashtbl.HashedType) : S with type key = H.t 63 | -------------------------------------------------------------------------------- /src/kernel/kernel_core.ml: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | open Kernel_options 23 | 24 | let _ = 25 | let len = Array.length Sys.argv in 26 | let rec loop i = 27 | if i < len then 28 | if Sys.argv.(i) = "-config" then 29 | let config_filename = Sys.argv.(i + 1) in 30 | Kernel_options.Config_file.set config_filename 31 | else loop (i + 1) 32 | in loop 0 33 | 34 | let read_configuration_file () = 35 | match Kernel_options.Config_file.get_opt () with 36 | | None -> () (* Maybe_TODO : Use default file ? *) 37 | | Some filename -> 38 | ignore @@ Cli.parse_configuration_file ~filename 39 | 40 | 41 | let binary_descr () = 42 | if Describe_binary.get () && ExecFile.is_set () then 43 | Logger.result "@\n%a" 44 | Kernel_functions.Loader.pp_loader_summary (ExecFile.get ()) 45 | 46 | let version () = 47 | if Version.get () then begin 48 | Logger.set_log_level "result"; 49 | Format.printf "Binsec version %%VERSION%%"; 50 | exit 0 51 | end 52 | ;; 53 | 54 | let _ = 55 | Cli.Boot.enlist ~name:"binary description" ~f:binary_descr; 56 | Cli.Boot.enlist ~name:"version description" ~f:version; 57 | ;; 58 | -------------------------------------------------------------------------------- /src/dwarf/dwarf_lines.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | type entry = 23 | { addresses: int Interval.t; path: string; line: int; column: int; 24 | is_stmt: bool; basic_block: bool; discriminator: int } 25 | (** represent one or more rows of the addresse / line matrix 26 | [addresses] the range of virtual addresses of the entry 27 | [path] the path of the processed file 28 | [line] the line of the source (starting from 1) 29 | [column] the column (non reliable, old compilers do not produce it) 30 | [is_stmt] if the entry correspond to a statement in the source 31 | [basic_block] if the entry is the start of a basic block 32 | [discriminator] an integer identifying the block to which the entry belong 33 | *) 34 | 35 | type t 36 | 37 | val load : Loader.Img.t -> t 38 | (** [load img] extract and interpret the content of .debug_line section *) 39 | 40 | val fold : ('a -> entry -> 'a) -> 'a -> t -> 'a 41 | (** [fold f line] iterate through the line matrix *) 42 | 43 | val iter : (entry -> unit) -> t -> unit 44 | (** [iter f line] same as fold but without return *) 45 | 46 | include Sigs.PRINTABLE with type t := t 47 | -------------------------------------------------------------------------------- /src/base/virtual_address.ml: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | module V_comparable = struct 23 | type t = int 24 | let compare = Pervasives.compare 25 | let equal x y = compare x y = 0 26 | let hash x = x 27 | end 28 | 29 | let equal = V_comparable.equal 30 | include Basic_types.Collection_make.Hashed(V_comparable) 31 | 32 | let create n = n 33 | let to_int n = n 34 | 35 | let to_int64 = Int64.of_int 36 | 37 | let of_int64 n64 = 38 | assert(Basic_types.Int64.is_int_int64 n64); 39 | Int64.to_int n64 40 | 41 | let of_bigint b = 42 | assert (Bigint.is_int_big_int b); 43 | Bigint.int_of_big_int b 44 | 45 | let of_string s = create @@ int_of_string s 46 | 47 | let to_bigint = Bigint.big_int_of_int 48 | 49 | let of_bitvector bv = Bitvector.value_of bv |> of_bigint 50 | 51 | let add_int n t = create (t + n) 52 | 53 | let succ = add_int 1 54 | let pred t = 55 | assert (t > 0); 56 | add_int (-1) t 57 | 58 | let pp ppf = Format.fprintf ppf "%08x" 59 | 60 | let pp_set ppf vs = 61 | let open Format in 62 | pp_open_hovbox ppf 0; 63 | pp_print_string ppf "{"; 64 | Set.iter (fun v -> fprintf ppf "%a;@ " pp v) vs; 65 | pp_print_string ppf "}"; 66 | pp_close_box ppf (); 67 | -------------------------------------------------------------------------------- /src/kernel/kernel_functions.ml: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | module KO = Kernel_options 23 | 24 | let get_ep () = 25 | match KO.Entry_point.get_opt () with 26 | | None -> None 27 | | Some s -> 28 | match KO.ExecFile.get () with 29 | | "" -> None 30 | | filename -> 31 | let bloc = Loader_utils.Binary_loc.of_string s in 32 | Loader_utils.Binary_loc.to_virtual_address_from_file ~filename bloc 33 | 34 | let get_img = 35 | let img = ref None in 36 | fun () -> 37 | (match !img with 38 | | None -> 39 | (match KO.ExecFile.get_opt () with 40 | | None -> 41 | let msg = "Cannot get image since you have not set any binary file" in 42 | failwith msg 43 | | Some f -> 44 | let i = Loader.load_file f in 45 | img := Some i; 46 | i 47 | ) 48 | | Some i -> i 49 | ) 50 | 51 | 52 | module Loader = struct 53 | 54 | let set_arch img = 55 | let isa = Loader.Img.arch img in 56 | KO.Machine.set isa 57 | 58 | let set_arch_from_file ~filename = 59 | Loader.load_file filename |> set_arch 60 | 61 | let pp_loader_summary ppf file = 62 | Loader.(Img.pp ppf (load_file file)) 63 | 64 | end 65 | -------------------------------------------------------------------------------- /src/kernel/kernel_options.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | module Logger : Logger.S 23 | 24 | (** General command-line options (globals vars) *) 25 | 26 | module ExecFile : Cli.STRING_OPT 27 | (** Executable file (or unnamed argument) *) 28 | 29 | module Config_file : Cli.STRING_OPT 30 | (** User-provided configuration file *) 31 | 32 | module Machine : sig 33 | include Cli.GENERIC with type t := Machine.t 34 | val isa : unit -> Machine.isa 35 | val endianness : unit -> Machine.endianness 36 | val bits : unit -> Machine.bitwidth 37 | val word_size : unit -> int 38 | val stack_register : unit -> string 39 | include Sigs.PRINTABLE with type t := unit 40 | end 41 | 42 | (** Use external decoder 43 | This is for example needed for arm support. 44 | *) 45 | module Decoder : Cli.STRING 46 | 47 | (** {2 Static disassembly / Analysis } *) 48 | 49 | module Dba_file : Cli.STRING_OPT 50 | 51 | module Dba_config : Cli.STRING_OPT 52 | 53 | (** DBA start address *) 54 | 55 | module Entry_point : Cli.STRING_OPT 56 | 57 | module Describe_binary: Cli.BOOLEAN 58 | 59 | (** {2 Tests} *) 60 | 61 | (** {b Experimental purposes only} *) 62 | module Experimental : Cli.BOOLEAN 63 | 64 | 65 | module Version : Cli.BOOLEAN 66 | -------------------------------------------------------------------------------- /src/disasm/x86/predba.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | (** First IL before producing DBA *) 23 | 24 | type 'a t = private 25 | | Assign of Dba.LValue.t * Dba.Expr.t 26 | | SJump of 'a Dba.jump_target * Dba.tag option 27 | | DJump of Dba.Expr.t * Dba.tag option 28 | | Assert of Dba.Expr.t 29 | | If of Dba.Expr.t * 'a Dba.jump_target 30 | | Undef of Dba.LValue.t 31 | | Nondet of Dba.LValue.t * Dba.region 32 | | Stop of Dba.state 33 | | Serialize of Dba.serialize_type 34 | 35 | val assign : Dba.LValue.t -> Dba.Expr.t -> 'a t 36 | val (<<-) : Dba.LValue.t -> Dba.Expr.t -> 'a t 37 | 38 | val static_jump : ?tag:Dba.tag -> 'a Dba.jump_target -> 'a t 39 | 40 | val dynamic_jump : ?tag:Dba.tag -> Dba.Expr.t -> 'a t 41 | 42 | val dynamic_assert : Dba.Expr.t -> 'a t 43 | 44 | val conditional_jump : Dba.Expr.t -> 'a Dba.jump_target -> 'a t 45 | 46 | val undefined : Dba.LValue.t -> 'a t 47 | 48 | val non_deterministic : Dba.LValue.t -> Dba.region -> 'a t 49 | 50 | val serialize : Dba.serialize_type -> 'a t 51 | 52 | val stop : Dba.state -> 'a t 53 | 54 | val blockify : Dba.address -> Dba.id t list -> Dhunk.t 55 | (** [blockify next_addr predbas] 56 | @return a full DBA block considering it continues to [next_addr] 57 | *) 58 | -------------------------------------------------------------------------------- /src/ida/ida.ml: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | open Ida_options 23 | 24 | module IO = Ida_options 25 | module ICG = Ida_cg 26 | module IC = Ida_cfg.C 27 | module IG = Ida_cfg.G 28 | 29 | let callgraph_dot_file = "callgraph.dot" 30 | 31 | let parse_cg () = 32 | let time, cg = 33 | Utils.time 34 | (fun () -> 35 | let cg_file = Filename.concat (Sys.getcwd ()) callgraph_dot_file in 36 | ICG.Parse.build_cg ~cg_file) in 37 | Logger.result "Parsing CG #nodes: %d, #edges: %d, time: %.2f (s)" 38 | (ICG.nb_vertex cg) (ICG.nb_edges cg) time; 39 | cg 40 | ;; 41 | 42 | 43 | (* Produces dot files *) 44 | let parse_cfg ~simple ~ida_file = 45 | let time, (g, cfg) = 46 | Utils.time (fun () -> 47 | let g = Ida_cfg.do_cfg ~simple ~ida_file in 48 | g, IG.graph g) in 49 | Logger.result "Parsing CFG #nodes: %d, #edges: %d, time: %.2f (s)" 50 | (IC.nb_vertex cfg) (IC.nb_edges cfg) time; 51 | g 52 | ;; 53 | 54 | let run () = 55 | if IO.is_enabled () then 56 | let simple = IO.IdaSimpleCfg.get () in 57 | let ida_file = IO.IdaOutputFile.get () in 58 | ignore @@ parse_cg (); 59 | ignore @@ parse_cfg ~simple ~ida_file; 60 | ;; 61 | 62 | let _ = 63 | Cli.Boot.enlist ~name:"IDA + disassembly" ~f:run; 64 | ;; 65 | -------------------------------------------------------------------------------- /src/sse/sse_smt.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | module Query_stats : sig 23 | val pp : Format.formatter -> unit -> unit 24 | end 25 | 26 | module Solver : sig 27 | val with_solver : 28 | ?keep:Formula.VarSet.t -> 29 | Sse_types.Path_state.t -> (Solver.Session.t -> 'a) -> (float * 'a) option 30 | 31 | val check_satistifiability : 32 | Sse_types.Path_state.t -> Formula.status * Sse_types.Path_state.t 33 | 34 | val get_model : Sse_types.Path_state.t -> Smt_model.t option 35 | 36 | val enumerate_values : 37 | int -> Formula.bv_term -> Sse_types.Path_state.t 38 | -> Bitvector.t list * Sse_types.Path_state.t 39 | end 40 | 41 | module Translate : sig 42 | val expr : Sse_symbolic.State.t -> Dba.Expr.t -> Formula.bv_term 43 | 44 | val assign : 45 | ?wild:bool -> 46 | Dba.LValue.t -> Dba.Expr.t -> Sse_symbolic.State.t -> Sse_symbolic.State.t 47 | 48 | val assignment : 49 | ?wild:bool -> 50 | Dba.LValue.t -> Dba.Expr.t -> Sse_types.Path_state.t -> Sse_types.Path_state.t 51 | 52 | val nondet: 53 | ?naming_hint:string -> 54 | ?wild:bool -> 55 | Dba.LValue.t -> Sse_types.Path_state.t -> Sse_types.Path_state.t 56 | 57 | val assume: 58 | Dba.Expr.t -> Sse_types.Path_state.t -> Sse_types.Path_state.t 59 | end 60 | -------------------------------------------------------------------------------- /src/utils/colors.ml: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | open Format 23 | 24 | type color = int 25 | 26 | let rgb r g b = 27 | ((r land 255) lsl 16) lor 28 | ((g land 255) lsl 8) lor 29 | (b land 255) 30 | 31 | let pp_with_prefix prefix ppf color = 32 | fprintf ppf "%s%06x" prefix color 33 | 34 | let pp ppf color = pp_with_prefix "#" ppf color 35 | 36 | module FlatUI = struct 37 | 38 | (* See https://www.materialui.co/flatuicolors *) 39 | let turquoise = rgb 26 188 156 40 | let greensea = rgb 22 160 133 41 | let emerland = rgb 46 204 113 42 | let nephritis = rgb 39 174 96 43 | let peterriver = rgb 52 152 219 44 | let belizehole = rgb 41 128 185 45 | let amethyst = rgb 155 89 182 46 | let wisteria = rgb 142 68 173 47 | let wetasphalt = rgb 52 73 94 48 | let midnightblue = rgb 44 62 80 49 | let sunflower = rgb 241 196 15 50 | and orange = rgb 243 156 18 51 | and carrot = rgb 230 126 34 52 | and pumpkin = rgb 211 84 0 53 | and alizarin = rgb 231 76 60 54 | and pomegranate = rgb 192 57 43 55 | and clouds = rgb 236 240 241 56 | and silver = rgb 189 195 199 57 | and concrete = rgb 149 165 166 58 | and asbestos = rgb 127 140 141 59 | 60 | end 61 | -------------------------------------------------------------------------------- /src/base/machine.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | (** Abstract description of machines *) 23 | 24 | (** Abstract representation of hardware architecture *) 25 | 26 | type bitwidth = [ `x16 | `x32 | `x64 | `x128 ] 27 | 28 | type endianness = 29 | | LittleEndian 30 | | BigEndian 31 | 32 | type isa = private 33 | | Unknown 34 | | ARM of { rev: [ `v7 ]; endianness: endianness } 35 | | RISCV of { bits: [ `x32 | `x64 | `x128 ] } 36 | | X86 of { bits: [ `x16 | `x32 | `x64 ] } 37 | 38 | module ISA : sig 39 | include Sigs.PRINTABLE with type t = isa 40 | val endianness : t -> endianness 41 | val bits : t -> bitwidth 42 | val stack_register : t -> string 43 | val to_string : isa -> string 44 | end 45 | 46 | (** Word size of the machine in bits *) 47 | module Bitwidth : sig 48 | include Sigs.PRINTABLE with type t = bitwidth 49 | val bitsize : t -> Size.Bit.t 50 | val bytesize : t -> Size.Byte.t 51 | 52 | val pp_print_hex : t -> Format.formatter -> int -> unit 53 | end 54 | 55 | module Endianness : Sigs.PRINTABLE with type t = endianness 56 | 57 | type t = isa 58 | 59 | val amd64 : t 60 | val armv7 : endianness -> t 61 | val riscv : [ `x32 | `x64 | `x128 ] -> t 62 | val x86 : t 63 | val unknown : t 64 | 65 | include Sigs.PRINTABLE with type t := t 66 | 67 | -------------------------------------------------------------------------------- /src/formula/formula_transformation.mli: -------------------------------------------------------------------------------- 1 | (**************************************************************************) 2 | (* This file is part of BINSEC. *) 3 | (* *) 4 | (* Copyright (C) 2016-2019 *) 5 | (* CEA (Commissariat à l'énergie atomique et aux énergies *) 6 | (* alternatives) *) 7 | (* *) 8 | (* you can redistribute it and/or modify it under the terms of the GNU *) 9 | (* Lesser General Public License as published by the Free Software *) 10 | (* Foundation, version 2.1. *) 11 | (* *) 12 | (* It is distributed in the hope that it will be useful, *) 13 | (* but WITHOUT ANY WARRANTY; without even the implied warranty of *) 14 | (* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *) 15 | (* GNU Lesser General Public License for more details. *) 16 | (* *) 17 | (* See the GNU Lesser General Public License version 2.1 *) 18 | (* for more details (enclosed in the file licenses/LGPLv2.1). *) 19 | (* *) 20 | (**************************************************************************) 21 | 22 | open Formula 23 | 24 | val rename_bl_var : (string -> string) -> bl_var -> bl_var 25 | val rename_bv_var : (string -> string) -> bv_var -> bv_var 26 | val rename_ax_var : (string -> string) -> ax_var -> ax_var 27 | 28 | val rename_bl_term : (string -> string) -> bl_term -> bl_term 29 | val rename_bv_term : (string -> string) -> bv_term -> bv_term 30 | val rename_ax_term : (string -> string) -> ax_term -> ax_term 31 | 32 | val replace_bl_term : def -> bl_term -> bl_term 33 | val replace_bv_term : def -> bv_term -> bv_term 34 | val replace_ax_term : def -> ax_term -> ax_term 35 | 36 | val constant_propagation : ?keep:VarSet.t -> formula -> formula 37 | val prune_and_inline : ?keep:VarSet.t -> formula -> formula 38 | val read_over_write : ?lst:int -> ?rbs:bool -> ?itv:bool -> formula -> formula 39 | val static_single_assignment : formula -> formula 40 | 41 | val taint : (var -> bool) -> formula -> formula 42 | 43 | val optimize : 44 | ?keep:VarSet.t -> 45 | ?lst:int -> ?cst:bool -> ?itv:bool -> ?prn:bool -> ?rbs:bool -> ?row:bool -> 46 | ?ssa:bool -> 47 | ?is_controlled:(VarSet.elt -> bool) -> 48 | formula -> formula 49 | 50 | val optimize_from_options : 51 | ?keep:VarSet.t -> ?is_controlled:(VarSet.elt -> bool) -> formula -> formula 52 | --------------------------------------------------------------------------------