├── _tags.in ├── .gitmodules ├── src ├── bap_frontend.mli ├── bap_byteweight_main.mli ├── bap_mc.mli ├── baptop.ml ├── .merlin └── bap_mc.ml ├── tools ├── bapbundle.mli ├── ppx-bap ├── cat.mli ├── bap_config.ab ├── baptop ├── collect.ml ├── bapbuild.ml ├── ocp-indent-all.sh └── bapclean.sh ├── lib ├── bap_api │ ├── bap_api_attr.ml │ ├── bap_api_attr.mli │ ├── .merlin │ └── bap_api.ml ├── bap_llvm │ ├── llvm_disasm.hpp │ ├── llvm_error_or.h │ ├── llvm_coff_loader.cpp │ ├── llvm_coff_loader.h │ ├── llvm_elf_loader.cpp │ ├── llvm_elf_loader.h │ ├── llvm_error_or.cpp │ ├── llvm_loader_utils.h │ ├── llvm_macho_loader.h │ ├── llvm_pdb_loader.h │ ├── llvm_primitives.h │ ├── llvm_loader_utils.cpp │ ├── llvm_macho_loader.cpp │ ├── llvm_pdb_loader.cpp │ ├── bap_llvm_config.ml.ab │ ├── bap_llvm_loader.mli │ ├── llvm_disasm.h │ ├── llvm_stubs.c │ ├── bap_llvm_disasm.mli │ ├── llvm_loader_stubs.h │ ├── bap_llvm.ml │ ├── llvm_loader.h │ └── bap_llvm_disasm.ml ├── bap │ ├── bap_init_toplevel.mli │ └── .merlin ├── bitvec │ └── .merlin ├── graphlib │ ├── .merlin │ └── graphlib_regular.mli ├── bap_disasm │ ├── .merlin │ ├── bap_disasm_source_factory.mli │ ├── bap_disasm_linear_sweep.mli │ ├── bap_disasm_source_intf.ml │ ├── bap_insn_aliasing.ml │ ├── bap_disasm_stub_lifter.mli │ ├── bap_disasm_calls.mli │ ├── bap_disasm_reconstructor.mli │ ├── bap_disasm_types.ml │ ├── bap_disasm_source_factory.ml │ ├── bap_disasm_rooter.mli │ ├── bap_insn_kind.ml │ ├── bap_disasm_block.mli │ ├── bap_disasm_source.mli │ ├── bap_disasm_target_intf.ml │ └── bap_disasm_brancher.mli ├── bap_elf │ ├── .merlin │ ├── elf_internal_utils.mli │ ├── elf_parse.mli │ ├── bap_elf.ml │ ├── elf_internal_utils.ml │ └── elf_utils.mli ├── bap_primus │ ├── .merlin │ ├── bap_primus_exn.mli │ ├── bap_primus_exn.ml │ ├── bap_primus_lisp_word.mli │ ├── bap_primus_info.mli │ ├── bap_primus_main.mli │ ├── bap_primus_lisp_index.mli │ ├── bap_primus_lisp_parse.mli │ ├── bap_primus_analysis.ml │ ├── bap_primus_lisp_var.mli │ ├── bap_primus_lisp_index.ml │ ├── bap_primus_random.mli │ ├── bap_primus_analysis.mli │ ├── bap_primus_lisp_loc.mli │ ├── bap_primus_env.mli │ ├── bap_primus_machine.mli │ ├── bap_primus_state.mli │ ├── bap_primus_iterator.mli │ ├── bap_primus_lisp_attributes.mli │ └── bap_primus_pos.mli ├── bap_ida │ └── .merlin ├── bap_piqi │ ├── test │ │ └── .merlin │ ├── bil_piqi.mli │ └── bir_piqi.mli ├── bap_build │ └── .merlin ├── bap_ghidra │ ├── ghidra_disasm.hpp │ ├── bap_ghidra.mli │ ├── ghidra_disasm.h │ ├── bap_ghidra.ml │ └── ghidra_stubs.c ├── bap_traces │ ├── .merlin │ ├── bap_traces.ml │ ├── bap_trace_binprot.mli │ ├── bap_trace_traces.mli │ ├── bap_trace_id.mli │ ├── bap_trace_std.ml │ ├── bap_trace_traces.ml │ └── bap_trace_meta.mli ├── knowledge │ └── .merlin ├── bap_bundle │ └── bap_bundle_config.ml.ab ├── bap_plugins │ ├── bap_plugins_config.ml.ab │ └── .merlin ├── bap_main │ ├── bap_load_plugins.mli │ ├── .merlin │ ├── bap_main_log.mli │ └── bap_load_plugins.ml ├── bap_c │ ├── .merlin │ ├── .ocamlinit │ ├── bap_c_type_printer.mli │ ├── bap_c_parser.ml │ ├── bap_c_attr.mli │ ├── bap_c_parser.mli │ └── bap_c_term_attributes.mli ├── bap_core_theory │ ├── .merlin │ ├── bap_core_theory_empty.mli │ ├── bap_core_theory_basic.mli │ └── bap_core_theory_pass.mli ├── bap_elementary │ └── .merlin ├── arm │ ├── arm_helpers.mli │ ├── .merlin │ ├── ARM.ml │ ├── arm_branch.mli │ ├── arm_helpers.ml │ ├── arm_lifter.mli │ ├── arm_reg.mli │ ├── arm_cond.mli │ ├── arm_mov.mli │ ├── arm_op.mli │ ├── arm_mem.mli │ ├── arm_bit.mli │ ├── arm_mul.mli │ ├── arm_flags.mli │ ├── arm_reg.ml │ ├── arm_insn.mli │ ├── arm_op.ml │ └── arm_utils.mli ├── bap_sema │ ├── bap_sema_abi.mli │ ├── bap_sema_ssa.mli │ ├── bap_sema_free_vars.mli │ └── bap_sema_lift.mli ├── monads │ └── monads.ml ├── bap_types │ ├── .merlin │ ├── bap_core_theory_bil_parser.mli │ ├── bap_bil_optimizations.mli │ ├── bap_integer.mli │ ├── bap_ogre.mli │ ├── bap_bil_adt.mli │ ├── bap_int_conversions.mli │ ├── bap_context.mli │ ├── bap_tid_graph.mli │ ├── bap_ir_callgraph.mli │ ├── bap_bili.mli │ ├── bap_eval.mli │ ├── bap_biri.mli │ ├── bap_context.ml │ ├── bap_arch.mli │ ├── bap_type.mli │ ├── bap_expi.mli │ ├── bap_bil_pass.mli │ ├── bap_int_conversions.ml │ ├── bap_integer.ml │ ├── bap_monad_types.ml │ ├── bap_var.mli │ ├── bap_trie.mli │ ├── bap_toplevel.mli │ └── bap_type_error.mli ├── x86_cpu │ ├── x86_asm.ml │ ├── x86_asm_reg.mli │ ├── x86_llvm_env.mli │ └── x86_asm_reg.ml ├── bap_taint │ └── .merlin ├── bap_image │ ├── bap_fileutils.mli │ ├── bap_image_std.ml │ └── image_internal_std.ml ├── bitvec_sexp │ ├── bitvec_sexp.mli │ └── bitvec_sexp.ml ├── bap_strings │ └── bap_strings.ml ├── bap_riscv │ └── bap_riscv_target.mli ├── bap_dwarf │ └── bap_dwarf.ml ├── bitvec_binprot │ ├── bitvec_binprot.ml │ └── bitvec_binprot.mli ├── bap_abi │ └── bap_abi.ml ├── bap_systemz │ └── bap_systemz_target.mli ├── regular │ ├── regular_opaque.ml │ └── regular_data_types.ml └── microx │ └── microx.ml ├── plugins ├── llvm │ ├── llvm_main.mli │ └── .merlin ├── raw │ └── raw_main.mli ├── riscv │ ├── riscv_main.mli │ └── .merlin ├── thumb │ ├── thumb_main.mli │ ├── .merlin │ ├── thumb_bits.mli │ └── thumb_bits.ml ├── beagle │ ├── beagle_main.mli │ └── .merlin ├── cxxfilt │ ├── cxxfilt_main.mli │ └── cxxfilt_config.ml.ab ├── radare2 │ ├── radare2_main.mli │ └── .merlin ├── systemz │ ├── systemz_main.mli │ ├── .merlin │ └── systemz_lifter.mli ├── .merlin ├── bil │ ├── bil_float_tests.mli │ ├── bil_semantics.mli │ ├── Makefile │ ├── .merlin │ ├── bil_ir.mli │ └── bil_lifter.mli ├── disassemble │ ├── .merlin │ └── disassemble_main.mli ├── elf_loader │ └── elf_loader_main.mli ├── primus_systems │ ├── .merlin │ └── primus_systems_config.ml.ab ├── dependencies │ └── dependencies_main.mli ├── primus_limit │ ├── primus_limit_main.mli │ └── .merlin ├── primus_lisp │ ├── primus_lisp_main.mli │ ├── semantics │ │ ├── .gitignore │ │ └── dummy.lisp │ ├── site-lisp │ │ ├── char.lisp │ │ ├── floats.lisp │ │ ├── memory-allocator.lisp │ │ ├── libintl.lisp │ │ ├── posix.lisp │ │ ├── setjmp.lisp │ │ ├── limit-malloc.lisp │ │ ├── errno.lisp │ │ ├── locale.lisp │ │ └── unistd.lisp │ ├── primus_lisp_ieee754.mli │ ├── primus_lisp_primitives.mli │ ├── primus_lisp_config.ml.ab │ ├── primus_lisp_semantic_primitives.mli │ ├── .merlin │ ├── primus_lisp_io.mli │ ├── primus_lisp_documentation.mli │ └── lisp │ │ └── core.lisp ├── primus_taint │ ├── primus_taint_main.mli │ ├── primus_taint_policies.mli │ ├── .merlin │ └── lisp │ │ └── taint.lisp ├── taint │ └── .merlin ├── dump_symbols │ └── .merlin ├── glibc_runtime │ └── glibc_runtime_main.mli ├── piqi_printers │ ├── piqi_printers_main.mli │ └── .merlin ├── primus_approximation │ ├── approximation.mli │ ├── .merlin │ ├── Makefile │ └── lisp │ │ ├── math.lisp │ │ └── test.lisp ├── primus_random │ ├── primus_random_main.mli │ └── .merlin ├── read_symbols │ └── .merlin ├── recipe_command │ └── recipe_command_main.mli ├── emit_ida_script │ └── .merlin ├── propagate_taint │ ├── propagate_taint_main.mli │ └── .merlin ├── arm │ ├── arm_gnueabi.mli │ ├── .merlin │ └── semantics │ │ └── thumb-patterns.lisp ├── flatten │ └── .merlin ├── ghidra │ ├── .merlin │ ├── ghidra_main.mli │ └── ghidra_main.ml ├── mips │ ├── mips_abi.mli │ ├── mips_utils.mli │ ├── mips_utils.ml │ ├── mips_types.ml │ └── mips_model.mli ├── trace │ └── .merlin ├── demangle │ └── .merlin ├── map_terms │ └── .merlin ├── powerpc │ ├── powerpc_abi.mli │ ├── .merlin │ ├── powerpc_cpu.mli │ ├── powerpc_utils.mli │ └── powerpc_utils.ml ├── x86 │ ├── x86_mov.mli │ ├── x86_tools_imm.mli │ ├── x86_tools_vector.mli │ ├── x86_cdq.mli │ ├── x86_legacy_bil_lifter.mli │ ├── x86_btx.mli │ ├── x86_cmpxchg.mli │ ├── x86_tools_reg.mli │ ├── x86_tools_flags.mli │ ├── x86_legacy_bil.ml │ ├── x86_tools_mem.mli │ ├── x86_tools_prefix.mli │ ├── x86_tools.mli │ ├── x86_opcode_outs.ml │ ├── x86_opcode_ins.ml │ ├── x86_opcode_lods.ml │ ├── x86_opcode_movs.ml │ ├── x86_opcode_stos.ml │ ├── x86_opcode_scas.ml │ ├── x86_opcode_cmps.ml │ ├── x86_opcode_cdq.ml │ ├── x86_legacy_fp_lifter.mli │ ├── x86_lifter.mli │ ├── x86_disasm.mli │ ├── x86_tools_imm.ml │ ├── x86_abi.mli │ ├── x86_backend.mli │ ├── .merlin │ ├── x86_targets.mli │ ├── x86_tools_vector.ml │ ├── x86_legacy_bil_semantics.mli │ ├── x86_endbr.ml │ ├── x86_legacy_bil_var_temp.ml │ ├── x86_legacy_bil_var_temp.mli │ └── x86_targets.ml ├── api │ ├── api │ │ └── c │ │ │ ├── windows.h │ │ │ ├── gnu.h │ │ │ └── android.h │ └── .merlin ├── primus_x86 │ ├── .merlin │ └── primus_x86_loader.mli ├── analyze │ └── analyze_core_commands.mli ├── objdump │ ├── objdump_config.ml.ab │ └── .merlin ├── primus_exploring │ └── .merlin ├── primus_mark_visited │ └── .merlin ├── primus_promiscuous │ └── .merlin ├── primus_round_robin │ └── .merlin ├── primus_wandering │ └── .merlin ├── print │ └── .merlin ├── stub_resolver │ ├── .merlin │ ├── signatures │ │ └── powerpc.stubs │ ├── stub_resolver.mli │ └── run_stub_resolver_tests.ml ├── byteweight │ └── .merlin ├── optimization │ ├── .merlin │ └── optimization_data.mli ├── patterns │ ├── .merlin │ └── semantics │ │ └── pattern-actions.lisp ├── run │ └── .merlin ├── primus_print │ └── .merlin ├── strings │ └── .merlin ├── frontc_parser │ └── .merlin ├── ida │ ├── bap_ida_config.ml.ab │ ├── .merlin │ ├── bap_ida_service.mli │ └── bap_ida_info.mli ├── primus_symbolic_executor │ ├── .merlin │ └── lisp │ │ └── symbolic-stdlib.lisp ├── phoenix │ ├── .merlin │ ├── phoenix_dot.mli │ ├── phoenix_helpers.mli │ ├── phoenix_options.ml │ └── phoenix_root.mli ├── cache │ ├── .merlin │ ├── bap_cache_gc.mli │ ├── bap_cache.mli │ └── bap_cache_types.ml ├── constant_tracker │ ├── .merlin │ └── lisp │ │ ├── check-null-pointers.lisp │ │ └── check-hardcoded-values.lisp ├── primus_loader │ └── .merlin ├── primus_propagate_taint │ └── .merlin ├── relocatable │ └── .merlin ├── ssa │ └── ssa_main.ml └── abi │ └── abi_main.ml ├── lib_test ├── x86 │ ├── .merlin │ └── run_x86_tests.ml ├── bap_image │ ├── test_llvm_loader.mli │ ├── test_image.mli │ ├── test_memmap.mli │ └── test_table.mli ├── bap_sema │ └── test_ir.mli ├── bap_types │ ├── test_bili.mli │ ├── test_bytes.mli │ ├── test_bitvector.mli │ ├── test_graph.mli │ ├── test_optimizations.mli │ └── test_trie.mli ├── bap_disasm │ └── test_disasm.mli ├── bap_future │ ├── test_future.mli │ ├── test_future_std.mli │ ├── test_stream.mli │ ├── run_future_tests.ml │ └── test_future_std.ml ├── bap_project │ └── test_project.mli ├── bap_traces │ ├── test_traces.mli │ └── run_traces_tests.ml ├── powerpc │ └── .merlin ├── bap_dwarf │ ├── test_leb128.mli │ └── run_tests.ml └── .merlin ├── setup.ml.pre.in ├── oasis ├── llvm.tags.in ├── ida.files.ab.in ├── llvm.files.ab.in ├── cxxfilt.files.ab.in ├── main.files.ab.in ├── objdump.files.ab.in ├── bundle.files.ab.in ├── plugins.files.ab.in ├── common.files.ab.in ├── language ├── llvm.ocamlbuild.ml.in ├── common.tags.in ├── objdump.setup.ml.in ├── cxxfilt.setup.ml.in ├── bare ├── bitvec ├── relation ├── ogre ├── text-tags ├── microx ├── toplevel ├── bitvec-sexp ├── knowledge ├── bitvec-order ├── bitvec-binprot ├── elementary ├── raw ├── ssa ├── monads ├── frontend ├── recipe ├── strings ├── ida.setup.ml.in ├── warn-unused ├── byteweight-frontend ├── callsites ├── flatten ├── primus-machine ├── cxxfilt ├── primus-powerpc ├── emit-ida-script ├── plugins ├── report ├── run ├── main.setup.ml.in ├── primus-limit ├── primus-greedy ├── strings-library ├── dependencies ├── frontc-parser ├── primus-track-visited ├── primus-x86 ├── analyze ├── dump-symbols ├── primus-promiscuous ├── primus-region ├── common.omake ├── primus-wandering ├── specification ├── primus-print ├── trace ├── optimization ├── primus-loader ├── primus-mark-visited ├── propagate-taint ├── cache ├── primus-exploring ├── recipe-command ├── primus-dictionary ├── primus-round-robin ├── bil ├── common.ocamlbuild.ml.in ├── read-symbols ├── glibc-runtime ├── trivial-condition-form ├── main ├── callgraph-collator ├── primus-random ├── build ├── disassemble ├── primus-systems ├── constant-tracker ├── graphlib ├── primus-taint ├── primus-propagate-taint ├── print ├── bundle ├── primus-test ├── relocatable ├── piqi-printers.ocamlbuild.ml.in ├── radare2 ├── taint ├── patterns ├── demangle ├── objdump ├── abi ├── map-terms ├── c ├── mc ├── piqi-printers.setup.ml.in ├── thumb └── regular ├── doc └── Makefile ├── benchmarks ├── bench_image.mli ├── .merlin └── run_benchmarks.ml ├── OMakeroot ├── .github └── workflows │ ├── alpine.yml │ ├── fedora.yml │ ├── archlinux.yml │ ├── debian-testing.yml │ ├── ubuntu-bionic.yml │ └── check-the-style.yml ├── docker ├── fedora │ └── Dockerfile ├── alpine │ └── Dockerfile └── ubuntu │ └── xenial │ └── Dockerfile ├── .run_travis_tests.sh └── vagrant └── jessie64 └── Vagrantfile /_tags.in: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/bap_frontend.mli: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tools/bapbundle.mli: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /lib/bap_api/bap_api_attr.ml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /lib/bap_api/bap_api_attr.mli: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /lib/bap_llvm/llvm_disasm.hpp: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /lib/bap_llvm/llvm_error_or.h: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /plugins/llvm/llvm_main.mli: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /plugins/raw/raw_main.mli: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /plugins/riscv/riscv_main.mli: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /plugins/thumb/thumb_main.mli: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/bap_byteweight_main.mli: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /lib/bap/bap_init_toplevel.mli: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /lib/bap_llvm/llvm_coff_loader.cpp: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /lib/bap_llvm/llvm_coff_loader.h: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /lib/bap_llvm/llvm_elf_loader.cpp: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /lib/bap_llvm/llvm_elf_loader.h: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /lib/bap_llvm/llvm_error_or.cpp: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /lib/bap_llvm/llvm_loader_utils.h: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /lib/bap_llvm/llvm_macho_loader.h: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /lib/bap_llvm/llvm_pdb_loader.h: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /lib/bap_llvm/llvm_primitives.h: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /plugins/beagle/beagle_main.mli: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /plugins/cxxfilt/cxxfilt_main.mli: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /plugins/radare2/radare2_main.mli: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /plugins/systemz/systemz_main.mli: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /lib/bap_llvm/llvm_loader_utils.cpp: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /lib/bap_llvm/llvm_macho_loader.cpp: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /lib/bap_llvm/llvm_pdb_loader.cpp: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /plugins/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | PKG cmdliner -------------------------------------------------------------------------------- /plugins/bil/bil_float_tests.mli: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /plugins/disassemble/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | -------------------------------------------------------------------------------- /plugins/elf_loader/elf_loader_main.mli: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /plugins/primus_systems/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | -------------------------------------------------------------------------------- /lib/bitvec/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | PKG zarith 3 | -------------------------------------------------------------------------------- /lib/graphlib/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | PKG ocamlgraph -------------------------------------------------------------------------------- /plugins/dependencies/dependencies_main.mli: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /plugins/primus_limit/primus_limit_main.mli: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /plugins/primus_lisp/primus_lisp_main.mli: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /plugins/primus_lisp/semantics/.gitignore: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /plugins/primus_taint/primus_taint_main.mli: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /plugins/taint/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | PKG cmdliner -------------------------------------------------------------------------------- /lib/bap_disasm/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | PKG zarith 3 | -------------------------------------------------------------------------------- /lib/bap_elf/.merlin: -------------------------------------------------------------------------------- 1 | PKG bitstring 2 | REC 3 | -------------------------------------------------------------------------------- /lib/bap_primus/.merlin: -------------------------------------------------------------------------------- 1 | PKG zarith 2 | REC 3 | -------------------------------------------------------------------------------- /lib_test/x86/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | PKG bap-x86-cpu 3 | -------------------------------------------------------------------------------- /plugins/dump_symbols/.merlin: -------------------------------------------------------------------------------- 1 | PKG cmdliner 2 | REC -------------------------------------------------------------------------------- /plugins/glibc_runtime/glibc_runtime_main.mli: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /plugins/piqi_printers/piqi_printers_main.mli: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /plugins/primus_approximation/approximation.mli: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /plugins/primus_random/primus_random_main.mli: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /plugins/read_symbols/.merlin: -------------------------------------------------------------------------------- 1 | PKG cmdliner 2 | REC -------------------------------------------------------------------------------- /plugins/recipe_command/recipe_command_main.mli: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /setup.ml.pre.in: -------------------------------------------------------------------------------- 1 | module Pervasives = Stdlib 2 | -------------------------------------------------------------------------------- /src/bap_mc.mli: -------------------------------------------------------------------------------- 1 | (* bap-mc disassembler *) 2 | -------------------------------------------------------------------------------- /lib/bap_api/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | B ../../_build/lib/bap_api -------------------------------------------------------------------------------- /lib/bap_ida/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | B ../../_build/lib/bap_ida -------------------------------------------------------------------------------- /lib/bap_piqi/test/.merlin: -------------------------------------------------------------------------------- 1 | S . 2 | PKG oUnit 3 | REC -------------------------------------------------------------------------------- /plugins/emit_ida_script/.merlin: -------------------------------------------------------------------------------- 1 | PKG cmdliner 2 | REC -------------------------------------------------------------------------------- /plugins/primus_random/.merlin: -------------------------------------------------------------------------------- 1 | PKG zarith 2 | REC 3 | -------------------------------------------------------------------------------- /plugins/propagate_taint/propagate_taint_main.mli: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /plugins/thumb/.merlin: -------------------------------------------------------------------------------- 1 | B ../../lib/arm 2 | REC 3 | -------------------------------------------------------------------------------- /tools/ppx-bap: -------------------------------------------------------------------------------- 1 | ppx-jane -as-ppx -inline-test-lib bap $@ -------------------------------------------------------------------------------- /oasis/llvm.tags.in: -------------------------------------------------------------------------------- 1 | : use_libllvm -------------------------------------------------------------------------------- /plugins/arm/arm_gnueabi.mli: -------------------------------------------------------------------------------- 1 | val setup : unit -> unit 2 | -------------------------------------------------------------------------------- /plugins/flatten/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | 3 | B ../../_build 4 | -------------------------------------------------------------------------------- /plugins/ghidra/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | B ../../lib/bap_ghidra 3 | -------------------------------------------------------------------------------- /plugins/ghidra/ghidra_main.mli: -------------------------------------------------------------------------------- 1 | (* a private module *) 2 | -------------------------------------------------------------------------------- /plugins/mips/mips_abi.mli: -------------------------------------------------------------------------------- 1 | val setup : unit -> unit 2 | -------------------------------------------------------------------------------- /plugins/piqi_printers/.merlin: -------------------------------------------------------------------------------- 1 | PKG bap-piqi 2 | REC 3 | -------------------------------------------------------------------------------- /plugins/riscv/.merlin: -------------------------------------------------------------------------------- 1 | B ../../lib/bap_riscv 2 | REC 3 | -------------------------------------------------------------------------------- /plugins/trace/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | B ../../_build/lib/bap_traces -------------------------------------------------------------------------------- /lib/bap_build/.merlin: -------------------------------------------------------------------------------- 1 | PKG ocamlbuild 2 | PKG findlib 3 | REC -------------------------------------------------------------------------------- /lib/bap_ghidra/ghidra_disasm.hpp: -------------------------------------------------------------------------------- 1 | #include "ghidra_disasm.h" 2 | -------------------------------------------------------------------------------- /lib/bap_llvm/bap_llvm_config.ml.ab: -------------------------------------------------------------------------------- 1 | let version = "$llvm_version" -------------------------------------------------------------------------------- /lib/bap_traces/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | B ../../_build/lib/bap_traces -------------------------------------------------------------------------------- /lib/knowledge/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | B ../../_build/lib/knowledge 3 | -------------------------------------------------------------------------------- /plugins/demangle/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | B ../../_build/lib/bap_demangle -------------------------------------------------------------------------------- /plugins/disassemble/disassemble_main.mli: -------------------------------------------------------------------------------- 1 | (* bap frontend *) 2 | -------------------------------------------------------------------------------- /plugins/map_terms/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | B ../../_build/lib/bap_bml -------------------------------------------------------------------------------- /plugins/powerpc/powerpc_abi.mli: -------------------------------------------------------------------------------- 1 | val setup : unit -> unit 2 | -------------------------------------------------------------------------------- /plugins/primus_lisp/site-lisp/char.lisp: -------------------------------------------------------------------------------- 1 | (in-package posix) 2 | -------------------------------------------------------------------------------- /plugins/systemz/.merlin: -------------------------------------------------------------------------------- 1 | B ../../lib/bap_systemz 2 | REC 3 | -------------------------------------------------------------------------------- /plugins/systemz/systemz_lifter.mli: -------------------------------------------------------------------------------- 1 | val load : unit -> unit 2 | -------------------------------------------------------------------------------- /plugins/x86/x86_mov.mli: -------------------------------------------------------------------------------- 1 | (** MOV instruction lifter *) 2 | 3 | -------------------------------------------------------------------------------- /plugins/x86/x86_tools_imm.mli: -------------------------------------------------------------------------------- 1 | include X86_tools_types.IM 2 | -------------------------------------------------------------------------------- /plugins/x86/x86_tools_vector.mli: -------------------------------------------------------------------------------- 1 | include X86_tools_types.IV 2 | -------------------------------------------------------------------------------- /lib_test/bap_image/test_llvm_loader.mli: -------------------------------------------------------------------------------- 1 | val suite : OUnit2.test 2 | -------------------------------------------------------------------------------- /lib_test/bap_sema/test_ir.mli: -------------------------------------------------------------------------------- 1 | val suite : unit -> OUnit2.test 2 | -------------------------------------------------------------------------------- /lib_test/bap_types/test_bili.mli: -------------------------------------------------------------------------------- 1 | val suite : unit -> OUnit2.test 2 | -------------------------------------------------------------------------------- /lib_test/bap_types/test_bytes.mli: -------------------------------------------------------------------------------- 1 | 2 | val suite : OUnit2.test 3 | -------------------------------------------------------------------------------- /oasis/ida.files.ab.in: -------------------------------------------------------------------------------- 1 | , plugins/ida/bap_ida_config.ml.ab 2 | -------------------------------------------------------------------------------- /oasis/llvm.files.ab.in: -------------------------------------------------------------------------------- 1 | , lib/bap_llvm/bap_llvm_config.ml.ab -------------------------------------------------------------------------------- /plugins/api/api/c/windows.h: -------------------------------------------------------------------------------- 1 | void __security_init_cookie(void); 2 | -------------------------------------------------------------------------------- /plugins/powerpc/.merlin: -------------------------------------------------------------------------------- 1 | B ../../_build/plugins/powerpc 2 | REC 3 | -------------------------------------------------------------------------------- /plugins/primus_x86/.merlin: -------------------------------------------------------------------------------- 1 | PKG bap-x86-cpu 2 | PKG bap-primus 3 | -------------------------------------------------------------------------------- /plugins/x86/x86_cdq.mli: -------------------------------------------------------------------------------- 1 | (* CDQ, CDQE, CQO, CWD, CWDE, CBW lifter *) -------------------------------------------------------------------------------- /plugins/x86/x86_legacy_bil_lifter.mli: -------------------------------------------------------------------------------- 1 | val init : unit -> unit 2 | -------------------------------------------------------------------------------- /lib/bap_bundle/bap_bundle_config.ml.ab: -------------------------------------------------------------------------------- 1 | let plugindir = "$plugindir" 2 | -------------------------------------------------------------------------------- /lib/bap_plugins/bap_plugins_config.ml.ab: -------------------------------------------------------------------------------- 1 | let plugindir = "$plugindir" 2 | -------------------------------------------------------------------------------- /lib_test/bap_disasm/test_disasm.mli: -------------------------------------------------------------------------------- 1 | val suite : unit -> OUnit2.test 2 | -------------------------------------------------------------------------------- /lib_test/bap_future/test_future.mli: -------------------------------------------------------------------------------- 1 | 2 | 3 | val suite : OUnit2.test 4 | -------------------------------------------------------------------------------- /lib_test/bap_future/test_future_std.mli: -------------------------------------------------------------------------------- 1 | 2 | val suite : OUnit2.test 3 | -------------------------------------------------------------------------------- /lib_test/bap_future/test_stream.mli: -------------------------------------------------------------------------------- 1 | 2 | 3 | val suite : OUnit2.test 4 | -------------------------------------------------------------------------------- /lib_test/bap_image/test_image.mli: -------------------------------------------------------------------------------- 1 | val suite : unit -> OUnit2.test 2 | -------------------------------------------------------------------------------- /lib_test/bap_image/test_memmap.mli: -------------------------------------------------------------------------------- 1 | val suite : unit -> OUnit2.test 2 | -------------------------------------------------------------------------------- /lib_test/bap_image/test_table.mli: -------------------------------------------------------------------------------- 1 | val suite : unit -> OUnit2.test 2 | -------------------------------------------------------------------------------- /lib_test/bap_project/test_project.mli: -------------------------------------------------------------------------------- 1 | val suite : unit -> OUnit2.test 2 | -------------------------------------------------------------------------------- /lib_test/bap_traces/test_traces.mli: -------------------------------------------------------------------------------- 1 | val suite : unit -> OUnit2.test 2 | -------------------------------------------------------------------------------- /lib_test/bap_types/test_bitvector.mli: -------------------------------------------------------------------------------- 1 | val suite : unit -> OUnit2.test 2 | -------------------------------------------------------------------------------- /lib_test/bap_types/test_graph.mli: -------------------------------------------------------------------------------- 1 | val suite : unit -> OUnit2.test 2 | -------------------------------------------------------------------------------- /oasis/cxxfilt.files.ab.in: -------------------------------------------------------------------------------- 1 | , plugins/cxxfilt/cxxfilt_config.ml.ab -------------------------------------------------------------------------------- /oasis/main.files.ab.in: -------------------------------------------------------------------------------- 1 | , lib/bap_main/bap_main_config.ml.ab 2 | -------------------------------------------------------------------------------- /oasis/objdump.files.ab.in: -------------------------------------------------------------------------------- 1 | , plugins/objdump/objdump_config.ml.ab -------------------------------------------------------------------------------- /plugins/analyze/analyze_core_commands.mli: -------------------------------------------------------------------------------- 1 | val register : unit -> unit 2 | -------------------------------------------------------------------------------- /plugins/cxxfilt/cxxfilt_config.ml.ab: -------------------------------------------------------------------------------- 1 | let cxxfilts = $cxxfilt_paths 2 | -------------------------------------------------------------------------------- /plugins/objdump/objdump_config.ml.ab: -------------------------------------------------------------------------------- 1 | let objdumps = $objdump_paths 2 | -------------------------------------------------------------------------------- /plugins/primus_limit/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | B ../../_build/lib/bap_primus 3 | -------------------------------------------------------------------------------- /plugins/primus_lisp/primus_lisp_ieee754.mli: -------------------------------------------------------------------------------- 1 | val init : unit -> unit 2 | -------------------------------------------------------------------------------- /plugins/x86/x86_btx.mli: -------------------------------------------------------------------------------- 1 | (* BT, BTC, BTR, BTS instructions lifter *) 2 | -------------------------------------------------------------------------------- /plugins/x86/x86_cmpxchg.mli: -------------------------------------------------------------------------------- 1 | (** CMPXCHG instruction lifter *) 2 | 3 | -------------------------------------------------------------------------------- /lib/bap_main/bap_load_plugins.mli: -------------------------------------------------------------------------------- 1 | (* autoloads plugins into toplevel *) 2 | -------------------------------------------------------------------------------- /lib_test/bap_types/test_optimizations.mli: -------------------------------------------------------------------------------- 1 | val suite : unit -> OUnit2.test 2 | -------------------------------------------------------------------------------- /lib_test/bap_types/test_trie.mli: -------------------------------------------------------------------------------- 1 | open OUnit2 2 | val suite : unit -> test 3 | -------------------------------------------------------------------------------- /lib_test/powerpc/.merlin: -------------------------------------------------------------------------------- 1 | S . 2 | B ../../_build/lib_test/powerpc 3 | REC 4 | -------------------------------------------------------------------------------- /oasis/bundle.files.ab.in: -------------------------------------------------------------------------------- 1 | , lib/bap_bundle/bap_bundle_config.ml.ab 2 | -------------------------------------------------------------------------------- /plugins/primus_exploring/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | B ../../_build/lib/bap_primus 3 | -------------------------------------------------------------------------------- /plugins/primus_lisp/primus_lisp_primitives.mli: -------------------------------------------------------------------------------- 1 | val init : unit -> unit 2 | -------------------------------------------------------------------------------- /plugins/primus_lisp/site-lisp/floats.lisp: -------------------------------------------------------------------------------- 1 | (require llvm-x86-64-floats) 2 | -------------------------------------------------------------------------------- /plugins/primus_mark_visited/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | B ../../_build/lib/bap_primus 3 | -------------------------------------------------------------------------------- /plugins/primus_promiscuous/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | B ../../_build/lib/bap_primus 3 | -------------------------------------------------------------------------------- /plugins/primus_round_robin/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | B ../../_build/lib/bap_primus 3 | -------------------------------------------------------------------------------- /plugins/primus_taint/primus_taint_policies.mli: -------------------------------------------------------------------------------- 1 | val init : unit -> unit 2 | -------------------------------------------------------------------------------- /plugins/primus_wandering/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | B ../../_build/lib/bap_primus 3 | -------------------------------------------------------------------------------- /doc/Makefile: -------------------------------------------------------------------------------- 1 | .PHONY: doc 2 | 3 | 4 | doc: 5 | ../bapdoc.native 2>bapdoc.log 6 | -------------------------------------------------------------------------------- /lib/bap_c/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | B ../../_build/lib/bap_c 3 | B ../../_build/lib/bap_api -------------------------------------------------------------------------------- /oasis/plugins.files.ab.in: -------------------------------------------------------------------------------- 1 | , lib/bap_plugins/bap_plugins_config.ml.ab 2 | -------------------------------------------------------------------------------- /plugins/print/.merlin: -------------------------------------------------------------------------------- 1 | PKG cmdliner 2 | 3 | B ../../_build/lib/bap_demangle 4 | REC -------------------------------------------------------------------------------- /plugins/stub_resolver/.merlin: -------------------------------------------------------------------------------- 1 | S . 2 | B ../../_build/plugins/stub_resolver 3 | REC -------------------------------------------------------------------------------- /tools/cat.mli: -------------------------------------------------------------------------------- 1 | (** a fat cat on steroids - utility that concatenates files *) 2 | -------------------------------------------------------------------------------- /lib/bap_traces/bap_traces.ml: -------------------------------------------------------------------------------- 1 | module Unix = Caml_unix 2 | module Std = Bap_trace_std 3 | -------------------------------------------------------------------------------- /plugins/byteweight/.merlin: -------------------------------------------------------------------------------- 1 | PKG cmdliner 2 | REC 3 | B ../../_build/lib/bap_byteweight -------------------------------------------------------------------------------- /plugins/optimization/.merlin: -------------------------------------------------------------------------------- 1 | S . 2 | B ../../_build/plugins/optimization 3 | 4 | REC -------------------------------------------------------------------------------- /plugins/patterns/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | PKG xmlm 3 | PKG zarith 4 | PKG fileutils 5 | PKG uri -------------------------------------------------------------------------------- /plugins/primus_systems/primus_systems_config.ml.ab: -------------------------------------------------------------------------------- 1 | let path = "$primus_systems_path" 2 | -------------------------------------------------------------------------------- /plugins/run/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | B ../../_build/lib/bap_primus 3 | B ../../_build/plugins/run -------------------------------------------------------------------------------- /benchmarks/bench_image.mli: -------------------------------------------------------------------------------- 1 | open Core_bench.Std 2 | 3 | val tests : Bench.Test.t list 4 | -------------------------------------------------------------------------------- /plugins/llvm/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | PKG cmdliner 3 | PKG bap-main 4 | B ../../_build/plugins/llvm -------------------------------------------------------------------------------- /plugins/primus_lisp/primus_lisp_config.ml.ab: -------------------------------------------------------------------------------- 1 | let library = "$primus_lisp_library_path" 2 | -------------------------------------------------------------------------------- /plugins/primus_print/.merlin: -------------------------------------------------------------------------------- 1 | B ../../_build/lib/bap_primus 2 | B ../../_build/lib/bare 3 | REC -------------------------------------------------------------------------------- /tools/bap_config.ab: -------------------------------------------------------------------------------- 1 | PLUGINS_DIR="$plugindir" 2 | DATA_DIR="$datadir/bap" 3 | OS="$system" 4 | -------------------------------------------------------------------------------- /oasis/common.files.ab.in: -------------------------------------------------------------------------------- 1 | FilesAB: tools/bap_config.ab 2 | , tools/postinstall.ml.ab 3 | -------------------------------------------------------------------------------- /plugins/strings/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | B ../../_build/lib/bap_strings 3 | B ../../_build/lib/beagle 4 | -------------------------------------------------------------------------------- /oasis/language: -------------------------------------------------------------------------------- 1 | Flag language 2 | Description: Build language support library 3 | Default: false 4 | -------------------------------------------------------------------------------- /plugins/frontc_parser/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | PKG FrontC 3 | PKG cmdliner 4 | 5 | B ../../_build/lib/bap_c 6 | -------------------------------------------------------------------------------- /plugins/ida/bap_ida_config.ml.ab: -------------------------------------------------------------------------------- 1 | let ida_path = "$ida_path" 2 | let is_headless = $ida_headless 3 | -------------------------------------------------------------------------------- /plugins/primus_symbolic_executor/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | B ../../lib/bap_primus_track_visited 3 | PKG z3 zarith -------------------------------------------------------------------------------- /lib/bap_core_theory/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | B ../../_build/lib/bap_core_theory 3 | B ../../_build/lib/knowledge 4 | -------------------------------------------------------------------------------- /lib/bap_elf/elf_internal_utils.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | 3 | val int_of_int64 : int64 -> int Or_error.t 4 | -------------------------------------------------------------------------------- /lib/bap_main/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | PKG base 3 | PKG stdio 4 | PKG cmdliner 5 | B ../../_build/lib/bap_main 6 | -------------------------------------------------------------------------------- /tools/baptop: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | exec utop-full -ppx ppx-bap -short-paths -require "ppx_jane,bap.top" "$@" 3 | -------------------------------------------------------------------------------- /lib/bap_core_theory/bap_core_theory_empty.mli: -------------------------------------------------------------------------------- 1 | open Bap_core_theory_definition 2 | 3 | module Core : Core 4 | -------------------------------------------------------------------------------- /lib/bap_elementary/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | B ../../_build/lib/bap_core_theory 3 | B ../../_build/lib/knowledge 4 | S . -------------------------------------------------------------------------------- /plugins/api/api/c/gnu.h: -------------------------------------------------------------------------------- 1 | int __libc_start_main(int (*main) (int, char **, char **), int, char **, void *auxv); 2 | -------------------------------------------------------------------------------- /plugins/phoenix/.merlin: -------------------------------------------------------------------------------- 1 | B ../../_build/plugins/phoenix 2 | PKG cmdliner 3 | PKG ocamlgraph 4 | PKG ezjsonm 5 | REC -------------------------------------------------------------------------------- /lib/arm/arm_helpers.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | 3 | val sexpable_of_string : (Sexp.t -> 'a) -> string -> 'a option 4 | -------------------------------------------------------------------------------- /lib/bap_core_theory/bap_core_theory_basic.mli: -------------------------------------------------------------------------------- 1 | open Bap_core_theory_definition 2 | module Make(S : Minimal) : Basic 3 | -------------------------------------------------------------------------------- /lib_test/bap_dwarf/test_leb128.mli: -------------------------------------------------------------------------------- 1 | (** this is a unit test for test_leb128 *) 2 | 3 | val suite : OUnit2.test 4 | -------------------------------------------------------------------------------- /lib_test/bap_future/run_future_tests.ml: -------------------------------------------------------------------------------- 1 | open OUnit2 2 | 3 | let () = 4 | run_test_tt_main Test_future.suite 5 | -------------------------------------------------------------------------------- /oasis/llvm.ocamlbuild.ml.in: -------------------------------------------------------------------------------- 1 | let () = 2 | flag ["c++"; "compile"; "use_libllvm"] (Sh (expand "${llvm_cxxflags}")) 3 | -------------------------------------------------------------------------------- /plugins/api/api/c/android.h: -------------------------------------------------------------------------------- 1 | void __libc_init(char **argv, void *on_exit, int (*main) (int, char **, char **)); 2 | -------------------------------------------------------------------------------- /src/baptop.ml: -------------------------------------------------------------------------------- 1 | let main () = 2 | UTop.require ["bap.top"]; 3 | UTop_main.main () 4 | 5 | 6 | let () = main () 7 | -------------------------------------------------------------------------------- /lib/bap_ghidra/bap_ghidra.mli: -------------------------------------------------------------------------------- 1 | val init : 2 | ?paths:string list -> 3 | ?print_targets:bool -> 4 | unit -> unit 5 | -------------------------------------------------------------------------------- /lib/bap_sema/bap_sema_abi.mli: -------------------------------------------------------------------------------- 1 | open Bap_types.Std 2 | open Bap_ir 3 | 4 | val infer_args : sub term -> arch -> sub term 5 | -------------------------------------------------------------------------------- /lib/monads/monads.ml: -------------------------------------------------------------------------------- 1 | module Std = struct 2 | module Monoid = Monads_monoid 3 | module Monad = Monads_monad 4 | end 5 | -------------------------------------------------------------------------------- /lib_test/bap_traces/run_traces_tests.ml: -------------------------------------------------------------------------------- 1 | open OUnit2 2 | 3 | let () = 4 | run_test_tt_main (Test_traces.suite ()) 5 | -------------------------------------------------------------------------------- /plugins/cache/.merlin: -------------------------------------------------------------------------------- 1 | PKG cmdliner 2 | PKG mmap 3 | PKG fileutils 4 | 5 | S . 6 | B ../../_build/plugins/cache 7 | 8 | REC -------------------------------------------------------------------------------- /plugins/constant_tracker/.merlin: -------------------------------------------------------------------------------- 1 | PKG bap 2 | PKG bap-primus 3 | FLG -short-paths,-open Bap.Std,-open Bap_primus.Std 4 | REC -------------------------------------------------------------------------------- /lib/arm/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | B ../../_build/lib/arm 3 | B ../../_build/lib/bap_c 4 | B ../../_build/lib/bap_api 5 | S ../../lib/bap_c -------------------------------------------------------------------------------- /lib/bap_plugins/.merlin: -------------------------------------------------------------------------------- 1 | PKG findlib 2 | B ../../_build/lib/bap_config 3 | B ../bap_bundle 4 | B ../bap_future 5 | 6 | REC 7 | -------------------------------------------------------------------------------- /lib/bap_sema/bap_sema_ssa.mli: -------------------------------------------------------------------------------- 1 | open Bap_ir 2 | 3 | val sub : sub term -> sub term 4 | val is_transformed : sub term -> bool 5 | -------------------------------------------------------------------------------- /oasis/common.tags.in: -------------------------------------------------------------------------------- 1 | # OASIS_START 2 | # OASIS_STOP 3 | true: debug 4 | true: warn(+a-4-6-7-9-27-29-32..42-44-45-48-50-60) 5 | -------------------------------------------------------------------------------- /plugins/objdump/.merlin: -------------------------------------------------------------------------------- 1 | PKG cmdliner 2 | PKG re.pcre 3 | B ../../_build/plugins/objdump 4 | B ../../lib/bap_relation 5 | REC 6 | -------------------------------------------------------------------------------- /plugins/primus_lisp/primus_lisp_semantic_primitives.mli: -------------------------------------------------------------------------------- 1 | val provide : unit -> unit 2 | val enable_extraction : unit -> unit 3 | -------------------------------------------------------------------------------- /plugins/propagate_taint/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | PKG cmdliner 3 | B ../../_build/plugins/propagate_taint 4 | B ../../_build/lib/microx -------------------------------------------------------------------------------- /lib/bap_llvm/bap_llvm_loader.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | 3 | val init : ?base:int64 -> ?pdb_path:string -> unit -> unit Or_error.t 4 | -------------------------------------------------------------------------------- /lib/bap_main/bap_main_log.mli: -------------------------------------------------------------------------------- 1 | val in_directory : ?logdir:string -> unit -> unit 2 | val process_events : Format.formatter -> unit 3 | -------------------------------------------------------------------------------- /lib/bap_primus/bap_primus_exn.mli: -------------------------------------------------------------------------------- 1 | type t = .. 2 | val to_string : t -> string 3 | val add_printer : (t -> string option) -> unit 4 | -------------------------------------------------------------------------------- /lib/bap_types/.merlin: -------------------------------------------------------------------------------- 1 | PKG zarith 2 | PKG uuidm 3 | REC 4 | 5 | B ../../_build/lib/bap_types 6 | B ../../_build/lib/knowledge 7 | -------------------------------------------------------------------------------- /lib/bap_types/bap_core_theory_bil_parser.mli: -------------------------------------------------------------------------------- 1 | open Bap_core_theory 2 | open Bap_bil 3 | 4 | val t : (exp,_,stmt) Theory.Parser.t 5 | -------------------------------------------------------------------------------- /plugins/primus_lisp/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | B ../../_build/lib/bap_primus 3 | S ../../lib/bap_primus 4 | B ../../_build/plugins/primus_lisp -------------------------------------------------------------------------------- /plugins/primus_lisp/primus_lisp_io.mli: -------------------------------------------------------------------------------- 1 | val standard_channels : string list 2 | 3 | val init : (string * string) list -> unit 4 | -------------------------------------------------------------------------------- /plugins/x86/x86_tools_reg.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap.Std 3 | open X86_tools_types 4 | 5 | module Make(CPU : X86CPU) : RR 6 | -------------------------------------------------------------------------------- /plugins/primus_lisp/primus_lisp_documentation.mli: -------------------------------------------------------------------------------- 1 | open Bap_primus.Std 2 | 3 | val print : string -> Primus.Lisp.Doc.index -> unit 4 | -------------------------------------------------------------------------------- /plugins/primus_loader/.merlin: -------------------------------------------------------------------------------- 1 | B ../../_build/plugins/primus_elf 2 | B ../../_build/lib/bap_primus 3 | S ../../lib/bap_primus 4 | REC 5 | -------------------------------------------------------------------------------- /plugins/x86/x86_tools_flags.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap.Std 3 | open X86_tools_types 4 | 5 | module Make(CPU : X86CPU) : FR 6 | -------------------------------------------------------------------------------- /src/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | PKG cmdliner 3 | PKG curl 4 | PKG parsexp 5 | PKG uuidm 6 | B ../_build/src 7 | B ../_build/lib/bap_byteweight 8 | -------------------------------------------------------------------------------- /lib/x86_cpu/x86_asm.ml: -------------------------------------------------------------------------------- 1 | 2 | module Reg = X86_asm_reg 3 | 4 | type reg = [Reg.gpr | Reg.segment_base | Reg.segment] [@@deriving sexp_poly] 5 | -------------------------------------------------------------------------------- /plugins/api/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | PKG cmdliner 3 | 4 | B ../../_build/lib/bap_api 5 | B ../../_build/plugins/api 6 | S. 7 | 8 | FLG -short-paths -------------------------------------------------------------------------------- /plugins/ida/.merlin: -------------------------------------------------------------------------------- 1 | PKG cmdliner 2 | PKG bap-ida 3 | PKG mmap 4 | REC 5 | 6 | B ../../_build/lib/bap_ida 7 | B ../../_build/plugins/ida 8 | S . -------------------------------------------------------------------------------- /plugins/primus_symbolic_executor/lisp/symbolic-stdlib.lisp: -------------------------------------------------------------------------------- 1 | (in-package posix) 2 | (declare (context (component bap:symbolic-computer))) 3 | -------------------------------------------------------------------------------- /plugins/x86/x86_legacy_bil.ml: -------------------------------------------------------------------------------- 1 | module Ast = X86_legacy_bil_ast 2 | module Type = X86_legacy_bil_type 3 | module Var = X86_legacy_bil_var 4 | -------------------------------------------------------------------------------- /lib/bap_c/.ocamlinit: -------------------------------------------------------------------------------- 1 | #use "topfind" 2 | #require "bap.top" 3 | #require "bap-c";; 4 | #require "FrontC";; 5 | open Bap.Std;; 6 | open Bap_c.Std;; -------------------------------------------------------------------------------- /lib/bap_types/bap_bil_optimizations.mli: -------------------------------------------------------------------------------- 1 | open Bap_bil 2 | 3 | val propagate_consts : bil -> bil 4 | 5 | val prune_dead_virtuals : bil -> bil 6 | -------------------------------------------------------------------------------- /plugins/cache/bap_cache_gc.mli: -------------------------------------------------------------------------------- 1 | open Bap_cache_types 2 | 3 | val shrink : ?by_threshold:bool -> config -> unit 4 | 5 | val clean : unit -> unit 6 | -------------------------------------------------------------------------------- /plugins/primus_lisp/semantics/dummy.lisp: -------------------------------------------------------------------------------- 1 | ;; a dummy file to prevent build and install scripts from failing 2 | ;; will remove it in the future 3 | -------------------------------------------------------------------------------- /plugins/radare2/.merlin: -------------------------------------------------------------------------------- 1 | PKG yojson 2 | PKG zarith 3 | B ../../_build/plugins/radare2 4 | B ../../lib/bap_relation 5 | B ../../lib/arm 6 | REC 7 | -------------------------------------------------------------------------------- /lib/bap_elf/elf_parse.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Elf_types 3 | 4 | val from_bigstring : ?pos:int -> ?len:int -> Bigstring.t -> elf Or_error.t 5 | -------------------------------------------------------------------------------- /lib/bap_taint/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | 3 | B ../../_build/lib/bap_primus 4 | B ../../_build/lib/bap_strings 5 | 6 | B ../bap_primus 7 | B ../bap_strings 8 | -------------------------------------------------------------------------------- /plugins/powerpc/powerpc_cpu.mli: -------------------------------------------------------------------------------- 1 | open Bap.Std 2 | open Powerpc_rtl 3 | open Powerpc_types 4 | 5 | val make_cpu : addr_size -> endian -> mem -> cpu 6 | -------------------------------------------------------------------------------- /plugins/x86/x86_tools_mem.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap.Std 3 | open X86_tools_types 4 | 5 | module Make (CPU : X86CPU) (RR : RR) (IM : IM) : MM 6 | -------------------------------------------------------------------------------- /plugins/x86/x86_tools_prefix.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap.Std 3 | open X86_tools_types 4 | 5 | module Make (RR : RR) (FR : FR) (IV : IV) : PR 6 | -------------------------------------------------------------------------------- /OMakeroot: -------------------------------------------------------------------------------- 1 | # include the standard installed configuration file. 2 | include $(STDROOT) 3 | 4 | # include the OMakefile in this directory. 5 | .SUBDIRS: . 6 | -------------------------------------------------------------------------------- /lib/bap_c/bap_c_type_printer.mli: -------------------------------------------------------------------------------- 1 | open Format 2 | open Bap_c_type 3 | 4 | val pp : formatter -> t -> unit 5 | val pp_proto : formatter -> proto -> unit 6 | -------------------------------------------------------------------------------- /plugins/bil/bil_semantics.mli: -------------------------------------------------------------------------------- 1 | open Bap.Std 2 | open Bap_core_theory 3 | 4 | module Core : Theory.Core 5 | module Core_with_fp_emulation : Theory.Core 6 | -------------------------------------------------------------------------------- /plugins/x86/x86_tools.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap.Std 3 | 4 | module type S = X86_tools_types.S 5 | 6 | module IA32 : S 7 | module AMD64 : S 8 | 9 | -------------------------------------------------------------------------------- /lib/arm/ARM.ml: -------------------------------------------------------------------------------- 1 | include Arm_types 2 | include Arm_lifter 3 | module Insn = Arm_insn 4 | module Cond = Arm_cond 5 | module Reg = Arm_reg 6 | module Op = Arm_op 7 | -------------------------------------------------------------------------------- /lib/arm/arm_branch.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap.Std 3 | open Arm_types 4 | 5 | val lift : op -> ?link:bool -> ?x:bool -> ?cond:op -> word -> stmt list 6 | -------------------------------------------------------------------------------- /plugins/primus_propagate_taint/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | B ../../_build/plugins/primus_propagate_taint 3 | B ../../_build/lib/bap_primus 4 | B ../../_build/lib/bap_taint 5 | -------------------------------------------------------------------------------- /lib/bap_llvm/llvm_disasm.h: -------------------------------------------------------------------------------- 1 | #ifdef __cplusplus 2 | extern "C" { 3 | #endif 4 | 5 | int disasm_llvm_init(); 6 | 7 | #ifdef __cplusplus 8 | } 9 | #endif 10 | -------------------------------------------------------------------------------- /lib_test/bap_future/test_future_std.ml: -------------------------------------------------------------------------------- 1 | open OUnit2 2 | 3 | let suite = 4 | "Future test" >::: 5 | [ 6 | Test_future.suite; 7 | Test_stream.suite; 8 | ] 9 | -------------------------------------------------------------------------------- /plugins/x86/x86_opcode_outs.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | 3 | type outs = [ 4 | | `OUTSB 5 | | `OUTSW 6 | | `OUTSD 7 | ] [@@deriving bin_io, sexp, compare, enumerate] 8 | -------------------------------------------------------------------------------- /plugins/primus_x86/primus_x86_loader.mli: -------------------------------------------------------------------------------- 1 | open Bap_primus.Std 2 | 3 | module InitializeRegisters : Primus.Machine.Component 4 | module SetupPLT : Primus.Machine.Component 5 | -------------------------------------------------------------------------------- /lib/arm/arm_helpers.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | 3 | let sexpable_of_string t_of_sexp name = 4 | try Some (t_of_sexp @@ Sexp.of_string name) 5 | with Sexp.Of_sexp_error _ -> None 6 | -------------------------------------------------------------------------------- /plugins/mips/mips_utils.mli: -------------------------------------------------------------------------------- 1 | open Bap.Std 2 | 3 | (** [mips_fail error_string] - raise a failure with [error_string] *) 4 | val mips_fail : ('a, unit, string, 'b) format4 -> 'a 5 | -------------------------------------------------------------------------------- /plugins/relocatable/.merlin: -------------------------------------------------------------------------------- 1 | B ../../_build/plugins/relocatable 2 | B ../../lib/arm 3 | B ../../lib/bap_mips 4 | B ../../lib/bap_powerpc 5 | B ../../lib/x86_cpu/ 6 | S . 7 | 8 | REC -------------------------------------------------------------------------------- /plugins/beagle/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | B ../../_build/lib/microx 3 | B ../../_build/lib/beagle 4 | B ../../_build/lib/bap_primus 5 | B ../../_build/lib/bap_strings 6 | B ../../_build/plugins/beagle -------------------------------------------------------------------------------- /plugins/powerpc/powerpc_utils.mli: -------------------------------------------------------------------------------- 1 | open Bap.Std 2 | 3 | (** [ppc_fail error_string] - raise a failure with [error_string] *) 4 | val ppc_fail : ('a, unit, string, 'b) format4 -> 'a 5 | -------------------------------------------------------------------------------- /plugins/x86/x86_opcode_ins.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | 3 | type ins = [ 4 | | `IN8 5 | | `IN16 6 | | `IN32 7 | ] [@@deriving bin_io, sexp, compare, enumerate] 8 | 9 | 10 | -------------------------------------------------------------------------------- /plugins/x86/x86_opcode_lods.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | 3 | type lods = [ 4 | | `LODSB 5 | | `LODSW 6 | | `LODSD 7 | | `LODSQ 8 | ] [@@deriving bin_io, sexp, compare, enumerate] 9 | -------------------------------------------------------------------------------- /plugins/x86/x86_opcode_movs.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | 3 | type movs = [ 4 | | `MOVSB 5 | | `MOVSW 6 | | `MOVSD 7 | | `MOVSQ 8 | ] [@@deriving bin_io, sexp, compare, enumerate] 9 | -------------------------------------------------------------------------------- /plugins/x86/x86_opcode_stos.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | 3 | type stos = [ 4 | | `STOSB 5 | | `STOSW 6 | | `STOSD 7 | | `STOSQ 8 | ] [@@deriving bin_io, sexp, compare, enumerate] 9 | -------------------------------------------------------------------------------- /lib/bap_elf/bap_elf.ml: -------------------------------------------------------------------------------- 1 | module Std = struct 2 | module Elf = struct 3 | include Elf_types 4 | type t = elf 5 | include Elf_utils 6 | include Elf_parse 7 | end 8 | end 9 | -------------------------------------------------------------------------------- /lib/bap_llvm/llvm_stubs.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include "llvm_disasm.h" 3 | 4 | 5 | value disasm_llvm_init_stub(value unit) { 6 | return Val_int(disasm_llvm_init()); 7 | } 8 | -------------------------------------------------------------------------------- /lib/bap_primus/bap_primus_exn.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | 3 | type t = exn = .. 4 | let to_string err = Caml.Printexc.to_string err 5 | let add_printer pr = Caml.Printexc.register_printer pr 6 | -------------------------------------------------------------------------------- /lib/bap_traces/bap_trace_binprot.mli: -------------------------------------------------------------------------------- 1 | 2 | val register: unit -> unit 3 | (** [register ()] - registers protocol, reader and writer 4 | for reading and writing traces with bin_io. *) 5 | -------------------------------------------------------------------------------- /plugins/x86/x86_opcode_scas.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | 3 | type scas = [ 4 | | `SCAS8 5 | | `SCAS16 6 | | `SCAS32 7 | | `SCAS64 8 | ] [@@deriving bin_io, sexp, compare, enumerate] 9 | -------------------------------------------------------------------------------- /lib/bap_types/bap_integer.mli: -------------------------------------------------------------------------------- 1 | open Bap_integer_intf 2 | 3 | module type Base = Base 4 | module type S = S 5 | 6 | (** Derives [S] from [R] *) 7 | module Make(R : Base) : S with type t = R.t 8 | -------------------------------------------------------------------------------- /lib/bap_elf/elf_internal_utils.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | 3 | let int_of_int64 n = match Int64.to_int n with 4 | | Some v -> Ok v 5 | | None -> Or_error.errorf "number %LdL doesn't fit into int" n 6 | -------------------------------------------------------------------------------- /lib/bap_main/bap_load_plugins.ml: -------------------------------------------------------------------------------- 1 | open Bap_plugins.Std 2 | 3 | let () = 4 | let loader = Topdirs.dir_load Format.std_formatter in 5 | setup_dynamic_loader loader; 6 | Plugins.load () |> ignore 7 | -------------------------------------------------------------------------------- /plugins/ida/bap_ida_service.mli: -------------------------------------------------------------------------------- 1 | 2 | (** [register ida_info ida_mode] registers the IDA service with 3 | Bap_ida library *) 4 | val register : Bap_ida_info.t -> Bap_ida_info.mode option -> unit 5 | -------------------------------------------------------------------------------- /plugins/mips/mips_utils.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap.Std 3 | 4 | let mips_fail format = 5 | let fail str = failwith (sprintf "MIPS lifter fail: %s" str) in 6 | Printf.ksprintf fail format 7 | -------------------------------------------------------------------------------- /plugins/powerpc/powerpc_utils.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap.Std 3 | 4 | let ppc_fail format = 5 | let fail str = failwith (sprintf "PowerPC lifter fail: %s" str) in 6 | Printf.ksprintf fail format 7 | -------------------------------------------------------------------------------- /plugins/x86/x86_opcode_cmps.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | 3 | type cmps = [ 4 | | `CMPS8 5 | | `CMPS16 6 | | `CMPS32 7 | | `CMPS64 8 | ] [@@deriving bin_io, sexp, compare, enumerate] 9 | 10 | -------------------------------------------------------------------------------- /lib/bap_disasm/bap_disasm_source_factory.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap_disasm_source_intf 3 | 4 | module Factory : sig 5 | module type S = Factory 6 | module Make(T : T) : S with type t = T.t 7 | end 8 | -------------------------------------------------------------------------------- /lib/bap_ghidra/ghidra_disasm.h: -------------------------------------------------------------------------------- 1 | #ifdef __cplusplus 2 | extern "C" { 3 | #endif 4 | 5 | int disasm_ghidra_init(const char *paths, int print_targets); 6 | 7 | #ifdef __cplusplus 8 | } 9 | #endif 10 | -------------------------------------------------------------------------------- /plugins/primus_lisp/lisp/core.lisp: -------------------------------------------------------------------------------- 1 | ;; defines the core of the Primus Lisp language 2 | ;; required automatically by the primus-lisp program loader 3 | (require init) 4 | (require pointers) 5 | (require memory) 6 | -------------------------------------------------------------------------------- /plugins/primus_taint/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | B ../../_build/plugins/primus_taint 3 | B ../../_build/lib/bap_primus 4 | B ../../_build/lib/bap_taint 5 | 6 | B . 7 | B ../../lib/bap_primus 8 | B ../../lib/bap_taint 9 | -------------------------------------------------------------------------------- /src/bap_mc.ml: -------------------------------------------------------------------------------- 1 | 2 | let () = 3 | let args = Array.of_list @@ match Array.to_list Sys.argv with 4 | | [] | [_] -> ["bap"; "mc"] 5 | | _ :: args -> "bap" :: "mc" :: args in 6 | Unix.execvp "bap" args 7 | -------------------------------------------------------------------------------- /lib/bap_llvm/bap_llvm_disasm.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | 3 | type x86_syntax = [`att | `intel] [@@deriving sexp] 4 | 5 | val init : ?x86_syntax:x86_syntax -> unit -> unit Or_error.t 6 | 7 | val version : string 8 | -------------------------------------------------------------------------------- /lib/bap_sema/bap_sema_free_vars.mli: -------------------------------------------------------------------------------- 1 | open Bap_types.Std 2 | open Graphlib.Std 3 | open Bap_ir 4 | 5 | val compute_liveness : sub term -> (tid, Var.Set.t) Solution.t 6 | val free_vars_of_sub : sub term -> Var.Set.t 7 | -------------------------------------------------------------------------------- /lib/bap_traces/bap_trace_traces.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | val to_list : unit -> Bap_trace.t list 3 | val enum : unit -> Bap_trace.t Sequence.t 4 | val add : Bap_trace.t -> unit 5 | val remove : Bap_trace.t -> unit 6 | -------------------------------------------------------------------------------- /plugins/bil/Makefile: -------------------------------------------------------------------------------- 1 | 2 | float: 3 | bapbuild -pkgs findlib.dynload,monads,bap-primus,oUnit,bap-core-theory,bap-knowledge bil_float_tests.native 4 | 5 | clean: 6 | rm -rf _build 7 | rm -f bil_float_tests.native 8 | -------------------------------------------------------------------------------- /plugins/x86/x86_opcode_cdq.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | 3 | type cdq = [ 4 | | `CBW 5 | | `CWD 6 | | `CWDE 7 | | `CDQ 8 | | `CDQE 9 | | `CQO 10 | ] [@@deriving bin_io, sexp, compare, enumerate] 11 | -------------------------------------------------------------------------------- /lib/arm/arm_lifter.mli: -------------------------------------------------------------------------------- 1 | open Bap.Std 2 | 3 | (** [lift mem insn] lifts instruction. *) 4 | val lift : lifter 5 | 6 | module CPU : sig 7 | include module type of Arm_env 8 | include Bap.Std.CPU 9 | end 10 | -------------------------------------------------------------------------------- /lib/bap_types/bap_ogre.mli: -------------------------------------------------------------------------------- 1 | open Bap_core_theory 2 | open Core_kernel 3 | 4 | type t = Ogre.doc [@@deriving bin_io, compare, sexp] 5 | val pp : Format.formatter -> t -> unit 6 | val slot : (Theory.Unit.cls, t) KB.slot 7 | -------------------------------------------------------------------------------- /lib/bap_image/bap_fileutils.mli: -------------------------------------------------------------------------------- 1 | (**Helper IO functions. *) 2 | 3 | open Core_kernel 4 | open Bap_types.Std 5 | 6 | val readfile : string -> Bigstring.t 7 | 8 | val parse_name : string -> (string * string option) option 9 | -------------------------------------------------------------------------------- /plugins/bil/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | B ../../_build/plugins/bil 3 | B ../../_build/lib/knowledge 4 | B ../../_build/lib/bap_core_theory 5 | FLG -open Bap_core_theory 6 | PKG oUnit 7 | 8 | S . 9 | B _build 10 | FLG -short-paths -------------------------------------------------------------------------------- /plugins/patterns/semantics/pattern-actions.lisp: -------------------------------------------------------------------------------- 1 | (in-package bap) 2 | 3 | (defmethod bap:patterns-action (action addr attrs) 4 | (when (is-in action 'funcstart 'possiblefuncstart) 5 | (promise-function-start addr))) 6 | -------------------------------------------------------------------------------- /plugins/x86/x86_legacy_fp_lifter.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap.Std 3 | module Bil = X86_legacy_bil 4 | module MC = Disasm_expert.Basic 5 | 6 | 7 | val run : Arch.x86 -> mem -> MC.full_insn -> Bil.Ast.program Or_error.t 8 | -------------------------------------------------------------------------------- /benchmarks/.merlin: -------------------------------------------------------------------------------- 1 | B ../_build/lib_test/bap_core 2 | B ../_build/lib_test/bap_dwarf 3 | B ../_build/lib_test/bap_elf 4 | B ../_build/lib_test/bap_image 5 | B ../_build/lib_test/bap_types 6 | PKG core 7 | PKG core_bench 8 | REC 9 | -------------------------------------------------------------------------------- /lib/bap_llvm/llvm_loader_stubs.h: -------------------------------------------------------------------------------- 1 | #include "caml/mlvalues.h" 2 | 3 | #ifdef __cplusplus 4 | extern "C" { 5 | #endif 6 | 7 | value bap_llvm_load_stub(value, value); 8 | 9 | #ifdef __cplusplus 10 | } 11 | #endif 12 | -------------------------------------------------------------------------------- /oasis/objdump.setup.ml.in: -------------------------------------------------------------------------------- 1 | let () = 2 | add_variable ~doc:"A list (OCaml syntax) of paths to all discovered objdumps" "objdump_paths" 3 | ~define:(function 4 | | None -> "[\"objdump\"]" 5 | | Some xs -> xs) 6 | -------------------------------------------------------------------------------- /lib/bap_types/bap_bil_adt.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap_common 3 | open Bap_bil 4 | open Format 5 | 6 | val pp_var : formatter -> var -> unit 7 | val pp_exp : formatter -> exp -> unit 8 | val pp_stmt : formatter -> stmt -> unit 9 | -------------------------------------------------------------------------------- /oasis/cxxfilt.setup.ml.in: -------------------------------------------------------------------------------- 1 | 2 | let () = 3 | add_variable ~doc: 4 | "A list (OCaml syntax) of paths to all discovered c++filts" "cxxfilt_paths" 5 | ~define:(function 6 | | None -> "[]" 7 | | Some xs -> xs) 8 | -------------------------------------------------------------------------------- /plugins/primus_approximation/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | B ../../_build/plugins/bil 3 | B ../../_build/lib/knowledge 4 | B ../../_build/lib/bap_core_theory 5 | FLG -open Bap_core_theory 6 | PKG oUnit 7 | 8 | S . 9 | B _build 10 | FLG -short-paths -------------------------------------------------------------------------------- /plugins/x86/x86_lifter.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap.Std 3 | 4 | module IA32 : sig 5 | module CPU : CPU 6 | val lift : lifter 7 | end 8 | 9 | module AMD64 : sig 10 | module CPU : CPU 11 | val lift : lifter 12 | end 13 | -------------------------------------------------------------------------------- /plugins/primus_approximation/Makefile: -------------------------------------------------------------------------------- 1 | 2 | float: 3 | bapbuild -pkgs monads,bap-primus,bap-core-theory,bap-knowledge approximation.plugin 4 | bapbundle install approximation.plugin 5 | clean: 6 | rm -rf _build 7 | rm -f approximation.plugin 8 | -------------------------------------------------------------------------------- /plugins/primus_lisp/site-lisp/memory-allocator.lisp: -------------------------------------------------------------------------------- 1 | ;; how to provide an extensible dispatch hook? 2 | ;; 3 | ;; - the require declaration should be also overridable 4 | 5 | ;; the default memory allocator 6 | (require simple-memory-allocator) 7 | -------------------------------------------------------------------------------- /plugins/bil/bil_ir.mli: -------------------------------------------------------------------------------- 1 | open Bap.Std 2 | open Bap_core_theory 3 | 4 | type t 5 | 6 | val slot : (Theory.Semantics.cls, t) KB.slot 7 | 8 | val reify : t -> blk term list 9 | val init : unit -> unit 10 | 11 | module Theory : Theory.Core 12 | -------------------------------------------------------------------------------- /plugins/primus_lisp/site-lisp/libintl.lisp: -------------------------------------------------------------------------------- 1 | (in-package posix) 2 | 3 | (defun bindtextdomain (_ dir) 4 | (declare (external "bindtextdomain")) 5 | dir) 6 | 7 | (defun textdomain (dom) 8 | (declare (external "textdomain")) 9 | dom) 10 | -------------------------------------------------------------------------------- /plugins/x86/x86_disasm.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap.Std 3 | open X86_types 4 | 5 | val parse_instr: mode -> mem -> addr -> int list * prefix * opcode * addr 6 | 7 | val parse_prefixes: mode -> int list -> opcode -> var option * int List.t 8 | -------------------------------------------------------------------------------- /plugins/x86/x86_tools_imm.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap.Std 3 | 4 | type t = imm 5 | 6 | let of_imm imm = imm 7 | 8 | let get ~width t = 9 | Imm.to_word t ~width:(Size.in_bits width) |> 10 | fun x -> Bil.int (Option.value_exn x) 11 | -------------------------------------------------------------------------------- /benchmarks/run_benchmarks.ml: -------------------------------------------------------------------------------- 1 | open Core 2 | open Core_bench.Std 3 | open Bap.Std 4 | 5 | let benchmarks = Bench.make_command @@ List.concat [ 6 | Bench_dom.tests; 7 | Bench_image.tests; 8 | ] 9 | 10 | 11 | let () = Command.run benchmarks 12 | -------------------------------------------------------------------------------- /lib/arm/arm_reg.mli: -------------------------------------------------------------------------------- 1 | open Bap.Std 2 | open Regular.Std 3 | 4 | type t = Arm_types.reg [@@deriving bin_io, compare, sexp] 5 | 6 | (** lifts basic register to a ARM one *) 7 | val create : reg -> t option 8 | 9 | include Regular.S with type t := t 10 | -------------------------------------------------------------------------------- /plugins/primus_lisp/site-lisp/posix.lisp: -------------------------------------------------------------------------------- 1 | (require stdlib) 2 | (require stdio) 3 | (require string) 4 | (require errno) 5 | (require ascii) 6 | (require locale) 7 | (require libintl) 8 | (require unistd) 9 | (require setjmp) 10 | (require getopt) 11 | -------------------------------------------------------------------------------- /lib/bitvec_sexp/bitvec_sexp.mli: -------------------------------------------------------------------------------- 1 | open Sexplib0 2 | 3 | type t = Bitvec.t 4 | 5 | val sexp_of_t : t -> Sexp.t 6 | val t_of_sexp : Sexp.t -> t 7 | 8 | module Functions : sig 9 | val sexp_of_t : t -> Sexp.t 10 | val t_of_sexp : Sexp.t -> t 11 | end 12 | -------------------------------------------------------------------------------- /plugins/stub_resolver/signatures/powerpc.stubs: -------------------------------------------------------------------------------- 1 | ; a list of words that commonly start a stub, 2 | ; one per line, with `;' for comments. 3 | 4 | 0x3d601001 ; lis r11, 4097 5 | 0x3d601002 ; lis r11, 4098 6 | 0x3d601003 ; lis r11, 4099 7 | 0x3d601004 ; lis r11, 4100 8 | -------------------------------------------------------------------------------- /plugins/x86/x86_abi.mli: -------------------------------------------------------------------------------- 1 | open Bap.Std 2 | 3 | type abi 4 | 5 | val name : abi -> string 6 | val arch : abi -> Arch.x86 7 | val supported : unit -> abi list 8 | 9 | (** registers x86 ABIs *) 10 | val setup : ?abi:(Arch.x86 -> abi option) -> unit -> unit 11 | -------------------------------------------------------------------------------- /lib/bap_traces/bap_trace_id.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Regular.Std 3 | open Bap.Std 4 | 5 | type t [@@deriving bin_io, compare, sexp] 6 | include module type of Uuidm with type t := t 7 | include Regular.S with type t := t 8 | 9 | val of_string: string -> t 10 | -------------------------------------------------------------------------------- /lib/bap_types/bap_int_conversions.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | 3 | val int_of_int32 : int32 -> int Or_error.t 4 | val int_of_int64 : int64 -> int Or_error.t 5 | val int_of_nativeint : nativeint -> int Or_error.t 6 | val int_of_word : Bap_bitvector.t -> int Or_error.t 7 | -------------------------------------------------------------------------------- /plugins/thumb/thumb_bits.mli: -------------------------------------------------------------------------------- 1 | open Bap_core_theory 2 | open Thumb_core 3 | open Thumb_opcodes 4 | 5 | module Make(CT : Theory.Core) : sig 6 | open Theory 7 | val sx : r32 reg -> _ reg -> cond -> unit eff 8 | val ux : r32 reg -> _ reg -> cond -> unit eff 9 | end 10 | -------------------------------------------------------------------------------- /plugins/x86/x86_backend.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap.Std 3 | 4 | type opcode = string 5 | 6 | module type S = sig 7 | val register : opcode -> lifter -> unit 8 | module Make (T : Target) : Target 9 | end 10 | 11 | module IA32 : S 12 | module AMD64 : S 13 | -------------------------------------------------------------------------------- /lib/bap_strings/bap_strings.ml: -------------------------------------------------------------------------------- 1 | module Std = struct 2 | module Strings = struct 3 | module Detector = Bap_strings_detector 4 | module Unscrambler = Bap_strings_unscrambler 5 | module Scanner = Bap_strings_scanner 6 | module Index = Bap_strings_index 7 | end 8 | end 9 | -------------------------------------------------------------------------------- /plugins/bil/bil_lifter.mli: -------------------------------------------------------------------------------- 1 | type ispec = [ 2 | | `any 3 | | `unk 4 | | `special 5 | | `tag of string 6 | | `asm of string 7 | | `insn of string * string 8 | ] 9 | 10 | 11 | val init : 12 | enable_intrinsics:ispec list -> 13 | with_fp:bool -> unit -> unit 14 | -------------------------------------------------------------------------------- /lib/bap_primus/bap_primus_lisp_word.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap_primus_lisp_types 3 | 4 | type t = word [@@deriving compare, sexp_of] 5 | type read_error = Empty | Not_an_int | Unclosed | Bad_literal | Bad_type 6 | 7 | val read : Id.t -> Eq.t -> string -> (t,read_error) result 8 | -------------------------------------------------------------------------------- /lib/bap_types/bap_context.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap_result 3 | open Bap_common 4 | open Bap_bil 5 | 6 | class t : object('s) 7 | method lookup : var -> result option 8 | method update : var -> result -> 's 9 | method bindings : (var * result) Sequence.t 10 | end 11 | -------------------------------------------------------------------------------- /lib/bap_types/bap_tid_graph.mli: -------------------------------------------------------------------------------- 1 | open Graphlib.Std 2 | open Bap_ir 3 | 4 | include Graph with type node = tid 5 | and type Node.label = tid 6 | and type Edge.label = tid 7 | 8 | val start : node 9 | val exit : node 10 | val create : sub term -> t 11 | -------------------------------------------------------------------------------- /lib/bap/.merlin: -------------------------------------------------------------------------------- 1 | PKG compiler-libs 2 | PKG findlib 3 | PKG cmdliner 4 | B ../../_build/lib/bap_types 5 | B ../../_build/lib/bap_image 6 | B ../../_build/lib/bap_disasm 7 | B ../../_build/lib/bap_sema 8 | B ../../_build/lib/bap_bundle 9 | B ../../_build/lib/knowledge 10 | 11 | REC 12 | -------------------------------------------------------------------------------- /lib/bap_elf/elf_utils.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Elf_types 3 | 4 | (** [section_name data elf section] extracts section name from data *) 5 | val section_name : Bigstring.t -> elf -> section -> string Or_error.t 6 | 7 | 8 | val string_of_section : Bigstring.t -> section -> string Or_error.t 9 | -------------------------------------------------------------------------------- /lib/bap_traces/bap_trace_std.ml: -------------------------------------------------------------------------------- 1 | include Bap_trace_event_types 2 | include Bap_trace_meta_types 3 | module Event = Bap_trace_events 4 | module Meta = Bap_trace_meta 5 | module Trace = Bap_trace 6 | type trace = Trace.t 7 | module Traces = Bap_trace_traces 8 | let () = Bap_trace_binprot.register () 9 | -------------------------------------------------------------------------------- /oasis/bare: -------------------------------------------------------------------------------- 1 | Flag bare 2 | Description: Build the BARE library 3 | Default: false 4 | 5 | Library bare 6 | Build$: flag(everything) || flag(bare) 7 | Path: lib/bare 8 | FindlibName: bare 9 | CompiledObject: best 10 | BuildDepends: core_kernel, parsexp 11 | Modules: Bare 12 | -------------------------------------------------------------------------------- /oasis/bitvec: -------------------------------------------------------------------------------- 1 | Flag bitvec 2 | Description: Build the bitvec library 3 | Default: false 4 | 5 | Library bitvec 6 | Build$: flag(everything) || flag(bitvec) 7 | Path: lib/bitvec 8 | FindlibName: bitvec 9 | CompiledObject: best 10 | BuildDepends: zarith 11 | Modules: Bitvec 12 | -------------------------------------------------------------------------------- /lib/arm/arm_cond.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Regular.Std 3 | open Bap.Std 4 | open Arm_types 5 | 6 | type t = cond [@@deriving bin_io, compare, sexp] 7 | 8 | (** decodes condition value from a word *) 9 | val create : word -> cond Or_error.t 10 | 11 | include Regular.S with type t := t 12 | -------------------------------------------------------------------------------- /tools/collect.ml: -------------------------------------------------------------------------------- 1 | let () = match Array.to_list Sys.argv with 2 | | _ :: ext :: features -> features |> List.iter (fun feature -> 3 | let file = feature ^ "." ^ ext ^ ".in" in 4 | if Sys.file_exists file then print_endline file) 5 | | _ -> failwith "Usage: collect extension features..." 6 | -------------------------------------------------------------------------------- /lib/bap_primus/bap_primus_info.mli: -------------------------------------------------------------------------------- 1 | open Bap_knowledge 2 | 3 | type t 4 | 5 | val create : ?long:(unit -> string) -> ?desc:string -> 6 | Knowledge.Name.t -> t 7 | 8 | val name : t -> Knowledge.Name.t 9 | val desc : t -> string 10 | val long : t -> string 11 | val pp : Format.formatter -> t -> unit 12 | -------------------------------------------------------------------------------- /lib/bap_types/bap_ir_callgraph.mli: -------------------------------------------------------------------------------- 1 | open Graphlib.Std 2 | open Bap_ir 3 | 4 | include Graph with type node = tid 5 | and type Node.label = tid 6 | and type Edge.label = jmp term list 7 | 8 | 9 | val create : program term -> t 10 | val pp : Format.formatter -> t -> unit 11 | -------------------------------------------------------------------------------- /plugins/primus_approximation/lisp/math.lisp: -------------------------------------------------------------------------------- 1 | (defun sin (x) 2 | (declare (external "sin")) 3 | (approximate 'sin 64 x)) 4 | 5 | (defun cos (x) 6 | (declare (external "cos")) 7 | (approximate 'cos 64 x)) 8 | 9 | (defun log (x) 10 | (declare (external "log")) 11 | (approximate 'log 64 x)) 12 | -------------------------------------------------------------------------------- /oasis/relation: -------------------------------------------------------------------------------- 1 | Flag relation 2 | Description: Build the relation library 3 | Default: false 4 | 5 | Library bap_relation 6 | Build$: flag(everything) || flag(relation) 7 | Path: lib/bap_relation 8 | FindlibName: bap-relation 9 | BuildDepends: base 10 | Modules: Bap_relation 11 | -------------------------------------------------------------------------------- /plugins/x86/.merlin: -------------------------------------------------------------------------------- 1 | PKG zarith 2 | B ../../_build/plugins/x86 3 | B ../../_build/lib/bap_abi 4 | B ../../_build/lib/bap_api 5 | B ../../_build/lib/x86_cpu 6 | B ../../_build/lib/bap_c 7 | B ../../plugins/x86 8 | B ../../lib/bap_abi 9 | B ../../lib/bap_api 10 | B ../../lib/x86_cpu 11 | B ../../lib/bap_c 12 | REC -------------------------------------------------------------------------------- /lib/arm/arm_mov.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap_core_theory 3 | open Bap.Std 4 | open Arm_types 5 | 6 | val lift : 7 | ?encoding:Theory.language -> 8 | ?dest:op -> 9 | op -> 10 | ?src2:op -> 11 | data_oper -> 12 | ?sreg:op -> 13 | ?simm:op -> 14 | word -> 15 | wflag:op -> 16 | op -> 17 | stmt list 18 | -------------------------------------------------------------------------------- /oasis/ogre: -------------------------------------------------------------------------------- 1 | ######## Ogre library ##### 2 | 3 | Flag ogre 4 | Description: Build ogre library 5 | Default: false 6 | 7 | Library ogre 8 | Build$: flag(everything) || flag(ogre) 9 | Path: lib/ogre 10 | FindlibName: ogre 11 | Modules: Ogre 12 | BuildDepends: core_kernel, monads, ppx_bap 13 | -------------------------------------------------------------------------------- /lib/arm/arm_op.mli: -------------------------------------------------------------------------------- 1 | open Bap.Std 2 | open Regular.Std 3 | 4 | type t = Arm_types.op [@@deriving bin_io, compare, sexp] 5 | include Regular.S with type t := t 6 | 7 | 8 | (** [create op] projects bap generic operand into arm specific. 9 | Floating point operands are currently ignored.*) 10 | val create : op -> t option 11 | -------------------------------------------------------------------------------- /lib/arm/arm_mem.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap.Std 3 | open Arm_types 4 | 5 | val lift_r : 6 | dst1:var -> 7 | ?dst2:var -> 8 | base:var -> 9 | offset:exp -> 10 | mode_r -> 11 | sign -> 12 | size -> 13 | operation -> stmt list 14 | 15 | val lift_m : var list -> var -> mode_m -> update_m -> operation -> stmt list 16 | -------------------------------------------------------------------------------- /lib/bap_riscv/bap_riscv_target.mli: -------------------------------------------------------------------------------- 1 | open Bap_core_theory 2 | 3 | 4 | type r64 and r32 and r8 5 | 6 | type 'a bitv = 'a Theory.Bitv.t Theory.Value.sort 7 | 8 | val parent : Theory.Target.t 9 | val riscv32 : Theory.Target.t 10 | val riscv64 : Theory.Target.t 11 | val llvm32 : Theory.Language.t 12 | val llvm64 : Theory.Language.t 13 | -------------------------------------------------------------------------------- /lib/bap_types/bap_bili.mli: -------------------------------------------------------------------------------- 1 | open Monads.Std 2 | open Bap_bil 3 | open Bap_bili_types 4 | 5 | class context : Context.t 6 | module type S = Bili.S 7 | module Make( M : Monad.State.S2) : S with type ('a,'e) state = ('a,'e) M.t 8 | include S with type ('a,'e) state = ('a,'e) Monad.State.t 9 | val eval : stmt list -> (#context as 'a) -> 'a 10 | -------------------------------------------------------------------------------- /oasis/text-tags: -------------------------------------------------------------------------------- 1 | Flag text_tags 2 | Description: Build text-tags library 3 | Default: false 4 | 5 | Library "text-tags" 6 | Path: lib/text_tags 7 | Build$: flag(everything) || flag(text_tags) 8 | FindlibName: text-tags 9 | CompiledObject: best 10 | BuildDepends: core_kernel, core_kernel.caml_unix 11 | Modules: Text_tags 12 | -------------------------------------------------------------------------------- /lib/bap_dwarf/bap_dwarf.ml: -------------------------------------------------------------------------------- 1 | module Std = struct 2 | module Leb128 = Dwarf_leb128 3 | module Dwarf = struct 4 | include Dwarf_types 5 | module Fbi = Dwarf_fbi 6 | module Data = Dwarf_data 7 | module Buffer = Data.Buffer 8 | module Fn = Fbi.Fn 9 | type fn = Fn.t [@@deriving bin_io, compare, sexp] 10 | end 11 | end 12 | -------------------------------------------------------------------------------- /lib/bap_traces/bap_trace_traces.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | 3 | module Trace = Bap_trace 4 | 5 | let traces = Trace.Id.Table.create () 6 | 7 | let add t = Hashtbl.set traces ~key:(Trace.id t) ~data:t 8 | let remove t = Hashtbl.remove traces (Trace.id t) 9 | let to_list () = Hashtbl.data traces 10 | let enum () = to_list () |> Sequence.of_list 11 | -------------------------------------------------------------------------------- /lib/bitvec_sexp/bitvec_sexp.ml: -------------------------------------------------------------------------------- 1 | open Sexplib0 2 | 3 | type t = Bitvec.t 4 | 5 | module Functions = struct 6 | let sexp_of_t x = Sexp.Atom (Bitvec.to_string x) 7 | let t_of_sexp = function 8 | | Sexp.Atom x -> Bitvec.of_string x 9 | | _ -> invalid_arg "Bitvec_sexp: expects an atom, got list" 10 | end 11 | 12 | include Functions 13 | -------------------------------------------------------------------------------- /oasis/microx: -------------------------------------------------------------------------------- 1 | Flag microx 2 | Description: Build microx library 3 | Default: false 4 | 5 | Library microx 6 | Build$: flag(everything) || flag(microx) 7 | Path: lib/microx 8 | FindlibName: bap-microx 9 | BuildDepends: bap, monads, core_kernel, ppx_bap 10 | Modules: Microx, Microx_concretizer, Microx_conqueror 11 | -------------------------------------------------------------------------------- /oasis/toplevel: -------------------------------------------------------------------------------- 1 | Flag toplevel 2 | Description: Build the baptop utility 3 | Default: false 4 | 5 | Executable "baptop" 6 | Path: src 7 | MainIs: baptop.ml 8 | Build$: flag(everything) || flag(toplevel) 9 | ByteOpt: -thread 10 | CompiledObject: byte 11 | BuildDepends: utop, threads, findlib.dynload 12 | -------------------------------------------------------------------------------- /plugins/stub_resolver/stub_resolver.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap.Std 3 | open Bap_core_theory 4 | open Bap_knowledge 5 | 6 | type t 7 | 8 | (** [run prog] - returns the mapping from 9 | stubs to implementations *) 10 | val run : program term -> t 11 | 12 | val stubs : t -> Set.M(Tid).t 13 | 14 | val links : t -> tid Map.M(Tid).t 15 | -------------------------------------------------------------------------------- /plugins/thumb/thumb_bits.ml: -------------------------------------------------------------------------------- 1 | open Bap_core_theory 2 | open Base 3 | open KB.Syntax 4 | open Thumb_core 5 | 6 | module Make(CT : Theory.Core) = struct 7 | open Thumb_core.Make(CT) 8 | open Syntax 9 | 10 | let sx rd rm = 11 | rd <-? CT.signed s32 (var rm) 12 | 13 | let ux rd rm = 14 | rd <-? CT.unsigned s32 (var rm) 15 | end 16 | -------------------------------------------------------------------------------- /tools/bapbuild.ml: -------------------------------------------------------------------------------- 1 | open Ocamlbuild_plugin 2 | open Bap_build.Std 3 | 4 | 5 | let main () = 6 | Plugin_options.set (); 7 | Ocamlbuild_plugin.dispatch (function 8 | | Before_rules -> Plugin_rules.install () 9 | | _ -> ()); 10 | Ocamlbuild_unix_plugin.setup (); 11 | Ocamlbuild_pack.Main.main () 12 | 13 | let () = main () 14 | -------------------------------------------------------------------------------- /lib/bap_ghidra/bap_ghidra.ml: -------------------------------------------------------------------------------- 1 | external ghidra_init : string -> bool -> int = "disasm_ghidra_init_stub" 2 | 3 | let init ?(paths=["/usr/share/ghidra"]) ?(print_targets=false) () = 4 | let paths = String.concat ":" paths in 5 | if ghidra_init paths print_targets < 0 then 6 | failwith "failed to initialize ghidra backend. See stderr for information" 7 | -------------------------------------------------------------------------------- /lib/bap_primus/bap_primus_main.mli: -------------------------------------------------------------------------------- 1 | open Bap_knowledge 2 | open Bap.Std 3 | open Bap_primus_types 4 | 5 | module Main(M : Machine) : sig 6 | val run : 7 | ?envp:string array -> 8 | ?args:string array -> 9 | project -> 10 | unit M.t -> 11 | (exit_status * project) M.m 12 | end 13 | 14 | val add_component : component -> unit 15 | -------------------------------------------------------------------------------- /oasis/bitvec-sexp: -------------------------------------------------------------------------------- 1 | Flag bitvec_sexp 2 | Description: Provides sexp converters for bitvectors 3 | Default: false 4 | 5 | Library bitvec_sexp 6 | Build$: flag(everything) || flag(bitvec_sexp) 7 | Path: lib/bitvec_sexp 8 | FindlibName: bitvec-sexp 9 | CompiledObject: best 10 | BuildDepends: bitvec, sexplib0 11 | Modules: Bitvec_sexp 12 | -------------------------------------------------------------------------------- /plugins/constant_tracker/lisp/check-null-pointers.lisp: -------------------------------------------------------------------------------- 1 | (defun check-null-pointer (ptr) 2 | (when (and (not ptr) (all-static-constant ptr)) 3 | (incident-report 'null-pointer-dereference (incident-location)))) 4 | 5 | (defmethod loading (ptr) 6 | (check-null-pointer ptr)) 7 | 8 | (defmethod storing (ptr) 9 | (check-null-pointer ptr)) 10 | -------------------------------------------------------------------------------- /plugins/phoenix/phoenix_dot.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap.Std 3 | 4 | module Make(Env : sig 5 | val project : project 6 | val options : Phoenix_options.t 7 | module Target : Target 8 | end) : sig 9 | val fprint_graph : Format.formatter -> Symtab.fn -> unit 10 | val output_graph : Out_channel.t -> Symtab.fn -> unit 11 | end 12 | -------------------------------------------------------------------------------- /lib/bap_disasm/bap_disasm_linear_sweep.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap_types.Std 3 | open Bap_image_std 4 | 5 | type insn = Bap_disasm_insn.t 6 | 7 | type t = (mem * insn option) list 8 | 9 | val sweep : ?backend:string -> arch -> mem -> t Or_error.t 10 | 11 | module With_exn : sig 12 | val sweep : ?backend:string -> arch -> mem -> t 13 | end 14 | -------------------------------------------------------------------------------- /lib/bap_types/bap_eval.mli: -------------------------------------------------------------------------------- 1 | open Monads.Std 2 | open Bap_eval_types 3 | 4 | module type S = Eval.S 5 | module type S2 = Eval.S2 6 | module Make2(M : Monad.S2) : S2 with type ('a,'e) m := ('a,'e) M.t 7 | and module M := M 8 | module Make(M : Monad.S) : S with type 'a m := 'a M.t 9 | and module M := M 10 | -------------------------------------------------------------------------------- /oasis/knowledge: -------------------------------------------------------------------------------- 1 | Flag knowledge 2 | Description: Build the knowledge library 3 | Default: false 4 | 5 | Library knowledge 6 | Build$: flag(everything) || flag(knowledge) 7 | Path: lib/knowledge 8 | FindlibName: bap-knowledge 9 | CompiledObject: best 10 | BuildDepends: core_kernel, core_kernel.caml_unix, monads, ppx_bap 11 | Modules: Bap_knowledge 12 | -------------------------------------------------------------------------------- /plugins/arm/.merlin: -------------------------------------------------------------------------------- 1 | REC 2 | 3 | B ../../_build 4 | B ../../_build/lib/bap_c 5 | B ../../_build/lib/arm 6 | B ../../_build/lib/bap_api 7 | B ../../_build/lib/bap_abi 8 | 9 | B ../../lib/bap_c 10 | B ../../lib/arm 11 | B ../../lib/bap_api 12 | B ../../lib/bap_abi 13 | 14 | S ../../lib/bap_c 15 | S ../../lib/arm 16 | S ../../lib/bap_api 17 | S ../../lib/bap_abi 18 | -------------------------------------------------------------------------------- /plugins/primus_lisp/site-lisp/setjmp.lisp: -------------------------------------------------------------------------------- 1 | (in-package posix) 2 | 3 | (defun setjmp (_) 4 | (declare (external "setjmp" "_setjmp")) 5 | 0) 6 | 7 | (defun sigsetjmp (_ _) 8 | (declare (external "sigsetjmp" "_sigsetjmp")) 9 | 0) 10 | 11 | (defun longjmp (_ _) 12 | (declare (external "longjmp" "_longjmp" "siglongjmp" "_siglongjmp")) 13 | (exit 1)) 14 | -------------------------------------------------------------------------------- /lib/bap_types/bap_biri.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Monads.Std 3 | open Bap_result 4 | open Bap_ir 5 | open Bap_biri_types 6 | 7 | class context : ?main : sub term -> program term -> Context.t 8 | module type S = Biri.S 9 | 10 | module Make(M : Monad.State.S2) : S with type ('a,'e) state = ('a,'e) M.t 11 | include S with type ('a,'e) state = ('a,'e) Monad.State.t 12 | -------------------------------------------------------------------------------- /oasis/bitvec-order: -------------------------------------------------------------------------------- 1 | Flag bitvec_order 2 | Description: Provides comparators for use with JS Core 3 | Default: false 4 | 5 | Library bitvec_order 6 | Build$: flag(everything) || flag(bitvec_order) 7 | Path: lib/bitvec_order 8 | FindlibName: bitvec-order 9 | CompiledObject: best 10 | BuildDepends: base, bitvec, bitvec-sexp 11 | Modules: Bitvec_order 12 | -------------------------------------------------------------------------------- /lib/arm/arm_bit.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap.Std 3 | open Arm_types 4 | 5 | 6 | 7 | val extend : dest:op -> src:op -> ?src2:op -> sign -> [< `B | `H ] -> rot:op -> op -> stmt list 8 | 9 | val bit_field_insert : dest:op -> src:op -> Word.t -> op -> stmt list 10 | 11 | 12 | val bit_extract : dest:op -> src:op -> sign -> lsb:op -> widthminus1:op -> op -> stmt list 13 | -------------------------------------------------------------------------------- /lib/bap_c/bap_c_parser.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | 3 | type decls = (string * Bap_c_type.t) list 4 | type parser = Bap_c_size.base -> string -> decls Or_error.t 5 | 6 | let parser = ref None 7 | let provide p = parser := Some p 8 | 9 | let run size file = match !parser with 10 | | None -> Or_error.error_string "C parser is not available" 11 | | Some parse -> parse size file 12 | -------------------------------------------------------------------------------- /plugins/primus_lisp/site-lisp/limit-malloc.lisp: -------------------------------------------------------------------------------- 1 | ;; up to 4 Mb each chunk, up to 128 Mbytes total 2 | (in-package posix) 3 | 4 | (defmethod init () 5 | (set *malloc-max-chunk-size* (* 4 1024 1024)) 6 | (set *malloc-guard-edges* 0) 7 | (set *malloc-max-arena-size* (* 32 *malloc-max-chunk-size*)) 8 | (set *malloc-arena-start* brk) 9 | (set *malloc-zero-sentinel* 0)) 10 | -------------------------------------------------------------------------------- /lib/bap_disasm/bap_disasm_source_intf.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap_types.Std 3 | open Bap_image_std 4 | open Bap_future.Std 5 | 6 | type 'a t = 'a Or_error.t stream 7 | type 'a source = 'a t 8 | 9 | module type Factory = sig 10 | type t 11 | val list : unit -> string list 12 | val find : string -> t source option 13 | val register : string -> t source -> unit 14 | end 15 | -------------------------------------------------------------------------------- /lib/bap_types/bap_context.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap_result 3 | open Bap_common 4 | open Bap_bil 5 | 6 | type delta = result Bap_var.Map.t 7 | 8 | class t = object 9 | val delta : delta = Bap_var.Map.empty 10 | method lookup = Map.find delta 11 | method update key data = {< delta = Map.set delta ~key ~data >} 12 | method bindings = Map.to_sequence delta 13 | end 14 | -------------------------------------------------------------------------------- /oasis/bitvec-binprot: -------------------------------------------------------------------------------- 1 | Flag bitvec_binprot 2 | Description: Enables support for Core's Binprot protocol 3 | Default: false 4 | 5 | Library bitvec_binprot 6 | Build$: flag(everything) || flag(bitvec_binprot) 7 | Path: lib/bitvec_binprot 8 | FindlibName: bitvec-binprot 9 | CompiledObject: best 10 | BuildDepends: bitvec, bin_prot, ppx_bap 11 | Modules: Bitvec_binprot 12 | -------------------------------------------------------------------------------- /lib/arm/arm_mul.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap.Std 3 | open Arm_types 4 | 5 | val lift_mull : 6 | lodest:op -> 7 | hidest:op -> 8 | src1:op -> src2:op -> sign -> ?addend:'a -> wflag:op -> op -> stmt list 9 | 10 | val lift_smul : 11 | dest:op -> 12 | ?hidest:op -> 13 | src1:op -> 14 | src2:op -> 15 | ?accum:op -> ?hiaccum:op -> ?q:bool -> smul_size -> op -> stmt list 16 | -------------------------------------------------------------------------------- /lib/bap_image/bap_image_std.ml: -------------------------------------------------------------------------------- 1 | (** bring to scope some basic types like [mem] and [table] *) 2 | include Image_internal_std 3 | 4 | module Image = Bap_image 5 | module Segment = Image.Segment 6 | module Symbol = Image.Symbol 7 | 8 | type image = Image.t 9 | type symbol = Symbol.t [@@deriving bin_io, compare, sexp] 10 | type segment = Segment.t [@@deriving bin_io, compare, sexp] 11 | -------------------------------------------------------------------------------- /lib/bitvec_binprot/bitvec_binprot.ml: -------------------------------------------------------------------------------- 1 | open Bin_prot.Std 2 | type t = Bitvec.t 3 | module Functions = Bin_prot.Utils.Make_binable(struct 4 | module Binable = struct 5 | type t = string [@@deriving bin_io] 6 | end 7 | type t = Bitvec.t 8 | let to_binable = Bitvec.to_binary 9 | let of_binable = Bitvec.of_binary 10 | end) [@@warning "-D"] 11 | include Functions 12 | -------------------------------------------------------------------------------- /oasis/elementary: -------------------------------------------------------------------------------- 1 | Flag elementary 2 | Description: Build the bap-elementary library 3 | Default: false 4 | 5 | Library bap_elementary 6 | Build$: flag(everything) || flag(elementary) 7 | Path: lib/bap_elementary 8 | FindlibName: bap-elementary 9 | CompiledObject: best 10 | BuildDepends: bap, bap-knowledge, bap-core-theory, core_kernel, bitvec 11 | Modules: Bap_elementary 12 | -------------------------------------------------------------------------------- /lib/bap_primus/bap_primus_lisp_index.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | 3 | type ('a,'i,'e) interned = { 4 | data : 'a; 5 | id : 'i; 6 | eq : 'e; 7 | } 8 | 9 | module type S = sig 10 | type t [@@deriving sexp_of] 11 | val null : t 12 | val next : t -> t 13 | val pp : Format.formatter -> t -> unit 14 | include Comparable.S_plain with type t := t 15 | end 16 | 17 | module Make() : S 18 | -------------------------------------------------------------------------------- /lib/bap_primus/bap_primus_lisp_parse.mli: -------------------------------------------------------------------------------- 1 | open Bap.Std 2 | 3 | module Context = Bap_primus_lisp_context 4 | module Program = Bap_primus_lisp_program 5 | 6 | type error 7 | 8 | val program : ?paths:string list -> Project.t -> string list -> 9 | (Program.t,error) result 10 | 11 | val pp_error : Format.formatter -> error -> unit 12 | val pp_program : Format.formatter -> Program.t -> unit 13 | -------------------------------------------------------------------------------- /plugins/ssa/ssa_main.ml: -------------------------------------------------------------------------------- 1 | open Bap.Std 2 | include Self() 3 | 4 | let main = Project.map_program ~f:(Term.map sub_t ~f:Sub.ssa) 5 | 6 | ;; 7 | Config.manpage [ 8 | `S "SYNOPSIS"; 9 | `Pre " 10 | $(b,mname) 11 | "; 12 | `S "DESCRIPTION"; 13 | `P "Translates the whole program into the SSA form"; 14 | ] 15 | 16 | let () = Config.when_ready (fun _ -> Project.register_pass main);; 17 | -------------------------------------------------------------------------------- /lib/bap_disasm/bap_insn_aliasing.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap_types.Std 3 | 4 | module Dis = Bap_disasm_basic 5 | module Memory = Bap_memory 6 | 7 | let is_exec_ok gmem_min gmem_max lmem = 8 | Addr.((Memory.min_addr lmem) >= gmem_min) && 9 | Addr.((Memory.max_addr lmem) <= gmem_max) 10 | 11 | let targ_in_mem gmem_min gmem_max addr = 12 | Addr.(addr >= gmem_min && addr < gmem_max) 13 | -------------------------------------------------------------------------------- /lib/bap_types/bap_arch.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap_core_theory 3 | open Regular.Std 4 | open Bap_common 5 | 6 | val of_string : string -> arch option 7 | 8 | val addr_size : arch -> addr_size 9 | 10 | val endian : arch -> endian 11 | 12 | val slot : (Theory.program, arch) KB.slot 13 | 14 | val unit_slot : (Theory.Unit.cls, arch) KB.slot 15 | 16 | include Regular.S with type t := arch 17 | -------------------------------------------------------------------------------- /plugins/phoenix/phoenix_helpers.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap.Std 3 | 4 | (** [bil_of_block blk] *) 5 | 6 | module Make(Env : sig 7 | val options : Phoenix_options.t 8 | val project : project 9 | module Target : Target 10 | end) : sig 11 | val bil_of_block : block -> bil 12 | val bil_of_insns : (mem * insn) list -> bil 13 | val bil_of_insn : mem * insn -> bil 14 | end 15 | -------------------------------------------------------------------------------- /lib/bap_types/bap_type.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Regular.Std 3 | open Bap_common 4 | 5 | module Export : sig 6 | val bool_t : typ 7 | val reg8_t : typ 8 | val reg16_t : typ 9 | val reg32_t : typ 10 | val reg64_t : typ 11 | val reg128_t: typ 12 | val reg256_t: typ 13 | val mem32_t : size -> typ 14 | val mem64_t : size -> typ 15 | end 16 | 17 | include Regular.S with type t := typ 18 | -------------------------------------------------------------------------------- /oasis/raw: -------------------------------------------------------------------------------- 1 | Flag raw 2 | Description: Builds the raw loader plugin 3 | Default: false 4 | 5 | Library bap_raw_plugin 6 | Build$: flag(everything) || flag(raw) 7 | Path: plugins/raw 8 | FindlibName: bap-plugin-raw 9 | CompiledObject: best 10 | BuildDepends: bap, core_kernel, ppx_bap, bap-main, bitvec, ogre, core_kernel.caml_unix 11 | Modules: Raw_main 12 | -------------------------------------------------------------------------------- /oasis/ssa: -------------------------------------------------------------------------------- 1 | Flag ssa 2 | Description: Build the SSA plugin 3 | Default: false 4 | 5 | 6 | Library ssa_plugin 7 | Build$: flag(everything) || flag(ssa) 8 | XMETADescription: translates a program into the SSA form 9 | Path: plugins/ssa 10 | FindlibName: bap-plugin-ssa 11 | CompiledObject: best 12 | BuildDepends: bap 13 | InternalModules: Ssa_main 14 | XMETAExtraLines: tags="pass,analysis,ssa" 15 | -------------------------------------------------------------------------------- /plugins/stub_resolver/run_stub_resolver_tests.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open OUnit2 3 | 4 | let suite = "Stub_resolver" >::: [ 5 | Stub_resolver_tests.suite; 6 | ] 7 | 8 | let () = 9 | match Bap_main.init () with 10 | | Error err -> 11 | Format.eprintf "Failed to initialize BAP: %a@\n%!" 12 | Bap_main.Extension.Error.pp err; 13 | exit 1; 14 | | Ok () -> 15 | run_test_tt_main suite 16 | -------------------------------------------------------------------------------- /plugins/cache/bap_cache.mli: -------------------------------------------------------------------------------- 1 | (** All operations in this module are atomic. *) 2 | 3 | open Bap_cache_types 4 | 5 | val init : unit -> unit 6 | 7 | val size : unit -> int 8 | 9 | val set_root : string -> unit 10 | 11 | val root : unit -> string 12 | 13 | val data : unit -> string 14 | 15 | val gc_threshold : config -> int 16 | 17 | val read_config : unit -> config 18 | 19 | val write_config : config -> unit 20 | -------------------------------------------------------------------------------- /plugins/phoenix/phoenix_options.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap.Std 3 | 4 | type label_format = [ `with_asm | `with_bil | `with_name ] 5 | [@@deriving sexp] 6 | 7 | type t = { 8 | output_folder : string; 9 | cfg_format : label_format list; 10 | no_resolve : bool; 11 | keep_alive : bool; 12 | no_inline : bool; 13 | keep_consts : bool; 14 | no_optimizations : bool; 15 | } [@@deriving sexp, fields] 16 | -------------------------------------------------------------------------------- /plugins/primus_lisp/site-lisp/errno.lisp: -------------------------------------------------------------------------------- 1 | (in-package posix) 2 | (declare (visibility :private)) 3 | 4 | (require posix) 5 | (require types) 6 | 7 | (declare (static errno-location)) 8 | 9 | (defmethod init () 10 | (set errno-location brk) 11 | (+= brk (sizeof int))) 12 | 13 | (defun errno-location () 14 | (declare (visibility :public) 15 | (external "__errno_location")) 16 | errno-location) 17 | -------------------------------------------------------------------------------- /lib/bap_primus/bap_primus_analysis.ml: -------------------------------------------------------------------------------- 1 | open Bap.Std 2 | open Bap_knowledge 3 | 4 | module Machine = struct 5 | type 'a m = 'a Knowledge.t 6 | include Bap_primus_machine.Make(Knowledge) 7 | let collect p o = lift (Knowledge.collect p o) 8 | let resolve p o = lift (Knowledge.resolve p o) 9 | let provide p o x = lift (Knowledge.provide p o x) 10 | let suggest a p o x = lift (Knowledge.suggest a p o x) 11 | end 12 | -------------------------------------------------------------------------------- /lib/bap_types/bap_expi.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Monads.Std 3 | open Bap_common 4 | open Bap_bil 5 | open Bap_result 6 | open Bap_type_error 7 | open Bap_expi_types 8 | 9 | class context : Context.t 10 | 11 | module type S = Expi.S 12 | module Make(M : Monad.State.S2) : S with type ('a,'e) state = ('a,'e) M.t 13 | 14 | include S with type ('a,'e) state = ('a,'e) Monad.State.t 15 | 16 | val eval : exp -> value 17 | -------------------------------------------------------------------------------- /.github/workflows/alpine.yml: -------------------------------------------------------------------------------- 1 | name: Alpine 2 | 3 | on: 4 | schedule: 5 | - cron: "0 0 * * MON" 6 | 7 | jobs: 8 | build: 9 | runs-on: ubuntu-latest 10 | steps: 11 | - name: Checkout code 12 | uses: actions/checkout@v2 13 | 14 | - name: Build on Alpine 15 | uses: docker/build-push-action@v2 16 | with: 17 | push: false 18 | file: docker/alpine/Dockerfile 19 | -------------------------------------------------------------------------------- /.github/workflows/fedora.yml: -------------------------------------------------------------------------------- 1 | name: Fedora 2 | 3 | on: 4 | schedule: 5 | - cron: "0 0 * * THU" 6 | 7 | jobs: 8 | build: 9 | runs-on: ubuntu-latest 10 | steps: 11 | - name: Checkout code 12 | uses: actions/checkout@v2 13 | 14 | - name: Build on Fedora 15 | uses: docker/build-push-action@v2 16 | with: 17 | push: false 18 | file: docker/fedora/Dockerfile 19 | -------------------------------------------------------------------------------- /lib/bap_types/bap_bil_pass.mli: -------------------------------------------------------------------------------- 1 | open Bap_bil 2 | open Regular.Std 3 | 4 | type pass 5 | 6 | val register_pass : ?desc:string -> string -> (bil -> bil) -> pass 7 | 8 | val passes : unit -> pass list 9 | 10 | val select_passes : pass list -> unit 11 | 12 | val selected_passes : unit -> (bil -> bil) list 13 | 14 | module Pass_pp : sig 15 | val name : pass -> string 16 | include Printable.S with type t := pass 17 | end 18 | -------------------------------------------------------------------------------- /oasis/monads: -------------------------------------------------------------------------------- 1 | Flag monads 2 | Description: Build monad library 3 | Default: false 4 | 5 | Library monads 6 | Build$: flag(everything) || flag(monads) 7 | Path: lib/monads 8 | FindlibName: monads 9 | CompiledObject: best 10 | BuildDepends: core_kernel, ppx_bap, core_kernel.rope 11 | Modules: Monads 12 | InternalModules: Monads_monad, 13 | Monads_monoid, 14 | Monads_types 15 | -------------------------------------------------------------------------------- /lib_test/x86/run_x86_tests.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open OUnit2 3 | open Bap_plugins.Std 4 | 5 | let suite = "X86" >::: [ 6 | Test_pshufb.suite; 7 | Test_pcmp.suite; 8 | ] 9 | 10 | 11 | let () = 12 | match Bap_main.init () with 13 | | Error err -> 14 | Format.eprintf "Failed to initialize BAP: %a@\n%!" 15 | Bap_main.Extension.Error.pp err; 16 | exit 1; 17 | | Ok () -> 18 | run_test_tt_main suite 19 | -------------------------------------------------------------------------------- /plugins/primus_lisp/site-lisp/locale.lisp: -------------------------------------------------------------------------------- 1 | (in-package posix) 2 | 3 | (require types) 4 | 5 | (defparameter *lconv-size* (* 20 (sizeof ptr_t))) 6 | 7 | (declare (static LCONV)) 8 | 9 | (defmethod init () 10 | (set LCONV brk) 11 | (+= brk *lconv-size*)) 12 | 13 | (defun setlocale (_ locale) 14 | (declare (external "setlocale")) 15 | locale) 16 | 17 | (defun lconv () 18 | (declare (external "lconv")) 19 | LCONV) 20 | -------------------------------------------------------------------------------- /.github/workflows/archlinux.yml: -------------------------------------------------------------------------------- 1 | name: Archlinux 2 | 3 | on: 4 | schedule: 5 | - cron: "0 0 * * TUE" 6 | 7 | jobs: 8 | build: 9 | runs-on: ubuntu-latest 10 | steps: 11 | - name: Checkout code 12 | uses: actions/checkout@v2 13 | 14 | - name: Build on Archlinux 15 | uses: docker/build-push-action@v2 16 | with: 17 | push: false 18 | file: docker/archlinux/Dockerfile 19 | -------------------------------------------------------------------------------- /lib/bap_abi/bap_abi.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap.Std 3 | 4 | 5 | let passes : (project -> project) list ref = ref [] 6 | 7 | let pass proj = 8 | List.fold !passes ~init:proj ~f:(fun proj pass -> 9 | pass proj) 10 | 11 | let register_pass pass = 12 | passes := pass :: !passes 13 | 14 | 15 | let name = Value.Tag.register (module String) 16 | ~uuid:"ce10e129-4cae-4f49-9b21-8e00d3635067" 17 | ~name:"abi-name" 18 | -------------------------------------------------------------------------------- /plugins/primus_approximation/lisp/test.lisp: -------------------------------------------------------------------------------- 1 | (require math) 2 | 3 | (defmethod init () 4 | (msg "hello from math $0" (sin 4611686018427387904:64)) 5 | (msg "hello from math sin(316.159265358979326) = $0" (sin 4644269548807471931:64)) 6 | (msg "hello from math sin(7853981635.97448254) = $0" (sin 4755029503896426363:64)) 7 | (msg "hello from math sin(8.28318530717958623) = $0" (sin 4620852636837615244:64)) 8 | ) 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /oasis/frontend: -------------------------------------------------------------------------------- 1 | Flag frontend 2 | Description: Build the bap command line utility 3 | Default: false 4 | 5 | Executable "bap" 6 | Path: src 7 | MainIs: bap_frontend.ml 8 | Build$: flag(everything) || flag(frontend) 9 | NativeOpt: -thread 10 | CompiledObject: best 11 | BuildDepends: bap-main, bap, bap-core-theory, bap-knowledge, 12 | core_kernel, ppx_bap, findlib.dynload, regular 13 | -------------------------------------------------------------------------------- /tools/ocp-indent-all.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # a regex for files to indent 4 | files_to_indent='.*\.\(ml\|mli\|mll\|mly\)$' 5 | 6 | VERSION=$(ocp-indent --version) 7 | 8 | if [ -z $VERSION ]; then 9 | echo "Please install ocp-indent" 10 | exit 1 11 | else 12 | echo "Reindenting with ocp-indent $VERSION" 13 | fi 14 | 15 | git ls-files | grep -e $files_to_indent | while read file 16 | do 17 | ocp-indent -i $file 18 | done 19 | -------------------------------------------------------------------------------- /lib/bap_image/image_internal_std.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap_types.Std 3 | 4 | include Image_common 5 | 6 | module Table = Bap_table 7 | type 'a table = 'a Table.t [@@deriving sexp_of] 8 | 9 | module Backend = Image_backend 10 | type backend = Backend.t 11 | 12 | module Memory = Bap_memory 13 | type mem = Memory.t [@@deriving bin_io, sexp_of] 14 | 15 | module Memmap = Bap_memmap 16 | type 'a memmap = 'a Memmap.t [@@deriving sexp_of] 17 | -------------------------------------------------------------------------------- /lib/bap_types/bap_int_conversions.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Or_error 3 | 4 | 5 | let to_int conv sexp v = match conv v with 6 | | Some v -> Ok v 7 | | None -> error "doesn't fit into int" v sexp 8 | 9 | 10 | let int_of_int64 = to_int Int64.to_int Int64.sexp_of_t 11 | let int_of_int32 = to_int Int32.to_int Int32.sexp_of_t 12 | let int_of_nativeint = to_int Nativeint.to_int Nativeint.sexp_of_t 13 | let int_of_word = Bap_bitvector.to_int 14 | -------------------------------------------------------------------------------- /oasis/recipe: -------------------------------------------------------------------------------- 1 | Flag recipe 2 | Description: Build the BAP recipe library 3 | Default: false 4 | 5 | Library recipe 6 | Build$: flag(everything) || flag(recipe) 7 | Path: lib/bap_recipe 8 | FindlibName: bap-recipe 9 | CompiledObject: best 10 | BuildDepends: stdlib-shims, base, stdio, parsexp, fileutils, camlzip, uuidm 11 | Modules: Bap_recipe 12 | XMETADescription: stores command line parameters and resources in a single file 13 | -------------------------------------------------------------------------------- /lib/bap_api/bap_api.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap.Std 3 | 4 | type filename = string 5 | type api = string 6 | 7 | module type S = sig 8 | type t 9 | val language : string 10 | val parse : (string -> string option) -> string list -> t Or_error.t 11 | val mapper : t -> Term.mapper 12 | end 13 | 14 | type t = (module S) 15 | 16 | let registry = ref [] 17 | let process api = registry := api :: !registry 18 | let processors () = !registry 19 | -------------------------------------------------------------------------------- /lib/bap_disasm/bap_disasm_stub_lifter.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap_types.Std 3 | open Bap_image_std 4 | open Bap_disasm_types 5 | open Bap_disasm_abi 6 | 7 | val lift : mem -> ('a,'k) Basic.insn -> stmt list Or_error.t 8 | 9 | module CPU : CPU 10 | 11 | module ABI : sig 12 | val register : abi_constructor -> unit 13 | val create : ?merge:(abi list -> abi) -> abi_constructor 14 | include module type of Bap_disasm_abi_helpers 15 | end 16 | -------------------------------------------------------------------------------- /.github/workflows/debian-testing.yml: -------------------------------------------------------------------------------- 1 | name: Debian-testing 2 | 3 | on: 4 | schedule: 5 | - cron: "0 0 * * WED" 6 | 7 | jobs: 8 | build: 9 | runs-on: ubuntu-latest 10 | steps: 11 | - name: Checkout code 12 | uses: actions/checkout@v2 13 | 14 | - name: Build on Debian Testing 15 | uses: docker/build-push-action@v2 16 | with: 17 | push: false 18 | file: docker/debian/testing/Dockerfile 19 | -------------------------------------------------------------------------------- /.github/workflows/ubuntu-bionic.yml: -------------------------------------------------------------------------------- 1 | name: Ubuntu-bionic 2 | 3 | on: 4 | schedule: 5 | - cron: "0 0 * * FRI" 6 | 7 | jobs: 8 | build: 9 | runs-on: ubuntu-latest 10 | steps: 11 | - name: Checkout code 12 | uses: actions/checkout@v2 13 | 14 | - name: Build on Ubuntu Bionic 15 | uses: docker/build-push-action@v2 16 | with: 17 | push: false 18 | file: docker/ubuntu/bionic/Dockerfile 19 | -------------------------------------------------------------------------------- /oasis/strings: -------------------------------------------------------------------------------- 1 | Flag strings 2 | Description: Build strings plugin 3 | Default: false 4 | 5 | Library strings_plugin 6 | Build$: flag(everything) || flag(strings) 7 | Path: plugins/strings 8 | FindlibName: bap-plugin-strings 9 | BuildDepends: bap, bap-strings, bap-beagle-prey, core_kernel, regular 10 | InternalModules: Strings_main 11 | XMETAExtraLines: tags="pass, strings" 12 | XMETADescription: find strings of characters 13 | -------------------------------------------------------------------------------- /plugins/arm/semantics/thumb-patterns.lisp: -------------------------------------------------------------------------------- 1 | (in-package bap) 2 | 3 | (declare (context (target arm))) 4 | 5 | (defmethod bap:patterns-action (action addr attrs) 6 | (when (= action 'setcontext) 7 | (let ((name (patterns-attribute attrs :name)) 8 | (mode (patterns-attribute attrs :value))) 9 | (when (and name mode (= name 'TMode)) 10 | (let ((lang (if (= mode '1) :T32 :A32))) 11 | (arm-set-encoding addr lang)))))) 12 | -------------------------------------------------------------------------------- /lib/bap_disasm/bap_disasm_calls.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap_core_theory 3 | open Graphlib.Std 4 | open Bap_types.Std 5 | module Driver = Bap_disasm_driver 6 | 7 | type t [@@deriving bin_io] 8 | 9 | val empty : t 10 | val equal : t -> t -> bool 11 | val update : t -> Driver.state -> t KB.t 12 | val belongs : t -> entry:addr -> addr -> bool 13 | val entries : t -> Set.M(Addr).t 14 | val siblings : t -> addr -> addr -> bool 15 | val domain : t KB.domain 16 | -------------------------------------------------------------------------------- /lib/bap_sema/bap_sema_lift.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap_types.Std 3 | open Bap_image_std 4 | open Bap_disasm_std 5 | open Bap_ir 6 | 7 | val program : symtab -> program term 8 | val sub : block -> cfg -> sub term 9 | val blk : cfg -> block -> blk term list 10 | val insn : ?addr:addr -> insn -> blk term list 11 | 12 | val insns : 13 | ?fall:[`Inter of Ir_jmp.dst | `Intra of Ir_jmp.dst ] -> 14 | ?addr:addr -> 15 | insn list -> 16 | blk term list 17 | -------------------------------------------------------------------------------- /oasis/ida.setup.ml.in: -------------------------------------------------------------------------------- 1 | 2 | let define_headless = function 3 | | Some "true" when BaseEnv.var_get "system" <> "linux" -> 4 | invalid_arg "headless mode is supported only on linux" 5 | | None -> "false" 6 | | Some ("true"|"1"|"yes") -> "true" 7 | | Some _ -> "false" 8 | 9 | let () = 10 | add_variable ~doc:"A directory with IDA Pro" "ida_path"; 11 | add_variable ~define:define_headless 12 | ~doc:"Run IDA in a headless mode" "ida_headless" 13 | -------------------------------------------------------------------------------- /lib/bap_core_theory/bap_core_theory_pass.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap_knowledge 3 | open Bap_core_theory_definition 4 | 5 | module type trans = functor (_ : Core) -> Core 6 | 7 | 8 | val register : 9 | ?desc:string -> 10 | ?package:string -> string -> (module trans) -> unit 11 | 12 | val lookup : Knowledge.Name.t -> (module trans) 13 | 14 | val apply : Knowledge.Name.t list -> (module Core) -> (module Core) 15 | 16 | module Desugar(CT : Core) : Core 17 | -------------------------------------------------------------------------------- /lib/bap_ghidra/ghidra_stubs.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | #include 6 | 7 | #include "ghidra_disasm.h" 8 | 9 | value disasm_ghidra_init_stub(value paths, value print_targets) { 10 | CAMLparam2(paths, print_targets); 11 | char *s = strdup(String_val(paths)); 12 | int r = Val_int(disasm_ghidra_init(s, Bool_val(print_targets))); 13 | free(s); 14 | CAMLreturn(r); 15 | } 16 | -------------------------------------------------------------------------------- /lib/bap_llvm/bap_llvm.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | 3 | let strip_version ver = 4 | if String.length ver <> 5 then ver 5 | else String.sub ver 0 3 6 | 7 | 8 | module Std = struct 9 | type x86_syntax = [`att | `intel] [@@deriving sexp] 10 | 11 | let llvm_version = strip_version Bap_llvm_config.version 12 | let init_disassembler = Bap_llvm_disasm.init 13 | let init_loader ?base ?pdb_path () = 14 | ok_exn @@ Bap_llvm_loader.init ?base ?pdb_path () 15 | end 16 | -------------------------------------------------------------------------------- /lib/bap_primus/bap_primus_lisp_var.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap_core_theory 3 | open Bap_primus_lisp_types 4 | 5 | type t = var [@@deriving compare, sexp_of] 6 | include Comparable.S_plain with type t := t 7 | val to_string : t -> string 8 | 9 | 10 | type read_error = Empty | Not_a_var | Bad_type | Bad_format 11 | 12 | val read : ?package:string -> Id.t -> Eq.t -> string -> (t,read_error) result 13 | val reify : width:int -> t -> 'a Theory.Bitv.t Theory.Var.t 14 | -------------------------------------------------------------------------------- /oasis/warn-unused: -------------------------------------------------------------------------------- 1 | Flag warn_unused 2 | Description: Build a warn-unused plugin 3 | Default: false 4 | 5 | Library warn_unused_plugin 6 | Build$: flag(everything) || flag(warn_unused) 7 | Path: plugins/warn_unused 8 | FindlibName: bap-plugin-warn_unused 9 | BuildDepends: bap, core_kernel 10 | InternalModules: Warn_unused_main 11 | XMETADescription: warn about unused results of certain functions 12 | XMETAExtraLines: tags="analysis, checker, pass, security" -------------------------------------------------------------------------------- /plugins/optimization/optimization_data.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap.Std 3 | open Regular.Std 4 | 5 | type t 6 | 7 | val mark_updated : 'a term -> 'a term 8 | 9 | val create : deads:Tid.Set.t -> sub term -> t 10 | 11 | val apply : sub term -> t -> sub term 12 | 13 | 14 | val update : sub term -> t -> sub term 15 | 16 | val find_unreachable : sub term -> t -> t 17 | 18 | val remove_dead_code : sub term -> t -> sub term 19 | 20 | 21 | include Data.S with type t := t 22 | -------------------------------------------------------------------------------- /lib/bap_primus/bap_primus_lisp_index.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | 3 | module type S = sig 4 | type t [@@deriving sexp_of] 5 | val null : t 6 | val next : t -> t 7 | val pp : Format.formatter -> t -> unit 8 | include Comparable.S_plain with type t := t 9 | end 10 | 11 | module Make() : S = struct 12 | let null = Int63.zero 13 | let next = Int63.succ 14 | include Int63 15 | end 16 | 17 | type ('a,'i,'e) interned = { 18 | data : 'a; 19 | id : 'i; 20 | eq : 'e; 21 | } 22 | -------------------------------------------------------------------------------- /oasis/byteweight-frontend: -------------------------------------------------------------------------------- 1 | 2 | Flag byteweight_frontend 3 | Description: Build bap-byteweight toolkit 4 | Default: false 5 | 6 | Executable "bap-byteweight" 7 | Path: src 8 | MainIs: bap_byteweight_main.ml 9 | Build$: flag(everything) || flag(byteweight_frontend) 10 | Install: true 11 | CompiledObject: best 12 | BuildDepends: bap, bap-byteweight, 13 | cmdliner, curl, fileutils, re.posix, findlib.dynload, ppx_bap 14 | -------------------------------------------------------------------------------- /oasis/callsites: -------------------------------------------------------------------------------- 1 | Flag callsites 2 | Description: Build callsites plugin 3 | Default: false 4 | 5 | Library callsites_plugin 6 | Build$: flag(everything) || flag(callsites) 7 | Path: plugins/callsites 8 | FindlibName: bap-plugin-callsites 9 | CompiledObject: best 10 | BuildDepends: bap, core_kernel 11 | Modules: Callsites_main 12 | XMETADescription: annotate callsites with subroutine's arguments 13 | XMETAExtraLines: tags="pass" -------------------------------------------------------------------------------- /oasis/flatten: -------------------------------------------------------------------------------- 1 | Flag flatten 2 | Description: Build the flatten plugin 3 | Default: false 4 | 5 | Library flatten_plugin 6 | Build$: flag(everything) || flag(flatten) 7 | XMETADescription: flattens (unrolls) BIR expressions into a trivial form 8 | Path: plugins/flatten 9 | FindlibName: bap-plugin-flatten 10 | CompiledObject: best 11 | BuildDepends: bap, core_kernel 12 | InternalModules: Flatten_main 13 | XMETAExtraLines: tags="pass,analysis,flatten,tac,3ac,unroll" 14 | -------------------------------------------------------------------------------- /plugins/mips/mips_types.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap.Std 3 | 4 | open Mips_rtl 5 | open Mips_dsl 6 | open Mips_utils 7 | open Mips_model 8 | 9 | type cpu = { 10 | load : exp -> bitwidth -> exp; 11 | store : exp -> exp -> bitwidth -> rtl; 12 | jmp : exp -> rtl; 13 | cia : exp; 14 | word_width : exp; 15 | delay : exp; 16 | word_bitwidth : bitwidth; 17 | reg : (op -> exp) ec; 18 | gpr : int -> exp; 19 | fpr : int -> exp; 20 | hi : exp; 21 | lo : exp; 22 | } 23 | -------------------------------------------------------------------------------- /oasis/primus-machine: -------------------------------------------------------------------------------- 1 | Flag primus_machine 2 | Description: Build Primus Machine monad 3 | Default: false 4 | 5 | Library bap_primus_machine 6 | Build$: flag(everything) || flag(primus_machine) 7 | XMETADescription: provides Primus Machine monad 8 | XMETAExtraLines: tags="primus" 9 | Path: lib/bap_primus_machine 10 | FindlibName: bap-primus-machine 11 | CompiledObject: best 12 | BuildDepends: bap-knowledge, core_kernel, monads, ppx_bap 13 | Modules: Bap_primus_machine 14 | -------------------------------------------------------------------------------- /plugins/x86/x86_targets.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap.Std 3 | 4 | (** IA32 target *) 5 | module IA32 : Target 6 | 7 | (** AMD64 target *) 8 | module AMD64 : Target 9 | 10 | 11 | (** IA32 legacy target *) 12 | module IA32L : Target 13 | 14 | (** AMD64 legacy target *) 15 | module AMD64L : Target 16 | 17 | (** IA32 target has been merged with legacy lifter *) 18 | module IA32M : Target 19 | 20 | (** AMD64 target has been merged with legacy lifter *) 21 | module AMD64M : Target 22 | -------------------------------------------------------------------------------- /lib/bap_primus/bap_primus_random.mli: -------------------------------------------------------------------------------- 1 | module Iterator = Bap_primus_iterator 2 | 3 | module MCG : sig 4 | module type S = sig 5 | include Iterator.Infinite.S with type dom = Bitvec.t 6 | val size : int 7 | val create : int -> t 8 | end 9 | 10 | val create : ?min:Bitvec.t -> ?max:Bitvec.t -> int -> (module S) 11 | val create_small : ?min:int -> ?max:int -> int -> (module S) 12 | 13 | module M8 : S 14 | module M16 : S 15 | module M32 : S 16 | module M64 : S 17 | end 18 | -------------------------------------------------------------------------------- /lib/bap_types/bap_integer.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap_integer_intf 3 | 4 | module type Base = Base 5 | module type S = S 6 | 7 | module Make(Base : Base) = struct 8 | include Base 9 | let ( + ) = add 10 | let ( - ) = sub 11 | let ( * ) = mul 12 | let ( / ) = div 13 | let ( ~-) = neg 14 | let (mod) = modulo 15 | let (land) = logand 16 | let (lor) = logor 17 | let (lxor) = logxor 18 | let (lsl) = lshift 19 | let (lsr) = rshift 20 | let (asr) = arshift 21 | end 22 | -------------------------------------------------------------------------------- /oasis/cxxfilt: -------------------------------------------------------------------------------- 1 | Flag cxxfilt 2 | Description: Build c++filt wrapper 3 | Default: false 4 | 5 | Library "cxxfilt_plugin" 6 | Path: plugins/cxxfilt 7 | Build$: flag(everything) || flag(cxxfilt) 8 | FindlibName: bap-plugin-cxxfilt 9 | CompiledObject: best 10 | BuildDepends: core_kernel, bap-demangle, bap, core_kernel.caml_unix 11 | InternalModules: Cxxfilt_main, Cxxfilt_config 12 | XMETADescription: provide c++filt based demangler 13 | XMETAExtraLines: tags="c++, c++filt, demangler" 14 | -------------------------------------------------------------------------------- /oasis/primus-powerpc: -------------------------------------------------------------------------------- 1 | Flag primus_powerpc 2 | Description: build Primus powerpc support package 3 | Default: false 4 | 5 | Library primus_powerpc_plugin 6 | Path: plugins/primus_powerpc 7 | Build$: flag(everything) || flag(primus_powerpc) 8 | FindlibName: bap-plugin-primus_powerpc 9 | CompiledObject: best 10 | BuildDepends: bap, bap-primus, core_kernel 11 | XMETADescription: powerpc support package 12 | Modules: Primus_powerpc_main 13 | XMETAExtraLines: tags="primus, powerpc" 14 | -------------------------------------------------------------------------------- /oasis/emit-ida-script: -------------------------------------------------------------------------------- 1 | Flag emit_ida_script 2 | Description: Build IDA plugin 3 | Default: false 4 | 5 | Library emit_ida_script_plugin 6 | Build$: flag(everything) || flag(emit_ida_script) 7 | Path: plugins/emit_ida_script 8 | FindlibName: bap-plugin-emit_ida_script 9 | BuildDepends: bap, core_kernel, ppx_bap, regular 10 | Modules: Emit_ida_script_main 11 | XMETADescription: extract a IDA python script from bap 12 | XMETAExtraLines: tags="ida, python" -------------------------------------------------------------------------------- /oasis/plugins: -------------------------------------------------------------------------------- 1 | Flag plugins 2 | Description: Build BAP plugins support library 3 | Default: false 4 | 5 | Library bap_plugins 6 | Build$: flag(everything) || flag(plugins) 7 | Path: lib/bap_plugins 8 | FindLibName: bap-plugins 9 | Modules: Bap_plugins 10 | InternalModules: Bap_plugins_config, 11 | Bap_plugins_units 12 | BuildDepends: core_kernel, dynlink, fileutils, findlib, bap-bundle, bap-future, 13 | uri, ppx_bap 14 | -------------------------------------------------------------------------------- /oasis/report: -------------------------------------------------------------------------------- 1 | Flag report 2 | Description: Build the report bars plugin 3 | Default: false 4 | 5 | Library report_plugin 6 | Build$: flag(everything) || flag(report) 7 | Path: plugins/report 8 | FindlibName: bap-plugin-report 9 | CompiledObject: best 10 | BuildDepends: bap, core_kernel, bap-future, core_kernel.caml_unix 11 | InternalModules: Report_main 12 | XMETADescription: reports program status 13 | XMETAExtraLines: tags="report, visualization" 14 | -------------------------------------------------------------------------------- /oasis/run: -------------------------------------------------------------------------------- 1 | Flag run 2 | Description: build run plugin 3 | Default: false 4 | 5 | Library run_plugin 6 | Build$: flag(everything) || flag(run) 7 | Path: plugins/run 8 | FindlibName: bap-plugin-run 9 | CompiledObject: best 10 | BuildDepends: bap, bap-primus, core_kernel, graphlib, monads, regular, 11 | bap-knowledge, bap-core-theory 12 | InternalModules: Run_main 13 | XMETADescription: a pass that will run a program 14 | XMETAExtraLines: tags="emulator, pass, primus" 15 | -------------------------------------------------------------------------------- /oasis/main.setup.ml.in: -------------------------------------------------------------------------------- 1 | 2 | let () = 3 | add_variable "build_id" 4 | ~doc:"Adds a build id to bap version" 5 | ~define:(function 6 | | Some x -> x 7 | | None -> 8 | try 9 | if Sys.file_exists ".git" && Sys.is_directory ".git" then 10 | OASISExec.run_read_one_line ~ctxt 11 | ~f_exit_code:ignore 12 | "git" ["rev-parse"; "--verify"; "--quiet"; "--short=7"; "HEAD"; ] 13 | else "" 14 | with _ -> "") 15 | -------------------------------------------------------------------------------- /lib/bap_c/bap_c_attr.mli: -------------------------------------------------------------------------------- 1 | (** Attribute processing. 2 | 3 | This module allows to attach a semantic action for C attributes. 4 | Each action is a term transformation, that should do nothing, if 5 | an attribute is not known to him. 6 | *) 7 | open Bap.Std 8 | open Bap_c_type 9 | 10 | (** a type of action *) 11 | type 'a pass = attr -> 'a term -> 'a term 12 | 13 | (** register an action *) 14 | val register : sub pass -> unit 15 | 16 | (** apply all registered actions *) 17 | val apply : sub pass 18 | -------------------------------------------------------------------------------- /lib/bap_disasm/bap_disasm_reconstructor.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap_types.Std 3 | open Bap_image_std 4 | 5 | open Bap_disasm_block 6 | open Bap_disasm_symtab 7 | open Bap_disasm_source 8 | 9 | type cfg = Bap_disasm_rec.Cfg.t 10 | 11 | type t 12 | type reconstructor = t 13 | 14 | val create : (cfg -> symtab) -> t 15 | val default : (word -> string) -> word list -> t 16 | val of_blocks : (string * addr * addr) seq -> t 17 | val run : t -> cfg -> symtab 18 | 19 | module Factory : Factory with type t = t 20 | -------------------------------------------------------------------------------- /oasis/primus-limit: -------------------------------------------------------------------------------- 1 | Flag primus_limit 2 | Description: build Primus limit plugin 3 | Default: false 4 | 5 | Library primus_limit 6 | Path: plugins/primus_limit 7 | Build$: flag(everything) || flag(primus_limit) 8 | FindlibName: bap-plugin-primus_limit 9 | CompiledObject: best 10 | BuildDepends: bap, bap-primus, bap, core_kernel, monads, bap-future, regular 11 | XMETADescription: ensures termination by limiting Primus machines 12 | Modules: Primus_limit_main 13 | XMETAExtraLines: tags="primus" 14 | -------------------------------------------------------------------------------- /lib/x86_cpu/x86_asm_reg.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap.Std 3 | 4 | include module type of X86_asm_reg_types 5 | 6 | (** [width reg_type] returns the size of the given [reg_type] *) 7 | val width : [gpr | ip] -> size 8 | 9 | (** [bitwidth reg_type] returns the width in bits of the 10 | given [reg_type] *) 11 | val bitwidth : [gpr | ip] -> int 12 | 13 | (** [decode reg] decodes the given [reg] provided by the 14 | disassembler as an x86 register if that is feasible. *) 15 | val decode : reg -> t option 16 | -------------------------------------------------------------------------------- /oasis/primus-greedy: -------------------------------------------------------------------------------- 1 | Flag primus_greedy 2 | Description: build Primus greedy scheduler 3 | Default: false 4 | 5 | Library primus_greedy_scheduler_plugin 6 | Path: plugins/primus_greedy 7 | Build$: flag(everything) || flag(primus_greedy) 8 | FindlibName: bap-plugin-primus_greedy 9 | CompiledObject: best 10 | BuildDepends: bap, bap-primus, core_kernel, monads 11 | XMETADescription: evaluates all machines in the DFS order 12 | Modules: Primus_greedy_main 13 | XMETAExtraLines: tags="primus, scheduler" 14 | -------------------------------------------------------------------------------- /oasis/strings-library: -------------------------------------------------------------------------------- 1 | Flag strings_library 2 | Description: Build string analysis library 3 | Default: false 4 | 5 | 6 | Library bap_strings 7 | Build$: flag(everything) || flag(strings_library) 8 | Path: lib/bap_strings 9 | FindlibName: bap-strings 10 | BuildDepends: core_kernel,ppx_bap 11 | Modules: Bap_strings, 12 | Bap_strings_detector, 13 | Bap_strings_index, 14 | Bap_strings_unscrambler, 15 | Bap_strings_scanner 16 | -------------------------------------------------------------------------------- /lib/bap_disasm/bap_disasm_types.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap_types.Std 3 | open Bap_image_std 4 | 5 | module Basic = Bap_disasm_basic 6 | 7 | module Kind = Bap_insn_kind 8 | 9 | module Op = Basic.Op 10 | module Reg = Basic.Reg 11 | module Fmm = Basic.Fmm 12 | module Imm = Basic.Imm 13 | 14 | type reg = Reg.t [@@deriving bin_io, compare, sexp] 15 | type imm = Imm.t [@@deriving bin_io, compare, sexp] 16 | type fmm = Fmm.t [@@deriving bin_io, compare, sexp] 17 | type kind = Kind.t [@@deriving bin_io, compare, sexp] 18 | -------------------------------------------------------------------------------- /oasis/dependencies: -------------------------------------------------------------------------------- 1 | Flag dependencies 2 | Description: Enable the dependencies command 3 | Default: false 4 | 5 | Library dependencies_plugin 6 | Build$: flag(everything) || flag(dependencies) 7 | XMETADescription: analyses the binary dependencies 8 | Path: plugins/dependencies 9 | FindlibName: bap-plugin-dependencies 10 | CompiledObject: best 11 | BuildDepends: bap, core_kernel, bap-main, ogre, regular, ppx_bap 12 | InternalModules: Dependencies_main 13 | XMETAExtraLines: tags="command, dependencies" 14 | -------------------------------------------------------------------------------- /oasis/frontc-parser: -------------------------------------------------------------------------------- 1 | Flag frontc_parser 2 | Description: Build FrontC based C parser 3 | Default: false 4 | 5 | Library frontc_parser_plugin 6 | Build$: flag(everything) || flag(frontc_parser) 7 | XMETADescription: parse c files with FrontC 8 | Path: plugins/frontc_parser 9 | FindlibName: bap-plugin-frontc_parser 10 | CompiledObject: best 11 | BuildDepends: bap, bap-c, FrontC, core_kernel, ppx_bap, core_kernel.caml_unix 12 | InternalModules: Frontc_parser_main 13 | XMETAExtraLines: tags="api,c,parser" 14 | -------------------------------------------------------------------------------- /plugins/x86/x86_tools_vector.ml: -------------------------------------------------------------------------------- 1 | open Bap.Std 2 | 3 | type t = X86_tools_types.interrupt_vector 4 | 5 | let to_int = function 6 | | `DE -> 0 7 | | `DB -> 1 8 | | `NMI -> 2 9 | | `BP -> 3 10 | | `OF -> 4 11 | | `BR -> 5 12 | | `UD -> 6 13 | | `NM -> 7 14 | | `DF -> 8 15 | | `TS -> 10 16 | | `NP -> 11 17 | | `SS -> 12 18 | | `GP -> 13 19 | | `PF -> 14 20 | | `MF -> 16 21 | | `AC -> 17 22 | | `MC -> 18 23 | | `XF -> 19 24 | | `SX -> 30 25 | | `INTR v -> v 26 | | `SOFTWARE v -> v 27 | 28 | -------------------------------------------------------------------------------- /lib/bap_primus/bap_primus_analysis.mli: -------------------------------------------------------------------------------- 1 | open Bap_primus_types 2 | open Bap_knowledge 3 | 4 | module Machine : sig 5 | open Knowledge 6 | include Machine with type 'a m = 'a Knowledge.t 7 | and type 'a t = 'a Bap_primus_machine.Make(Knowledge).t 8 | 9 | val collect : ('a,'p) slot -> 'a obj -> 'p t 10 | val resolve : ('a,'p opinions) slot -> 'a obj -> 'p t 11 | val provide : ('a,'p) slot -> 'a obj -> 'p -> unit t 12 | val suggest : agent -> ('a,'p opinions) slot -> 'a obj -> 'p -> unit t 13 | end 14 | -------------------------------------------------------------------------------- /plugins/constant_tracker/lisp/check-hardcoded-values.lisp: -------------------------------------------------------------------------------- 1 | (defun check-hardcoded-socket-address (sockaddr-ptr) 2 | (when (points-to-static-data sockaddr-ptr 16) 3 | (incident-report 'hardcoded-socket-address (incident-location)))) 4 | 5 | 6 | (defmethod call (name fd addr) 7 | (when (is-in name 'accept 'bind 'connect) 8 | (check-hardcoded-socket-address addr))) 9 | 10 | (defmethod call (name fd buf size flags addr len) 11 | (when (is-in name 'sendto 'recvfrom) 12 | (check-hardcoded-socket-address addr))) 13 | -------------------------------------------------------------------------------- /lib/bap_primus/bap_primus_lisp_loc.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | 3 | (* a region in a file *) 4 | type range = Parsexp.Positions.range [@@deriving sexp_of] 5 | 6 | 7 | (* a region in the specified file *) 8 | type loc = { 9 | file : string; 10 | range : range; 11 | } [@@deriving compare, sexp_of] 12 | 13 | type t = loc [@@deriving compare, sexp_of] 14 | 15 | val merge : t -> t -> t 16 | 17 | val nth_char : t -> int -> t 18 | 19 | val pp : Format.formatter -> t -> unit 20 | 21 | include Comparable.S_plain with type t := t 22 | -------------------------------------------------------------------------------- /oasis/primus-track-visited: -------------------------------------------------------------------------------- 1 | Flag primus_track_visited 2 | Description: build Primus track visited library 3 | Default: false 4 | 5 | Library bap_primus_track_visited 6 | Path: lib/bap_primus_track_visited 7 | Build$: flag(everything) || flag(primus_track_visited) 8 | FindlibName: bap-primus-track-visited 9 | CompiledObject: best 10 | BuildDepends: bap-primus, bap, core_kernel, ppx_bap 11 | XMETADescription: tracks basic blocks visited by Primus 12 | Modules: Bap_primus_track_visited 13 | XMETAExtraLines: tags="primus" -------------------------------------------------------------------------------- /oasis/primus-x86: -------------------------------------------------------------------------------- 1 | Flag primus_x86 2 | Description: build Primus x86 support package 3 | Default: false 4 | 5 | Library primus_x86_plugin 6 | Path: plugins/primus_x86 7 | Build$: flag(everything) || flag(primus_x86) 8 | FindlibName: bap-plugin-primus_x86 9 | CompiledObject: best 10 | BuildDepends: bap, bap-core-theory, bap-primus, core_kernel, bap-x86-cpu, regular 11 | XMETADescription: x86 support package 12 | Modules: Primus_x86_main 13 | InternalModules: Primus_x86_loader 14 | XMETAExtraLines: tags="primus, x86" -------------------------------------------------------------------------------- /plugins/primus_lisp/site-lisp/unistd.lisp: -------------------------------------------------------------------------------- 1 | (in-package posix) 2 | 3 | (defun isatty (fd) 4 | (declare (external "isatty")) 5 | (< fd 3)) 6 | 7 | (defun ioctl (_ _) (declare (external "ioctl")) 0) 8 | (defun ioctl (_ _ _) (declare (external "ioctl")) 0) 9 | (defun ioctl (_ _ _ _) (declare (external "ioctl")) 0) 10 | (defun ioctl (_ _ _ _ _) (declare (external "ioctl")) 0) 11 | (defun ioctl (_ _ _ _ _ _) (declare (external "ioctl")) 0) 12 | 13 | (defun getpagesize () 14 | (declare (external "getpagesize")) 15 | (* 64 1024)) 16 | -------------------------------------------------------------------------------- /lib/bap_c/bap_c_parser.mli: -------------------------------------------------------------------------------- 1 | (** A parser interface. 2 | 3 | The module doesn't provide any parsers by itself, but allows it to 4 | be provided by a third party module. 5 | *) 6 | open Core_kernel 7 | 8 | type decls = (string * Bap_c_type.t) list 9 | type parser = Bap_c_size.base -> string -> decls Or_error.t 10 | 11 | (** [run filename] parses file and returns a mapping from identifier 12 | to its type.*) 13 | val run : parser 14 | 15 | (** called by a plugin that provides a parser. *) 16 | val provide : parser -> unit 17 | -------------------------------------------------------------------------------- /lib/bap_llvm/llvm_loader.h: -------------------------------------------------------------------------------- 1 | #ifndef LLVM_LOADER_H 2 | #define LLVM_LOADER_H 3 | 4 | #include 5 | 6 | struct bap_llvm_loader; 7 | 8 | const struct bap_llvm_loader* bap_llvm_loader_create(const char*, size_t, const char *); 9 | const char* bap_llvm_loader_data(const struct bap_llvm_loader*); 10 | bool bap_llvm_loader_failed(const struct bap_llvm_loader*); 11 | bool bap_llvm_file_not_supported(const struct bap_llvm_loader*); 12 | void bap_llvm_loader_destroy(const struct bap_llvm_loader*); 13 | 14 | #endif // LLVM_LOADER_H 15 | -------------------------------------------------------------------------------- /lib/bap_systemz/bap_systemz_target.mli: -------------------------------------------------------------------------------- 1 | open Bap_core_theory 2 | 3 | 4 | type r64 and r32 and r16 and r8 5 | 6 | type 'a bitv = 'a Theory.Bitv.t Theory.Value.sort 7 | 8 | val r64 : r64 bitv 9 | val r32 : r32 bitv 10 | val r16 : r16 bitv 11 | val r8 : r8 bitv 12 | 13 | val mem : (r64, r8) Theory.Mem.t Theory.var 14 | val gpr : r64 Theory.Bitv.t Theory.var list 15 | val fpr : r64 Theory.Bitv.t Theory.var list 16 | 17 | val parent : Theory.Target.t 18 | 19 | val z9 : Theory.Target.t 20 | 21 | val llvm_encoding : Theory.Language.t 22 | -------------------------------------------------------------------------------- /oasis/analyze: -------------------------------------------------------------------------------- 1 | Flag analyze 2 | Description: Build the KB analyze command 3 | Default: false 4 | 5 | Library analyze_plugin 6 | Build$: flag(everything) || flag(analyze) 7 | Path: plugins/analyze 8 | FindlibName: bap-plugin-analyze 9 | CompiledObject: best 10 | BuildDepends: core_kernel, monads, ppx_bap, linenoise, 11 | bap-knowledge, bap-core-theory, bap-main, bap, 12 | bitvec 13 | InternalModules: Analyze_main, Analyze_core_commands 14 | XMETADescription: implements the analyze command 15 | -------------------------------------------------------------------------------- /oasis/dump-symbols: -------------------------------------------------------------------------------- 1 | Flag dump_symbols 2 | Description: Build dump-symbols plugin 3 | Default: false 4 | 5 | Library dump_symbols_plugin 6 | Build$: flag(everything) || flag(dump_symbols) 7 | Path: plugins/dump_symbols 8 | FindlibName: bap-plugin-dump_symbols 9 | CompiledObject: best 10 | BuildDepends: bap, core_kernel, ppx_bap, graphlib, regular 11 | InternalModules: Dump_symbols_main 12 | XMETADescription: dump symbol information as a list of blocks 13 | XMETAExtraLines: tags="printer" -------------------------------------------------------------------------------- /oasis/primus-promiscuous: -------------------------------------------------------------------------------- 1 | Flag primus_promiscuous 2 | Description: build Primus promiscuous plugin 3 | Default: false 4 | 5 | Library primus_promiscuous_plugin 6 | Path: plugins/primus_promiscuous 7 | Build$: flag(everything) || flag(primus_promiscuous) 8 | FindlibName: bap-plugin-primus_promiscuous 9 | CompiledObject: best 10 | BuildDepends: bap, bap-primus, core_kernel, monads 11 | XMETADescription: enables the promiscuous mode of execution 12 | Modules: Primus_promiscuous_main 13 | XMETAExtraLines: tags="primus, fuzz" -------------------------------------------------------------------------------- /oasis/primus-region: -------------------------------------------------------------------------------- 1 | Flag primus_region 2 | Description: Build Primus Region Tool 3 | Default: false 4 | 5 | Library primus_region_library_plugin 6 | Build$: flag(everything) || flag(primus_region) 7 | Path: plugins/primus_region 8 | BuildDepends: bap-core-theory, bap-primus, bap, core_kernel, ppx_bap, monads 9 | FindlibName: bap-plugin-primus_region 10 | CompiledObject: best 11 | InternalModules: Primus_region_main 12 | XMETADescription: interval sets 13 | XMETAExtraLines: tags="primus, primus-library" -------------------------------------------------------------------------------- /oasis/common.omake: -------------------------------------------------------------------------------- 1 | OASISFormat: 0.4 2 | Name: bap 3 | Version: 2.5.0-alpha 4 | OCamlVersion: >= 4.08.0 5 | Synopsis: BAP Core Library 6 | Authors: BAP Team 7 | Maintainers: Ivan Gotovchits 8 | License: MIT 9 | Copyrights: (C) 2014-2021 Carnegie Mellon University 10 | Plugins: META (0.4) 11 | AlphaFeatures: compiled_setup_ml 12 | BuildTools+: omake 13 | BuildType: OMake (0.4) 14 | InstallType: OMake (0.4) 15 | 16 | Flag everything 17 | Description: Build every feature by default 18 | Default: false 19 | -------------------------------------------------------------------------------- /oasis/primus-wandering: -------------------------------------------------------------------------------- 1 | 2 | Flag primus_wandering 3 | Description: build Primus wandering scheduler 4 | Default: false 5 | 6 | Library primus_wandering_scheduler_plugin 7 | Path: plugins/primus_wandering 8 | Build$: flag(everything) || flag(primus_wandering) 9 | FindlibName: bap-plugin-primus_wandering 10 | CompiledObject: best 11 | BuildDepends: bap, bap-primus, core_kernel, monads, bap-future 12 | XMETADescription: evaluates all machines while 13 | Modules: Primus_wandering_main 14 | XMETAExtraLines: tags="primus, scheduler" -------------------------------------------------------------------------------- /oasis/specification: -------------------------------------------------------------------------------- 1 | Flag specification 2 | Description: Enable the specification command 3 | Default: false 4 | 5 | Library specification_plugin 6 | Build$: flag(everything) || flag(specification) 7 | XMETADescription: prints the specification of the binary (like readelf) 8 | Path: plugins/specification 9 | FindlibName: bap-plugin-specification 10 | CompiledObject: best 11 | BuildDepends: bap, core_kernel, bap-main, ogre, regular 12 | InternalModules: Specification_main 13 | XMETAExtraLines: tags="command, specification" 14 | -------------------------------------------------------------------------------- /oasis/primus-print: -------------------------------------------------------------------------------- 1 | Flag primus_print 2 | Description: build Primus print plugin 3 | Default: false 4 | 5 | Library primus_print_plugin 6 | Path: plugins/primus_print 7 | Build$: flag(everything) || flag(primus_print) 8 | FindlibName: bap-plugin-primus_print 9 | CompiledObject: best 10 | BuildDepends: bap-primus, bare, bap, bap-knowledge, bap-core-theory, core_kernel, ppx_bap, bap-future, monads 11 | XMETADescription: prints Primus states and observations 12 | Modules: Primus_print_main 13 | XMETAExtraLines: tags="primus, printer" -------------------------------------------------------------------------------- /oasis/trace: -------------------------------------------------------------------------------- 1 | Flag trace 2 | Description: Build BAP trace dump utility 3 | Default: false 4 | 5 | Library trace_plugin 6 | Path: plugins/trace 7 | Build$: flag(everything) || flag(trace) 8 | FindlibName: bap-plugin-trace 9 | CompiledObject: best 10 | Modules: Trace_main 11 | BuildDepends: bap, bap-traces, core_kernel, ppx_bap, bap-plugins, 12 | bap-future, uri, regular, core_kernel.caml_unix 13 | XMETADescription: manage execution traces 14 | XMETAExtraLines: tags="dynamic, pass, printer, trace" -------------------------------------------------------------------------------- /lib/arm/arm_flags.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap.Std 3 | open Arm_types 4 | 5 | val set_nzf : exp -> typ -> stmt list 6 | 7 | val set_vnzf_add : exp -> exp -> exp -> typ -> stmt list 8 | 9 | val set_add : exp -> exp -> exp -> typ -> stmt list 10 | 11 | val set_sub : exp -> exp -> exp -> typ -> stmt list 12 | 13 | val set_vnzf_sub : exp -> exp -> exp -> typ -> stmt list 14 | 15 | val set_adc : exp -> exp -> exp -> typ -> stmt list 16 | 17 | val set_sbc : exp -> exp -> exp -> typ -> stmt list 18 | 19 | val set_cf_data : imm:word -> data:word -> stmt 20 | -------------------------------------------------------------------------------- /oasis/optimization: -------------------------------------------------------------------------------- 1 | Flag optimization 2 | Description: Build the optimization plugin 3 | Default: false 4 | 5 | Library optimization_plugin 6 | Build$: flag(everything) || flag(optimization) 7 | XMETADescription: automatically removes dead code and propagates consts 8 | Path: plugins/optimization 9 | FindlibName: bap-plugin-optimization 10 | CompiledObject: best 11 | BuildDepends: bap, core_kernel, graphlib, ppx_bap, regular 12 | InternalModules: Optimization_main, Optimization_data 13 | XMETAExtraLines: tags="pass,analysis,optimization" 14 | -------------------------------------------------------------------------------- /oasis/primus-loader: -------------------------------------------------------------------------------- 1 | Flag primus_loader 2 | Description: build Primus loader 3 | Default: false 4 | 5 | Library primus_loader_plugin 6 | Path: plugins/primus_loader 7 | Build$: flag(everything) || flag(primus_loader) 8 | FindlibName: bap-plugin-primus_loader 9 | CompiledObject: best 10 | BuildDepends: bap, bap-core-theory, bap-primus, core_kernel, ogre, ppx_bap 11 | XMETADescription: generic program loader for Primus 12 | Modules: Primus_loader_main 13 | InternalModules: Primus_loader_basic 14 | XMETAExtraLines: tags="abi, loader, primus" -------------------------------------------------------------------------------- /oasis/primus-mark-visited: -------------------------------------------------------------------------------- 1 | Flag primus_mark_visited 2 | Description: build Primus mark visited plugin 3 | Default: false 4 | 5 | Library primus_mark_visited_plugin 6 | Path: plugins/primus_mark_visited 7 | Build$: flag(everything) || flag(primus_mark_visited) 8 | FindlibName: bap-plugin-primus_mark_visited 9 | CompiledObject: best 10 | BuildDepends: bap-main, bap, bap-primus, bap-primus-track-visited 11 | XMETADescription: registers the bap:mark-visited component 12 | InternalModules: Primus_mark_visited_main 13 | XMETAExtraLines: tags="primus" -------------------------------------------------------------------------------- /oasis/propagate-taint: -------------------------------------------------------------------------------- 1 | Flag propagate_taint 2 | Description: Build a taint propagation plugin 3 | Default: false 4 | 5 | Library propagate_taint_plugin 6 | Build$: flag(everything) || flag(propagate_taint) 7 | Path: plugins/propagate_taint 8 | FindlibName: bap-plugin-propagate_taint 9 | BuildDepends: bap, bap-core-theory, bap-microx, core_kernel, ppx_bap, monads, regular, graphlib 10 | InternalModules: Propagate_taint_main, Propagator 11 | XMETADescription: propagate taints through a program 12 | XMETAExtraLines: tags="dataflow, pass, taint" -------------------------------------------------------------------------------- /lib/arm/arm_reg.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Regular.Std 3 | open Bap.Std 4 | open Arm_helpers 5 | 6 | type t = Arm_types.reg [@@deriving bin_io, compare, sexp] 7 | 8 | let create reg : t option = 9 | sexpable_of_string t_of_sexp (Reg.name reg) 10 | 11 | include Regular.Make(struct 12 | type nonrec t = t [@@deriving bin_io, compare, sexp] 13 | let hash (reg : t) = Hashtbl.hash reg 14 | let module_name = Some "ARM.Reg" 15 | let version = "1.0.0" 16 | let pp fmt reg = 17 | Format.fprintf fmt "%a" Sexp.pp (sexp_of_t reg) 18 | end) 19 | -------------------------------------------------------------------------------- /oasis/cache: -------------------------------------------------------------------------------- 1 | Flag cache 2 | Description: Build cache plugin 3 | Default: false 4 | 5 | Library cache_plugin 6 | Build$: flag(everything) || flag(cache) 7 | Path: plugins/cache 8 | FindlibName: bap-plugin-cache 9 | BuildDepends: bap, bap-main, regular, ppx_bap, mmap, fileutils, uuidm, 10 | core_kernel, core_kernel.caml_unix 11 | InternalModules: Bap_cache, Bap_cache_gc, Bap_cache_main, Bap_cache_types, Bap_cache_utils 12 | XMETADescription: provide caching services 13 | XMETAExtraLines: tags="cache" -------------------------------------------------------------------------------- /oasis/primus-exploring: -------------------------------------------------------------------------------- 1 | Flag primus_exploring 2 | Description: build Primus exploring scheduler 3 | Default: false 4 | 5 | Library primus_exploring_scheduler_plugin 6 | Path: plugins/primus_exploring 7 | Build$: flag(everything) || flag(primus_exploring) 8 | FindlibName: bap-plugin-primus_exploring 9 | CompiledObject: best 10 | BuildDepends: bap, bap-primus, core_kernel, monads, bap-future 11 | XMETADescription: evaluates all machines, prioritizing the least visited 12 | Modules: Primus_exploring_main 13 | XMETAExtraLines: tags="primus, scheduler" -------------------------------------------------------------------------------- /oasis/recipe-command: -------------------------------------------------------------------------------- 1 | Flag recipe_command 2 | Description: Build the BAP recipe command plugin 3 | Default: false 4 | 5 | Library bap_recipe_command_plugin 6 | Build$: flag(everything) || flag(recipe_command) 7 | Path: plugins/recipe_command 8 | FindlibName: bap-plugin-recipe_command 9 | CompiledObject: best 10 | BuildDepends: bap, bap-recipe, bap-main, base, stdio, stdlib-shims 11 | Modules: Recipe_command_main 12 | XMETADescription: manipulates bap recipes 13 | XMETAExtraLines: tags="recipe,command" 14 | -------------------------------------------------------------------------------- /lib/bap_types/bap_monad_types.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | 3 | module type State = sig 4 | type ('a,'s) t 5 | type 'a result 6 | 7 | include Monad.S2 with type ('a,'s) t := ('a,'s) t 8 | 9 | val put : 's -> (unit,'s) t 10 | val get : unit -> ('s,'s) t 11 | val gets : ('s -> 'r) -> ('r,'s) t 12 | val update : ('s -> 's) -> (unit,'s) t 13 | val modify : ('a,'s) t -> ('s -> 's) -> ('a,'s) t 14 | 15 | 16 | val run : ('a,'s) t -> 's -> ('a * 's) result 17 | val eval : ('a,'s) t -> 's -> 'a result 18 | val exec : ('a,'s) t -> 's -> 's result 19 | end 20 | -------------------------------------------------------------------------------- /lib/x86_cpu/x86_llvm_env.mli: -------------------------------------------------------------------------------- 1 | (** This module exposes register functionality that is based on 2 | LLVM's disassembler. This module is only useful if you are 3 | disassembling X86 using an LLVM backend. *) 4 | 5 | open Bap.Std 6 | 7 | (** [base_var mode reg] given a [reg] operand provided by the LLVM 8 | disassembler, [base_var] returns the variable corresponding to 9 | the physical register for that [mode] if it exists. If no such 10 | register exists for our backend, None is returned. 11 | *) 12 | val base_var : X86_types.mode -> reg -> Var.t option -------------------------------------------------------------------------------- /oasis/primus-dictionary: -------------------------------------------------------------------------------- 1 | Flag primus_dictionary 2 | Description: Build Primus Dictionary Tool 3 | Default: false 4 | 5 | Library primus_dictionary_library_plugin 6 | Build$: flag(everything) || flag(primus_dictionary) 7 | Path: plugins/primus_dictionary 8 | BuildDepends: bap-primus, bap, core_kernel, bap-core-theory 9 | FindlibName: bap-plugin-primus_dictionary 10 | CompiledObject: best 11 | InternalModules: Primus_dictionary_main 12 | XMETADescription: provides a key-value storage 13 | XMETAExtraLines: tags="primus, primus-library" -------------------------------------------------------------------------------- /oasis/primus-round-robin: -------------------------------------------------------------------------------- 1 | Flag primus_round_robin 2 | Description: build Primus round robin scheduler 3 | Default: false 4 | 5 | 6 | Library primus_round_robin_scheduler_plugin 7 | Path: plugins/primus_round_robin 8 | Build$: flag(everything) || flag(primus_round_robin) 9 | FindlibName: bap-plugin-primus_round_robin 10 | CompiledObject: best 11 | BuildDepends: bap, bap-primus, core_kernel, monads, bap-future 12 | XMETADescription: evaluates all machines in the BFS order 13 | Modules: Primus_round_robin_main 14 | XMETAExtraLines: tags="primus, scheduler" -------------------------------------------------------------------------------- /lib/bap_disasm/bap_disasm_source_factory.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap_types.Std 3 | open Bap_image_std 4 | open Bap_disasm_source_intf 5 | open Bap_future.Std 6 | 7 | module Tab = String.Table 8 | 9 | module Factory = struct 10 | module type S = Factory 11 | module Make(T : T) = struct 12 | type t = T.t 13 | let factory : t source Tab.t = Tab.create () 14 | 15 | let register name source = 16 | Hashtbl.set factory ~key:name ~data:source 17 | 18 | let list () = Hashtbl.keys factory 19 | let find = Hashtbl.find factory 20 | end 21 | end 22 | -------------------------------------------------------------------------------- /lib/bap_primus/bap_primus_env.mli: -------------------------------------------------------------------------------- 1 | open Bap.Std 2 | open Bap_primus_types 3 | 4 | module Generator = Bap_primus_generator 5 | 6 | type exn += Undefined_var of var 7 | 8 | val generated : (var * value) Bap_primus_observation.t 9 | 10 | module Make(Machine : Machine) : sig 11 | val get : var -> value Machine.t 12 | val set : var -> value -> unit Machine.t 13 | val add : var -> Generator.t -> unit Machine.t 14 | val del : var -> unit Machine.t 15 | val has : var -> bool Machine.t 16 | val all : var seq Machine.t 17 | val is_set : var -> bool Machine.t 18 | end 19 | -------------------------------------------------------------------------------- /oasis/bil: -------------------------------------------------------------------------------- 1 | Flag bil 2 | Description: Build bil plugin 3 | Default: false 4 | 5 | Library bil_plugin 6 | XMETADescription: Provides bil optimizations 7 | Path: plugins/bil 8 | Build$: flag(everything) || flag(bil) 9 | FindlibName: bap-plugin-bil 10 | BuildDepends: bap, bap-core-theory, bap-knowledge, core_kernel, 11 | ppx_bap, bap-future, monads, bitvec, bitvec-order, ogre, bap-main 12 | XMETAExtraLines: tags="bil,analysis,semantics" 13 | InternalModules: Bil_main, Bil_lifter, Bil_semantics, Bil_ir, Bil_float 14 | -------------------------------------------------------------------------------- /oasis/common.ocamlbuild.ml.in: -------------------------------------------------------------------------------- 1 | (* OASIS_START *) 2 | (* OASIS_STOP *) 3 | 4 | let oasis_env = 5 | BaseEnvLight.load 6 | ~allow_empty:true 7 | () 8 | let expand s = BaseEnvLight.var_expand s oasis_env 9 | 10 | type rule = unit -> unit 11 | 12 | module Rules : sig 13 | val add : rule -> unit 14 | val dispatch : hook -> unit 15 | end = struct 16 | let rules : (unit -> unit) list ref = ref [] 17 | let add rule = rules := rule :: !rules 18 | let dispatch = function 19 | | Before_rules -> !rules |> List.iter (fun rule -> rule ()) 20 | | _ -> () 21 | end 22 | -------------------------------------------------------------------------------- /oasis/read-symbols: -------------------------------------------------------------------------------- 1 | Flag read_symbols 2 | Description: Build read-symbols plugin 3 | Default: false 4 | 5 | Library read_symbols_plugin 6 | Build$: flag(everything) || flag(read_symbols) 7 | Path: plugins/read_symbols 8 | FindlibName: bap-plugin-read_symbols 9 | BuildDepends: bap-main, core_kernel, bap-core-theory, bap-knowledge, 10 | bitvec, bap-relation 11 | Modules: Read_symbols_main 12 | XMETADescription: read symbol information from file 13 | XMETAExtraLines: tags="reconstructor, rooter, symbolizer" -------------------------------------------------------------------------------- /oasis/glibc-runtime: -------------------------------------------------------------------------------- 1 | Flag glibc_runtime 2 | Description: Builds glibc runtime supporing code 3 | Default: false 4 | 5 | Library glibc_runtime_plugin 6 | Build$: flag(everything) || flag(glibc_runtime) 7 | Path: plugins/glibc_runtime 8 | FindlibName: bap-plugin-glibc_runtime 9 | CompiledObject: best 10 | BuildDepends: core_kernel, bap-main, bap, bap-abi, bap-c, ogre, bap-core-theory 11 | InternalModules: Glibc_runtime_main 12 | XMETADescription: detects main and libc_start_main functions 13 | XMETAExtraLines: tags="abi, pass" 14 | -------------------------------------------------------------------------------- /oasis/trivial-condition-form: -------------------------------------------------------------------------------- 1 | Flag trivial_condition_form 2 | Description: Build trivial_condition_form plugin 3 | Default: false 4 | 5 | Library trivial_condition_form_plugin 6 | Build$: flag(everything) || flag(trivial_condition_form) 7 | Path: plugins/trivial_condition_form 8 | FindlibName: bap-plugin-trivial_condition_form 9 | CompiledObject: best 10 | BuildDepends: bap, core_kernel 11 | Modules: Trivial_condition_form_main 12 | XMETADescription: eliminates complex conditionals in branches 13 | XMETAExtraLines: tags="pass" -------------------------------------------------------------------------------- /plugins/ida/bap_ida_info.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | 3 | type mode = [ `m32 | `m64 ] 4 | 5 | type t 6 | 7 | (** [create path is_headless] *) 8 | val create : string -> bool -> t Or_error.t 9 | 10 | (** [find_ida info mode target] - returns a full path 11 | to ida executable depending on [mode] and [target] name *) 12 | val find_ida : t -> mode option -> string -> string 13 | 14 | val is_headless : t -> bool 15 | 16 | val check : t -> unit Or_error.t 17 | 18 | (** [require_ncurses ida] returns true if [ida] need ncureses lib to operate*) 19 | val require_ncurses : t -> bool 20 | -------------------------------------------------------------------------------- /plugins/x86/x86_legacy_bil_semantics.mli: -------------------------------------------------------------------------------- 1 | open Bap_core_theory 2 | 3 | type exp = X86_legacy_bil.Ast.exp 4 | 5 | module Binary : sig 6 | val fextract : 7 | ?bias:exp -> Theory.IEEE754.parameters -> exp -> hi:int -> lo:int -> exp 8 | val unbiased_exponent : Theory.IEEE754.parameters -> exp -> exp 9 | val fraction : Theory.IEEE754.parameters -> exp -> exp 10 | val sign : Theory.IEEE754.parameters -> exp -> exp 11 | val is_nan : Theory.IEEE754.parameters -> exp -> exp 12 | val mk_nan : Theory.IEEE754.parameters -> exp -> exp 13 | end 14 | 15 | val init : unit -> unit 16 | -------------------------------------------------------------------------------- /lib_test/bap_dwarf/run_tests.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open OUnit2 3 | 4 | module Dwarf = Bap_dwarf.Std 5 | 6 | let suite = 7 | "DWARF" >::: [ 8 | Test_leb128.suite; 9 | ] 10 | 11 | (* JS is changing the inline test interface every minor release, 12 | so we need either wait until they stabilize it, or to move, 13 | to something better. *) 14 | let run_inline_tests () = 15 | eprintf "Warning: ignoring inline tests\n" 16 | 17 | let () = 18 | if Array.mem ~equal:String.equal Sys.argv "inline-test-runner" 19 | then run_inline_tests () 20 | else run_test_tt_main suite 21 | -------------------------------------------------------------------------------- /oasis/main: -------------------------------------------------------------------------------- 1 | Flag main 2 | Description: Build BAP Main Framework Configuration Library 3 | Default: false 4 | 5 | Library bap_main 6 | Path: lib/bap_main 7 | Build$: flag(everything) || flag(main) 8 | FindLibName: bap-main 9 | CompiledObject: best 10 | BuildDepends: stdlib-shims, base, stdio, cmdliner, bap-future, 11 | bap-bundle, bap-plugins, bap-recipe, core_kernel, 12 | fileutils, core_kernel.caml_unix 13 | Modules: Bap_main, Bap_main_config, Bap_main_event 14 | InternalModules: Bap_main_log 15 | -------------------------------------------------------------------------------- /plugins/abi/abi_main.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap.Std 3 | include Self() 4 | 5 | let () = Config.manpage [ 6 | `S "DESCRIPTION"; 7 | `P "Run ABI specific passes. The passes are registered using 8 | Bap_abi.register_pass function, by target specific plugins, 9 | depending on the binary architecture and command line options, 10 | provided by a user."; 11 | `S "SEE ALSO"; 12 | `P "$(b,bap-plugin-x86)(1), $(b,bap-plugin-arm)(1), $(b,bap-abi)(3)" 13 | ] 14 | 15 | let () = Config.when_ready (fun _ -> 16 | Project.register_pass ~autorun:true Bap_abi.pass) 17 | -------------------------------------------------------------------------------- /.github/workflows/check-the-style.yml: -------------------------------------------------------------------------------- 1 | name: check-the-style 2 | 3 | on: 4 | - pull_request 5 | 6 | jobs: 7 | build: 8 | runs-on: ubuntu-latest 9 | 10 | env: 11 | OPAMJOBS: 2 12 | OPAMRETRES: 8 13 | 14 | steps: 15 | - name: Checkout code 16 | uses: actions/checkout@v2 17 | 18 | - name: Setup OCaml 19 | uses: ocaml/setup-ocaml@v2 20 | with: 21 | ocaml-compiler: 4.08.x 22 | dune-cache: true 23 | 24 | - name: Check the Style 25 | run: opam install -y ocp-indent && opam exec -- make check-style 26 | -------------------------------------------------------------------------------- /lib/arm/arm_insn.mli: -------------------------------------------------------------------------------- 1 | open Bap.Std 2 | open Regular.Std 3 | 4 | 5 | (** insn opcode. 6 | 7 | In contradicition with BAP insn, the ARM one is just an opcode, 8 | without operands. (Possibly, opcode would be a much better 9 | name). *) 10 | type t = Arm_types.insn [@@deriving bin_io, compare, sexp] 11 | 12 | 13 | (** [create insn] translate from BAP [insn] *) 14 | val create : insn -> t option 15 | 16 | 17 | (** [of_basic insn] translate from BAP basic [insn] *) 18 | val of_basic : ('a,'b) Disasm_expert.Basic.insn -> t option 19 | 20 | include Regular.S with type t := t 21 | -------------------------------------------------------------------------------- /lib/bap_primus/bap_primus_machine.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap.Std 3 | open Monads.Std 4 | open Bap_primus_types 5 | 6 | module type Component = Component 7 | module type S = Machine 8 | 9 | type id = Monad.State.Multi.id 10 | type nonrec component = component 11 | 12 | module State = Bap_primus_state 13 | module Make(M : Monad.S) : S with type 'a m := 'a M.t 14 | 15 | 16 | val exn_raised : exn observation 17 | val kill : id observation 18 | val start : string observation 19 | val stop : string observation 20 | val fork : (id * id) observation 21 | val switch : (id * id) observation 22 | -------------------------------------------------------------------------------- /lib_test/.merlin: -------------------------------------------------------------------------------- 1 | B ../_build/lib_test/bap_core 2 | B ../_build/lib_test/bap_disasm 3 | B ../_build/lib_test/bap_dwarf 4 | B ../_build/lib_test/bap_elf 5 | B ../_build/lib_test/bap_future 6 | B ../_build/lib_test/bap_image 7 | B ../_build/lib_test/bap_project 8 | B ../_build/lib_test/bap_sema 9 | B ../_build/lib_test/bap_trace 10 | B ../_build/lib_test/bap_types 11 | B ../_build/lib_test/x86 12 | 13 | REC 14 | S bap_core 15 | S bap_disasm 16 | S bap_dwarf 17 | S bap_elf 18 | S bap_future 19 | S bap_image 20 | S bap_project 21 | S bap_sema 22 | S bap_types 23 | S bap_trace 24 | S x86 25 | PKG oUnit -------------------------------------------------------------------------------- /docker/fedora/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ocaml/opam2:fedora 2 | 3 | WORKDIR /home/opam 4 | 5 | RUN opam switch 4.09 \ 6 | && eval "$(opam env)" \ 7 | && opam remote set-url default https://opam.ocaml.org \ 8 | && opam repo add bap git://github.com/BinaryAnalysisPlatform/opam-repository#testing --all \ 9 | && opam update \ 10 | && opam depext --install bap --yes -j 1 \ 11 | && opam clean -acrs \ 12 | && rm -rf /home/opam/.opam/4.0[2-8,10] \ 13 | && rm -rf /home/opam/.opam/4.09/.opam-switch/sources/* \ 14 | && rm -rf /home/opam/opam-repository 15 | 16 | ENTRYPOINT ["opam", "config", "exec", "--"] 17 | -------------------------------------------------------------------------------- /lib/bap_piqi/bil_piqi.mli: -------------------------------------------------------------------------------- 1 | open Bap.Std 2 | 3 | type fmt = [ `json | `pb | `piq | `pib | `xml ] 4 | [@@deriving sexp, enumerate] 5 | 6 | val bil_of_string : fmt -> string -> bil 7 | val string_of_bil : fmt -> bil -> string 8 | 9 | val stmt_of_string : fmt -> string -> stmt 10 | val string_of_stmt : fmt -> stmt -> string 11 | 12 | val exp_of_string : fmt -> string -> exp 13 | val string_of_exp : fmt -> exp -> string 14 | 15 | val exp_of_piqi : Stmt_piqi.expr -> exp 16 | val var_of_piqi : Stmt_piqi.var -> var 17 | val piqi_of_exp : exp -> Stmt_piqi.expr 18 | val piqi_of_var : var -> Stmt_piqi.var 19 | -------------------------------------------------------------------------------- /oasis/callgraph-collator: -------------------------------------------------------------------------------- 1 | Flag callgraph_collator 2 | Description: Builds a collator based on callgraph 3 | Default: false 4 | 5 | Library callgraph_collator_plugin 6 | Build$: flag(everything) || flag(callgraph_collator) 7 | Path: plugins/callgraph_collator 8 | BuildDepends: bap-main, bap, core_kernel, graphlib, ppx_bap, re.pcre 9 | FindlibName: bap-plugin-callgraph_collator 10 | CompiledObject: best 11 | InternalModules: Callgraph_collator_main 12 | XMETADescription: Collates programs based on their callgraphs 13 | XMETAExtraLines: tags="collator, analysis" 14 | -------------------------------------------------------------------------------- /oasis/primus-random: -------------------------------------------------------------------------------- 1 | Flag primus_random 2 | Description: Build Primus randomization components 3 | Default: false 4 | 5 | Library primus_random_library_plugin 6 | Build$: flag(everything) || flag(primus_random) 7 | Path: plugins/primus_random 8 | BuildDepends: bap-primus, bap, core_kernel, ppx_bap, bap-main, 9 | bitvec, bitvec-sexp, zarith, bap-core-theory 10 | FindlibName: bap-plugin-primus_random 11 | CompiledObject: best 12 | InternalModules: Primus_random_main 13 | XMETADescription: primus randomization components 14 | XMETAExtraLines: tags="primus" -------------------------------------------------------------------------------- /lib/regular/regular_opaque.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Regular_regular 3 | open Regular_data_types 4 | open Regular_data_intf 5 | 6 | module type S = sig 7 | type t 8 | include Comparable with type t := t 9 | include Hashable with type t := t 10 | end 11 | 12 | module Make(M : sig 13 | type t [@@deriving compare] 14 | val hash : t -> int 15 | end) = struct 16 | module M = struct 17 | include M 18 | let sexp_of_t = sexp_of_opaque 19 | let t_of_sexp = opaque_of_sexp 20 | end 21 | include Comparable.Make(M) 22 | include Hashable.Make_and_derive_hash_fold_t(M) 23 | end 24 | -------------------------------------------------------------------------------- /lib/x86_cpu/x86_asm_reg.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap.Std 3 | 4 | include X86_asm_reg_types 5 | 6 | let width = function 7 | | #r8 -> `r8 8 | | #r16 | `IP -> `r16 9 | | #r32 | `EIP -> `r32 10 | | #r64 | `RIP -> `r64 11 | | #r128 -> `r128 12 | | #r256 -> `r256 13 | 14 | 15 | let bitwidth r = width r |> Size.in_bits 16 | 17 | type spec = [`Nil | t] [@@deriving sexp] 18 | 19 | let decode reg = 20 | match Reg.name reg |> Sexp.of_string |> spec_of_sexp with 21 | | `Nil -> None 22 | | #t as r -> Some r 23 | | exception _ -> 24 | failwithf "unknown register %s" (Reg.name reg) () 25 | -------------------------------------------------------------------------------- /plugins/x86/x86_endbr.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap.Std 3 | open X86_asm.Reg 4 | 5 | module IA32 = X86_backend.IA32 6 | module AMD64 = X86_backend.AMD64 7 | 8 | type endbr = [ `ENDBR32 | `ENDBR64 ] [@@deriving bin_io, sexp, compare, enumerate] 9 | 10 | let lift _mem _insn = Ok [ Bil.(encode intrinsic "endbr")] 11 | 12 | let () = 13 | Bap_main.Extension.declare @@ fun _ctxt -> 14 | let name op = sexp_of_endbr op |> Sexp.to_string in 15 | List.iter all_of_endbr ~f:(fun op -> IA32.register (name op) lift); 16 | List.iter all_of_endbr ~f:(fun op -> AMD64.register (name op) lift); 17 | Ok () 18 | -------------------------------------------------------------------------------- /oasis/build: -------------------------------------------------------------------------------- 1 | Flag build 2 | Description: Build BAP build automation tools 3 | Default: false 4 | 5 | Library "bap-build" 6 | Build$: flag(everything) || flag(build) 7 | Path: lib/bap_build 8 | FindlibName: bap-build 9 | CompiledObject: best 10 | Modules: Bap_build 11 | BuildDepends: findlib, ocamlbuild 12 | 13 | Executable "bapbuild" 14 | Build$: flag(everything) || flag(build) 15 | Path: tools 16 | MainIs: bapbuild.ml 17 | Install: true 18 | CompiledObject: best 19 | BuildDepends: core_kernel, ocamlbuild, bap-build, compiler-libs, ppx_bap 20 | -------------------------------------------------------------------------------- /lib/bap_primus/bap_primus_state.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap.Std 3 | 4 | type 'a t 5 | type 'a state = 'a t 6 | 7 | type void 8 | type uuid = (void,void,void) format 9 | 10 | 11 | val declare : 12 | ?inspect:('a -> Sexp.t) -> 13 | uuid:uuid -> 14 | name:string -> 15 | (project -> 'a) -> 'a t 16 | 17 | val inspect : 'a t -> 'a -> Sexp.t 18 | val name : 'a t -> string 19 | 20 | module Bag : sig 21 | type t 22 | 23 | val empty : t 24 | val with_state : t -> 'a state -> 25 | ready:('a -> 'b) -> 26 | create:((project -> 'a) -> 'b) -> 'b 27 | 28 | val set : t -> 'a state -> 'a -> t 29 | end 30 | -------------------------------------------------------------------------------- /lib/bap_types/bap_var.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap_core_theory 3 | 4 | open Regular.Std 5 | open Bap_common 6 | type t 7 | include Regular.S with type t := t 8 | 9 | val reify : 'a Theory.var -> t 10 | val ident : t -> Theory.Var.ident 11 | val sort : t -> Theory.Value.Sort.Top.t 12 | 13 | (* Old interface *) 14 | val create : ?is_virtual:bool -> ?fresh:bool -> string -> typ -> t 15 | val with_index : t -> int -> t 16 | val index : t -> int 17 | val base : t -> t 18 | val same : t -> t -> bool 19 | val name : t -> string 20 | val typ : t -> typ 21 | val is_virtual : t -> bool 22 | val is_physical : t -> bool 23 | -------------------------------------------------------------------------------- /plugins/primus_taint/lisp/taint.lisp: -------------------------------------------------------------------------------- 1 | ;;; Taint Analysis Framework 2 | ;;; 3 | 4 | (defparameter *indirect-taint-size* nil) 5 | 6 | (defun taint-introduce (r k v) 7 | "(taint-introduce REL KIND VAL) associates a fresh new taint with 8 | the value VAL using the specified relation REL, that must be either 9 | 'directly or 'indirectly. If taint is introduced indirectly, then 10 | *indirect-taint-size* number of bytes are tainted." 11 | (if (= r 'directly) 12 | (taint-introduce-directly k v) 13 | (let ((n (or *indirect-taint-size* (/ (word-width) 8)))) 14 | (taint-introduce-indirectly k v n)))) 15 | -------------------------------------------------------------------------------- /oasis/disassemble: -------------------------------------------------------------------------------- 1 | Flag disassemble 2 | Description: Enable the disassemble command 3 | Default: false 4 | 5 | Library disassemble_plugin 6 | Build$: flag(everything) || flag(disassemble) 7 | XMETADescription: implements the disassemble command 8 | Path: plugins/disassemble 9 | FindlibName: bap-plugin-disassemble 10 | CompiledObject: best 11 | BuildDepends: bap, bap-knowledge, bap-core-theory, core_kernel, 12 | regular, monads, bap-plugins, bap-bundle, bap-main, 13 | ppx_bap 14 | InternalModules: Disassemble_main 15 | XMETAExtraLines: tags="command, analysis, disassemble" 16 | -------------------------------------------------------------------------------- /oasis/primus-systems: -------------------------------------------------------------------------------- 1 | Flag primus_systems 2 | Description: Build Primus Systems Plugin 3 | Default: false 4 | 5 | 6 | Library primus_systems_plugin 7 | Build$: flag(everything) || flag(primus_systems) 8 | Path: plugins/primus_systems 9 | BuildDepends: bap-primus, bap-main, core_kernel, bap-knowledge 10 | FindlibName: bap-plugin-primus_systems 11 | CompiledObject: best 12 | InternalModules: Primus_systems_main 13 | XMETADescription: installs, parses, and loads Primus systems 14 | DataFiles: systems/*.asd ($datadir/bap/primus/systems) 15 | XMETAExtraLines: tags="primus, systems" 16 | -------------------------------------------------------------------------------- /lib/bap_c/bap_c_term_attributes.mli: -------------------------------------------------------------------------------- 1 | (** BIR attributes. *) 2 | open Bap.Std 3 | open Bap_c_type 4 | 5 | 6 | (** Abstraction of a data representation of C value. This 7 | attribute is attached to each inserted arg term, but can be 8 | further propagated by other passes *) 9 | val data : Bap_c_data.t tag 10 | 11 | (** Function prototype. This attribute is inserted into each 12 | annotated function. *) 13 | val proto : proto tag 14 | 15 | (** A c type associated with a term. This attribute is attached to 16 | each inserted arg term, but maybe propagated by further by other 17 | passes. *) 18 | val t : t tag 19 | -------------------------------------------------------------------------------- /lib/bap_disasm/bap_disasm_rooter.mli: -------------------------------------------------------------------------------- 1 | open Bap_types.Std 2 | open Bap_disasm_source 3 | open Bap_image_std 4 | open Bap_knowledge 5 | 6 | type t 7 | type rooter = t 8 | 9 | val create : addr seq -> t 10 | 11 | val set_path : t -> string -> t 12 | 13 | val path : t -> string option 14 | 15 | val of_image : image -> t 16 | 17 | val of_blocks : (string * addr * addr) seq -> t 18 | 19 | val empty : t 20 | 21 | val roots : t -> addr seq 22 | 23 | val union : t -> t -> t 24 | 25 | val provide : t -> unit 26 | val providing : t -> (unit -> 'a knowledge) -> 'a knowledge 27 | 28 | 29 | module Factory : Factory with type t = t 30 | -------------------------------------------------------------------------------- /oasis/constant-tracker: -------------------------------------------------------------------------------- 1 | Flag constant_tracker 2 | Description: Build the constant tracking analysis 3 | Default: false 4 | 5 | 6 | Library constant_tracker_plugin 7 | Build$: flag(everything) || flag(constant_tracker) 8 | Path: plugins/constant_tracker 9 | BuildDepends: bap-primus, bap, core_kernel 10 | FindlibName: bap-plugin-constant_tracker 11 | CompiledObject: best 12 | InternalModules: Constant_tracker_main 13 | XMETADescription: Constant Tracking Analysis based on Primus 14 | DataFiles: lisp/*.lisp ($datadir/bap/primus/site-lisp) 15 | XMETAExtraLines: tags="primus, lisp, analysis" 16 | -------------------------------------------------------------------------------- /lib/regular/regular_data_types.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | 3 | 4 | (** [copy buf obj pos] is a method to copy object [obj] into a buffer 5 | [buf], starting from a position [pos] and will return the number 6 | of bytes written. XXX: we need the amount of bytes beforehand. 7 | *) 8 | type ('a,'b) copy = 'b -> 'a -> int -> unit 9 | (** *) 10 | type ('a,'b) dump = 'b -> 'a -> unit 11 | 12 | type lexbuf = Lexing.lexbuf 13 | type scanbuf = Scanf.Scanning.scanbuf 14 | 15 | module Versioned = struct 16 | module type S = sig 17 | type t 18 | val version : string 19 | end 20 | end 21 | 22 | module type Versioned = Versioned.S 23 | -------------------------------------------------------------------------------- /oasis/graphlib: -------------------------------------------------------------------------------- 1 | Flag graphlib 2 | Description: Build graphlib library 3 | Default: false 4 | 5 | Library graphlib 6 | Path: lib/graphlib 7 | FindlibName: graphlib 8 | Build$: flag(everything) || flag(graphlib) 9 | CompiledObject: best 10 | BuildDepends: core_kernel, regular, ocamlgraph, ppx_bap, 11 | core_kernel.pairing_heap 12 | Modules: Graphlib 13 | InternalModules: 14 | Graphlib_graph, 15 | Graphlib_intf, 16 | Graphlib_regular, 17 | Graphlib_regular_intf, 18 | Graphlib_pp 19 | -------------------------------------------------------------------------------- /oasis/primus-taint: -------------------------------------------------------------------------------- 1 | 2 | Flag primus_taint 3 | Description: Build primus-taint plugin 4 | Default: false 5 | 6 | Library primus_taint_plugin 7 | Path: plugins/primus_taint 8 | Build$: flag(everything) || flag(primus_taint) 9 | FindlibName: bap-plugin-primus_taint 10 | CompiledObject: best 11 | BuildDepends: bap-primus, bap-taint, bap, core_kernel, regular, monads 12 | XMETADescription: a taint analysis control interface 13 | DataFiles: lisp/*.lisp ($datadir/bap/primus/site-lisp) 14 | InternalModules: Primus_taint_main, Primus_taint_policies 15 | XMETAExtraLines: tags="dataflow, pass, taint, primus, primus-lisp" 16 | -------------------------------------------------------------------------------- /lib/bap_disasm/bap_insn_kind.ml: -------------------------------------------------------------------------------- 1 | type branch = [ 2 | | `Conditional_branch 3 | | `Unconditional_branch 4 | | `Indirect_branch 5 | ] [@@deriving bin_io, compare, enumerate, sexp] 6 | 7 | type affecting_control = [ 8 | | branch 9 | | `Return 10 | | `Call 11 | | `Barrier 12 | | `Terminator 13 | | `May_affect_control_flow 14 | ] [@@deriving bin_io, compare, enumerate, sexp] 15 | 16 | type having_side_effect = [ 17 | | `May_load 18 | | `May_store 19 | ] [@@deriving bin_io, compare, enumerate, sexp] 20 | 21 | type t = [ 22 | | affecting_control 23 | | having_side_effect 24 | ] [@@deriving bin_io, compare, enumerate, sexp] 25 | -------------------------------------------------------------------------------- /lib/bap_primus/bap_primus_iterator.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap_primus_generator_types 3 | 4 | module type Base = Iterator.Base 5 | 6 | type ('a,'e) t 7 | 8 | 9 | module Finite : sig 10 | module type S = Iterator.Finite 11 | 12 | val create : (module S with type t = 'a and type dom = 'e) -> ('a,'e) t 13 | end 14 | 15 | module Infinite : sig 16 | module type S = Iterator.Infinite 17 | 18 | val create : (module S with type t = 'a and type dom = 'e) -> ('a,'e) t 19 | end 20 | 21 | 22 | val enum : ('a,'e) t -> 'a -> 'e Sequence.t 23 | val min : ('a,'e) t -> 'e 24 | val max : ('a,'e) t -> 'e 25 | val value : ('a,'e) t -> 'a -> 'e 26 | -------------------------------------------------------------------------------- /lib/bitvec_binprot/bitvec_binprot.mli: -------------------------------------------------------------------------------- 1 | open Bin_prot 2 | 3 | (** Provides serialization functions for the Binprot Protocol.*) 4 | 5 | 6 | include Binable.S with type t = Bitvec.t 7 | 8 | 9 | (** Same module, but functions only without the type. 10 | 11 | Useful, for extending an existing interface with the binable 12 | interface, without hitting the same type defined twice error, 13 | e.g. 14 | 15 | {[include Comprable.Make_binable_using_comparator(struct 16 | include Bitvector_order 17 | include Bitvector_binprot.Functions 18 | end]} 19 | *) 20 | module Functions : Binable.S with type t := Bitvec.t 21 | -------------------------------------------------------------------------------- /lib/graphlib/graphlib_regular.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Regular.Std 3 | open Graphlib_intf 4 | open Graphlib_graph 5 | open Graphlib_regular_intf 6 | 7 | module Make(Node : Opaque.S)(Label : T) : Graph 8 | with type node = Node.t 9 | and type Node.label = Node.t 10 | and type Edge.label = Label.t 11 | 12 | module Labeled(Node : Opaque.S)(NL : T)(EL : T) : Graph 13 | with type node = (Node.t, NL.t) labeled 14 | and type Node.label = (Node.t, NL.t) labeled 15 | and type Edge.label = EL.t 16 | 17 | module Aux(M : sig 18 | include Pretty_printer.S 19 | val module_name : string 20 | end) : Aux with type node := M.t 21 | -------------------------------------------------------------------------------- /oasis/primus-propagate-taint: -------------------------------------------------------------------------------- 1 | 2 | Flag primus_propagate_taint 3 | Description: Build primus-propagate-taint plugin 4 | Default: false 5 | 6 | Library primus_propagate_taint_plugin 7 | Path: plugins/primus_propagate_taint 8 | Build$: flag(everything) || flag(primus_propagate_taint) 9 | FindlibName: bap-plugin-primus_propagate_taint 10 | CompiledObject: best 11 | BuildDepends: bap-primus, bap-taint, core_kernel, bap, monads, ppx_bap 12 | XMETADescription: a compatibility layer between different taint analysis frameworks 13 | InternalModules: Primus_propagate_taint_main 14 | XMETAExtraLines: tags="dataflow, pass, taint, primus" 15 | -------------------------------------------------------------------------------- /oasis/print: -------------------------------------------------------------------------------- 1 | Flag print 2 | Description: Build print plugin 3 | Default: false 4 | 5 | ########## Print Plugin #################################### 6 | 7 | Library print_plugin 8 | Build$: flag(everything) || flag(print) 9 | Path: plugins/print 10 | FindlibName: bap-plugin-print 11 | BuildDepends: bap, text-tags, bap-demangle, core_kernel, 12 | bap-core-theory, regular, graphlib, re.pcre, 13 | ogre, bap-knowledge, core_kernel.caml_unix 14 | InternalModules: Print_main 15 | XMETADescription: print project in various formats 16 | XMETAExtraLines: tags="printer" -------------------------------------------------------------------------------- /lib/bap_disasm/bap_disasm_block.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Regular.Std 3 | open Bap_types.Std 4 | open Bap_image_std 5 | open Graphlib.Std 6 | 7 | type insn = Bap_disasm_insn.t 8 | type jump = [ 9 | | `Jump 10 | | `Cond 11 | ] [@@deriving compare, sexp] 12 | type edge = [jump | `Fall] [@@deriving compare, sexp] 13 | type t [@@deriving compare, sexp_of] 14 | 15 | val create : mem -> (mem * insn) list -> t 16 | val addr : t -> addr 17 | val memory : t -> mem 18 | val leader : t -> insn 19 | val terminator : t -> insn 20 | val insns : t -> (mem * insn) list 21 | include Opaque.S with type t := t 22 | include Printable.S with type t := t 23 | -------------------------------------------------------------------------------- /docker/alpine/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ocaml/opam2:alpine 2 | 3 | WORKDIR /home/opam 4 | 5 | RUN opam switch 4.09 \ 6 | && eval "$(opam env)" \ 7 | && opam remote set-url default https://opam.ocaml.org \ 8 | && opam repo add bap git://github.com/BinaryAnalysisPlatform/opam-repository#testing --all \ 9 | && opam update \ 10 | && opam depext --install bap --yes -j 1 \ 11 | && opam clean -acrs \ 12 | && rm -rf /home/opam/.opam/4.0[2-8] \ 13 | && rm -rf /home/opam/.opam/4.09/.opam-switch/sources/* \ 14 | && rm -rf /home/opam/opam-repository \ 15 | && sudo apk add py-pip \ 16 | && sudo pip install bap 17 | 18 | ENTRYPOINT ["opam", "config", "exec", "--"] 19 | -------------------------------------------------------------------------------- /oasis/bundle: -------------------------------------------------------------------------------- 1 | Flag bundle 2 | Description: Build BAP bundler 3 | Default: false 4 | 5 | Library bundle 6 | Build$: flag(everything) || flag(bundle) 7 | Path: lib/bap_bundle 8 | FindlibName: bap-bundle 9 | BuildDepends: uri, camlzip, unix, core_kernel, core_kernel.caml_unix, ppx_bap 10 | Modules: Bap_bundle 11 | InternalModules: Bap_bundle_config 12 | 13 | Executable "bapbundle" 14 | Build$: flag(everything) || flag(bundle) 15 | Path: tools 16 | MainIs: bapbundle.ml 17 | Install: true 18 | CompiledObject: best 19 | BuildDepends: core_kernel, bap-bundle, fileutils, uri 20 | -------------------------------------------------------------------------------- /oasis/primus-test: -------------------------------------------------------------------------------- 1 | Flag primus_test 2 | Description: Build Primus Lisp Program Testing Framework 3 | Default: false 4 | 5 | 6 | Library primus_test_library_plugin 7 | Build$: flag(everything) || flag(primus_test) 8 | Path: plugins/primus_test 9 | BuildDepends: bap-primus, bap, core_kernel, monads, regular, bitvec, bitvec-order, zarith 10 | FindlibName: bap-plugin-primus_test 11 | CompiledObject: best 12 | InternalModules: Primus_test_main 13 | XMETADescription: Primus Program Testing and Verification Kit 14 | DataFiles: lisp/*.lisp ($datadir/bap/primus/site-lisp) 15 | XMETAExtraLines: tags="primus, lisp" 16 | -------------------------------------------------------------------------------- /oasis/relocatable: -------------------------------------------------------------------------------- 1 | Flag relocatable 2 | Description: Build relocatable brancher 3 | Default: false 4 | 5 | Library relocatable_plugin 6 | XMETADescription: provides facility to load relocatable files 7 | Path: plugins/relocatable 8 | Build$: flag(everything) || flag(relocatable) 9 | FindlibName: bap-plugin-relocatable 10 | InternalModules: Rel_symbolizer 11 | BuildDepends: bap, ogre, bap-knowledge, core_kernel, monads, 12 | bitvec, bitvec-order, bitvec-sexp, bap-core-theory, ppx_bap, 13 | bap-main, bap-arm, bap-powerpc, bap-x86-cpu 14 | XMETAExtraLines: tags="brancher, loader, ogre" -------------------------------------------------------------------------------- /.run_travis_tests.sh: -------------------------------------------------------------------------------- 1 | TASK=$1 2 | 3 | mkdir -p $HOME/.opam/ 4 | 5 | comp=`ls $HOME/save_opam` 6 | 7 | cp -r $HOME/save_opam/$comp $HOME/.opam/ 8 | cp $HOME/save_opam/$comp/config $HOME/.opam/ 9 | 10 | export PATH=$HOME/.opam/$comp/bin:$PATH 11 | 12 | bap --version 13 | 14 | if [ "$TASK" == "checks" ]; then 15 | bash -exc 'make check' 16 | fi 17 | 18 | if [ "$TASK" == "unit_tests" ]; then 19 | bap_run_tests 20 | bap_future_tests 21 | bap_x86_tests 22 | bap_powerpc_tests 23 | bap_piqi_tests 24 | bap_traces_tests 25 | bap_stub_resolver_tests 26 | fi 27 | 28 | if [ "$TASK" == "veri" ]; then 29 | bash -exc 'make veri' 30 | fi 31 | -------------------------------------------------------------------------------- /plugins/phoenix/phoenix_root.mli: -------------------------------------------------------------------------------- 1 | exception Target_directory_is_a_file 2 | 3 | type t 4 | 5 | type channel = Format.formatter 6 | 7 | (** [create filename] *) 8 | val create : ?root:string -> string -> t 9 | 10 | val path : t -> string 11 | 12 | (** [with_cfg_file data symname ~f] *) 13 | val with_cfg_file : t -> string -> f:(channel -> unit) -> unit 14 | 15 | (** [with_bil_file data symname ~f] *) 16 | val with_bil_file : t -> string -> f:(channel -> unit) -> unit 17 | 18 | val with_index_file : t -> f:(channel -> unit) -> unit 19 | 20 | val with_funcs_file : t -> f:(channel -> unit) -> unit 21 | 22 | val with_dump_file : t -> f:(channel -> unit) -> unit 23 | -------------------------------------------------------------------------------- /oasis/piqi-printers.ocamlbuild.ml.in: -------------------------------------------------------------------------------- 1 | let nonempty = function (A s) -> String.length s <> 0 | _ -> true 2 | 3 | (* the piqi support is rather fragile *) 4 | let piqic_rule () : unit = 5 | rule "piqic: piqi -> .ml & _ext.ml" 6 | ~prods:["%_piqi.ml"; "%_piqi_ext.ml"] 7 | ~deps:["%.piqi"] 8 | (fun env _ -> 9 | Cmd (S (List.filter nonempty [ 10 | A (expand "${piqic}"); 11 | A (expand "${piqic_flags}"); 12 | A "-C"; 13 | A "lib/bap_piqi"; 14 | A "-I"; 15 | A "../lib/bap_piqi"; 16 | A (env "%.piqi"); 17 | A"--multi-format"])));; 18 | 19 | let () = Rules.add piqic_rule 20 | -------------------------------------------------------------------------------- /oasis/radare2: -------------------------------------------------------------------------------- 1 | Flag radare2 2 | Description: Build radare2 plugin 3 | Default: false 4 | 5 | Library radare2_plugin 6 | Build$: flag(everything) || flag(radare2) 7 | Path: plugins/radare2 8 | FindlibName: bap-plugin-radare2 9 | CompiledObject: best 10 | BuildDepends: bap, re.pcre, regular, bap-core-theory, 11 | bap-future, core_kernel, bap-knowledge, 12 | zarith, bitvec, yojson, bap-relation, bap-arm, 13 | core_kernel.caml_unix 14 | InternalModules: Radare2_main 15 | XMETADescription: use radare2 to provide a symbolizer 16 | XMETAExtraLines: tags="symbolizer, radare2" 17 | -------------------------------------------------------------------------------- /oasis/taint: -------------------------------------------------------------------------------- 1 | Flag taint 2 | Description: Build a tainter plugin 3 | Default: false 4 | 5 | Library taint 6 | Build$: flag(everything) || flag(taint) 7 | Path: lib/bap_taint 8 | FindlibName: bap-taint 9 | CompiledObject: best 10 | BuildDepends: core_kernel, bap, bap-primus, monads, ppx_bap, bap-strings, regular 11 | Modules: Bap_taint 12 | 13 | Library taint_plugin 14 | Build$: flag(everything) || flag(taint) 15 | Path: plugins/taint 16 | FindlibName: bap-plugin-taint 17 | BuildDepends: bap, core_kernel, ppx_bap, regular 18 | InternalModules: Taint_main 19 | XMETADescription: taint specified terms 20 | XMETAExtraLines: tags="dataflow, pass, taint" 21 | -------------------------------------------------------------------------------- /plugins/x86/x86_legacy_bil_var_temp.ml: -------------------------------------------------------------------------------- 1 | (* Copyright (C) 2017 ForAllSecure, Inc. - All Rights Reserved. *) 2 | module Bil = X86_legacy_bil 3 | open Bil 4 | 5 | let temp_prefix = "T_" 6 | let temp_prefix_len = String.length temp_prefix 7 | 8 | (** [is_temp_name s] returns true iff s denotes a temporary variable 9 | name. 10 | *) 11 | let is_temp_name s = 12 | (* First try VEX style vars *) 13 | (String.length s > temp_prefix_len) && (String.sub s 0 2 = temp_prefix) 14 | 15 | let nt s t = 16 | if (is_temp_name s) then 17 | Var.newvar s t 18 | else 19 | let newname = temp_prefix^s in 20 | let () = assert (is_temp_name newname) in 21 | Var.newvar (newname) t 22 | -------------------------------------------------------------------------------- /lib/bap_types/bap_trie.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Format 3 | open Bap_trie_intf 4 | 5 | module Make(Key : Key) : V2.S with type key = Key.t 6 | and type token = Key.token 7 | 8 | module Array : sig 9 | module Prefix(Tok : Token) : V2.S with type key = Tok.t array 10 | and type token = Tok.t 11 | module Suffix(Tok : Token) : V2.S with type key = Tok.t array 12 | and type token = Tok.t 13 | end 14 | 15 | module String : sig 16 | module Prefix : V2.S with type key = string and type token = char 17 | module Suffix : V2.S with type key = string and type token = char 18 | end 19 | -------------------------------------------------------------------------------- /lib/bap_types/bap_toplevel.mli: -------------------------------------------------------------------------------- 1 | open Bap_knowledge 2 | 3 | type 'a t = 'a 4 | type 'p var 5 | 6 | exception Conflict of Knowledge.conflict 7 | 8 | val eval : ('a,'p) Knowledge.slot -> 'a Knowledge.obj knowledge -> 'p t 9 | val exec : unit knowledge -> unit t 10 | 11 | val try_eval : ('a,'p) Knowledge.slot -> 'a Knowledge.obj knowledge -> 12 | ('p,Knowledge.conflict) result t 13 | 14 | val try_exec : unit knowledge -> (unit,Knowledge.conflict) result t 15 | 16 | val get : 'p var -> 'p t 17 | val put : 'p var -> 'p knowledge -> unit t 18 | val var : string -> 'p var 19 | 20 | 21 | val reset : unit -> unit 22 | val set : Knowledge.state -> unit 23 | val current : unit -> Knowledge.state 24 | -------------------------------------------------------------------------------- /oasis/patterns: -------------------------------------------------------------------------------- 1 | Flag patterns 2 | Description: Build the byte patterns plugin 3 | Default: false 4 | 5 | Library patterns_plugin 6 | Build$: flag(everything) || flag(patterns) 7 | Path: plugins/patterns 8 | FindlibName: bap-plugin-patterns 9 | CompiledObject: best 10 | BuildDepends: core_kernel, ppx_bap, bap-knowledge, bap-core-theory, bap-main, bap, 11 | bitvec, bitvec-order, bitvec-binprot, bitvec-sexp, bap-relation, 12 | zarith, xmlm, uri, bap-primus, fileutils 13 | 14 | InternalModules: Patterns_main 15 | XMETADescription: implements the byte patterns analysis plugin 16 | DataFiles: semantics/*.lisp ($datadir/bap/primus/semantics) 17 | -------------------------------------------------------------------------------- /plugins/mips/mips_model.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap.Std 3 | open Mips_rtl 4 | 5 | module type Model = sig 6 | type t 7 | val gpr : t String.Map.t 8 | val gpri : t Int.Map.t 9 | val fpr : t String.Map.t 10 | val fpri : t Int.Map.t 11 | val hi : t 12 | val lo : t 13 | end 14 | 15 | module type Model_exp = sig 16 | include Model with type t := exp 17 | end 18 | 19 | module type MIPS = sig 20 | module E : Model_exp 21 | include Model with type t := var 22 | 23 | val mem : var 24 | val gpr_bitwidth : int 25 | val fpr_bitwidth : int 26 | end 27 | 28 | module MIPS_32 : MIPS 29 | module MIPS_64 : MIPS 30 | 31 | module MIPS_32_cpu : CPU 32 | module MIPS_64_cpu : CPU 33 | -------------------------------------------------------------------------------- /lib/bap_primus/bap_primus_lisp_attributes.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap_core_theory 3 | open Bap_primus_lisp_types 4 | 5 | module Attribute = Bap_primus_lisp_attribute 6 | 7 | module External : sig 8 | val t : String.Set.t Attribute.t 9 | end 10 | 11 | module Variables : sig 12 | val global : Set.M(Bap_primus_lisp_var).t Attribute.t 13 | val static : Set.M(Bap_primus_lisp_var).t Attribute.t 14 | end 15 | 16 | module Advice : sig 17 | type cmethod = Before | After 18 | type t 19 | val t : t Attribute.t 20 | val targets : t -> cmethod -> Set.M(KB.Name).t 21 | end 22 | 23 | module Visibility : sig 24 | type t 25 | val t : t Attribute.t 26 | val is_public : t -> bool 27 | end 28 | -------------------------------------------------------------------------------- /lib/bap_types/bap_type_error.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Regular.Std 3 | open Bap_common 4 | 5 | 6 | type t = [ 7 | | `bad_kind of [`mem | `imm] 8 | | `bad_type of typ * typ 9 | | `bad_cast 10 | | `unknown 11 | ] [@@deriving bin_io, compare, sexp] 12 | 13 | exception T of t [@@deriving sexp_of] 14 | 15 | 16 | val bad_mem : t 17 | val bad_imm : t 18 | val bad_cast : t 19 | val bad_type : exp:typ -> got:typ -> t 20 | val unknown : t 21 | 22 | val expect_mem : unit -> 'a 23 | val expect_imm : unit -> 'a 24 | val wrong_cast : unit -> 'a 25 | val expect : typ -> got:typ -> 'a 26 | 27 | type type_error = t [@@deriving bin_io, compare, sexp] 28 | 29 | include Regular.S with type t := t 30 | -------------------------------------------------------------------------------- /plugins/x86/x86_legacy_bil_var_temp.mli: -------------------------------------------------------------------------------- 1 | (* Copyright (C) 2017 ForAllSecure, Inc. - All Rights Reserved. *) 2 | (** Recognizing and creating temporary variables 3 | 4 | A temporary is a variable introduced by BAP's lifting process that 5 | is only referenced inside one assembly block. The evaluator (and 6 | other BAP analyses) use this information to throw away any state 7 | stored for these temporaries once the temporary becomes out of 8 | scope (i.e., out of that assembly block). 9 | *) 10 | 11 | module Bil = X86_legacy_bil 12 | open Bil 13 | 14 | (** [nt n t] creates a new temporary variable with name [n] and type 15 | [t]. *) 16 | val nt : string -> Type.typ -> Var.t 17 | -------------------------------------------------------------------------------- /docker/ubuntu/xenial/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ocaml/opam2:ubuntu-16.04 2 | 3 | WORKDIR /home/opam 4 | 5 | RUN sudo apt-get update && sudo apt-get install --yes python-pip \ 6 | && opam switch 4.09 \ 7 | && eval "$(opam env)" \ 8 | && opam remote set-url default https://opam.ocaml.org \ 9 | && opam repo add bap git://github.com/BinaryAnalysisPlatform/opam-repository --all \ 10 | && opam update \ 11 | && opam depext --install bap --yes -j 1 \ 12 | && opam clean -acrs \ 13 | && rm -rf /home/opam/.opam/4.0[2-8,10] \ 14 | && rm -rf /home/opam/.opam/4.09/.opam-switch/sources/* \ 15 | && rm -rf /home/opam/opam-repository \ 16 | && sudo pip install bap 17 | 18 | ENTRYPOINT ["opam", "config", "exec", "--" ] 19 | -------------------------------------------------------------------------------- /oasis/demangle: -------------------------------------------------------------------------------- 1 | Flag demangle 2 | Description: Build demangle library 3 | Default: false 4 | 5 | Library "bap-demangle" 6 | Path: lib/bap_demangle 7 | Build$: flag(everything) || flag(demangle) 8 | FindlibName: bap-demangle 9 | CompiledObject: best 10 | BuildDepends: core_kernel 11 | Modules: Bap_demangle 12 | 13 | Library "demangle_plugin" 14 | Path: plugins/demangle 15 | Build$: flag(everything) || flag(demangle) 16 | FindlibName: bap-plugin-demangle 17 | CompiledObject: best 18 | BuildDepends: core_kernel, bap-demangle, bap, bap-future, bap-plugins 19 | InternalModules: Demangle_main 20 | XMETADescription: demangle subroutine names 21 | XMETAExtraLines: tags="demangler" 22 | -------------------------------------------------------------------------------- /oasis/objdump: -------------------------------------------------------------------------------- 1 | Flag objdump 2 | Description: Build objdump plugin 3 | Default: false 4 | 5 | Library objdump_plugin 6 | Build$: flag(everything) || flag(objdump) 7 | Path: plugins/objdump 8 | FindlibName: bap-plugin-objdump 9 | CompiledObject: best 10 | BuildDepends: re.pcre, bap-core-theory, 11 | core_kernel, bap-knowledge, 12 | bitvec, bitvec-order, bitvec-sexp, 13 | bap-main, bap-relation, 14 | core_kernel.caml_unix 15 | InternalModules: Objdump_main, Objdump_config 16 | XMETADescription: use objdump to provide a symbolizer 17 | XMETAExtraLines: tags="objdump, symbolizer" 18 | -------------------------------------------------------------------------------- /plugins/x86/x86_targets.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap.Std 3 | 4 | module Insn = Disasm_expert.Basic.Insn 5 | 6 | module IA32L = X86_lifter.IA32 7 | module AMD64L = X86_lifter.AMD64 8 | 9 | module IA32D = struct 10 | module CPU = IA32L.CPU 11 | let lift _mem insn = 12 | Or_error.error "unimplemented" insn Insn.sexp_of_t 13 | end 14 | 15 | module AMD64D = struct 16 | module CPU = AMD64L.CPU 17 | let lift _mem insn = 18 | Or_error.error "unimplemented" insn Insn.sexp_of_t 19 | end 20 | 21 | module IA32 = X86_backend.IA32.Make(IA32D) 22 | module AMD64 = X86_backend.AMD64.Make(AMD64D) 23 | 24 | module IA32M = X86_backend.IA32.Make(IA32L) 25 | module AMD64M = X86_backend.AMD64.Make(AMD64L) 26 | -------------------------------------------------------------------------------- /oasis/abi: -------------------------------------------------------------------------------- 1 | Flag abi 2 | Description: Build ABI disaptching library 3 | Default: false 4 | 5 | Library bap_abi 6 | Build$: flag(everything) || flag(abi) 7 | Path: lib/bap_abi 8 | FindlibName: bap-abi 9 | CompiledObject: best 10 | BuildDepends: bap, core_kernel, ppx_bap 11 | Modules: Bap_abi 12 | 13 | Library abi_plugin 14 | Build$: flag(everything) || flag(abi) 15 | Path: plugins/abi 16 | FindlibName: bap-plugin-abi 17 | CompiledObject: best 18 | BuildDepends: bap, bap-abi, core_kernel 19 | InternalModules: Abi_main 20 | XMETADescription: apply abi information to a project 21 | XMETAExtraLines: tags="abi, pass" -------------------------------------------------------------------------------- /oasis/map-terms: -------------------------------------------------------------------------------- 1 | Flag map_terms 2 | Description: Build map plugin and bml library 3 | Default: false 4 | 5 | Library "bap-bml" 6 | XMETADescription: BAP Mapping Language 7 | Path: lib/bap_bml 8 | Build$: flag(everything) || flag(map_terms) 9 | BuildDepends: bap, core_kernel, ppx_bap 10 | FindlibName: bap-bml 11 | Modules: Bap_bml 12 | 13 | Library map_terms_plugin 14 | Build$: flag(everything) || flag(map_terms) 15 | Path: plugins/map_terms 16 | FindlibName: bap-plugin-map_terms 17 | BuildDepends: bap, bap-bml, core_kernel, ppx_bap, regular, bap-main 18 | InternalModules: Map_terms_main, Map_terms_features 19 | XMETADescription: map terms using BML DSL 20 | XMETAExtraLines: tags="pass" 21 | -------------------------------------------------------------------------------- /oasis/c: -------------------------------------------------------------------------------- 1 | Flag c 2 | Description: C language support 3 | Default: false 4 | 5 | Library bap_c 6 | Build$: flag(everything) || flag(c) 7 | XMETADescription: C language abstraction 8 | Path: lib/bap_c 9 | FindlibName: bap-c 10 | CompiledObject: best 11 | BuildDepends: bap, bap-abi, bap-api, core_kernel, ppx_bap, monads, regular, 12 | bap-core-theory, bap-knowledge 13 | Modules: Bap_c, 14 | Bap_c_abi, 15 | Bap_c_attr, 16 | Bap_c_data, 17 | Bap_c_size, 18 | Bap_c_type, 19 | Bap_c_type_mapper, 20 | Bap_c_type_mapper_intf, 21 | Bap_c_type_printer, 22 | Bap_c_parser, 23 | Bap_c_term_attributes 24 | -------------------------------------------------------------------------------- /lib/arm/arm_op.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Regular.Std 3 | open Bap.Std 4 | 5 | module Arm = Arm_types 6 | 7 | type t = Arm.op [@@deriving bin_io, compare, sexp] 8 | 9 | 10 | let create : op -> Arm.op option = 11 | let open Option.Monad_infix in 12 | function 13 | | Op.Fmm fmm -> None 14 | | Op.Reg reg -> Arm_reg.create reg >>| fun reg -> `Reg reg 15 | | Op.Imm imm -> 16 | Imm.to_word ~width:32 imm >>| fun imm -> `Imm imm 17 | 18 | include Regular.Make(struct 19 | type t = Arm.op [@@deriving bin_io, compare, sexp] 20 | let module_name = Some "Arm.Op" 21 | let version = "1.0.0" 22 | let pp fmt op = 23 | Format.fprintf fmt "%a" Sexp.pp (sexp_of_t op) 24 | let hash op = Hashtbl.hash op 25 | end) 26 | -------------------------------------------------------------------------------- /lib/bap_disasm/bap_disasm_source.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap_types.Std 3 | open Bap_image_std 4 | open Bap_future.Std 5 | open Bap_core_theory 6 | 7 | module Context : sig 8 | type t 9 | val for_label : Theory.label -> t KB.t 10 | val is_applicable : t -> string option -> bool 11 | val create_addr : t -> unbiased:bool -> Bitvec.t -> addr 12 | end 13 | 14 | type 'a t = 'a Or_error.t stream 15 | type 'a source = 'a t 16 | 17 | module type Factory = sig 18 | type t 19 | val list : unit -> string list 20 | val find : string -> t source option 21 | val register : string -> t source -> unit 22 | end 23 | 24 | module Factory : sig 25 | module type S = Factory 26 | module Make(T : T) : S with type t = T.t 27 | end 28 | -------------------------------------------------------------------------------- /lib/bap_disasm/bap_disasm_target_intf.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap_types.Std 3 | open Bap_image_std 4 | 5 | module type CPU = sig 6 | val gpr : Var.Set.t 7 | val mem : var 8 | val sp : var 9 | val zf : var 10 | val cf : var 11 | val vf : var 12 | val nf : var 13 | val is_reg : var -> bool 14 | val is_flag : var -> bool 15 | val is_sp : var -> bool 16 | val is_bp : var -> bool 17 | val is_zf : var -> bool 18 | val is_cf : var -> bool 19 | val is_vf : var -> bool 20 | val is_nf : var -> bool 21 | val is_mem : var -> bool 22 | end 23 | 24 | type lifter = mem -> Bap_disasm_basic.full_insn -> bil Or_error.t 25 | 26 | module type Target = sig 27 | module CPU : CPU 28 | val lift : lifter 29 | end 30 | -------------------------------------------------------------------------------- /lib/bap_traces/bap_trace_meta.mli: -------------------------------------------------------------------------------- 1 | open Bap.Std 2 | open Bap_trace_meta_types 3 | 4 | (** Common trace meta attributes. 5 | 6 | This file contains common meta attributes. Real traces may or may not 7 | contain them. They may also contain attributes that are not 8 | specified in this module. 9 | *) 10 | 11 | 12 | (** description of a tracer that was used to create the trace *) 13 | val tracer : tracer tag 14 | 15 | (** description of a target binary (executable) that was traced.*) 16 | val binary : binary tag 17 | 18 | (** description of binary architecture. *) 19 | val arch : arch tag 20 | 21 | (** file stats of the traced binary *) 22 | val binary_file_stats : file_stats tag 23 | 24 | val trace_stats : trace_stats tag 25 | -------------------------------------------------------------------------------- /lib/microx/microx.ml: -------------------------------------------------------------------------------- 1 | (** Microexecution library. 2 | 3 | Microexecution is an execution of arbitrary pieces of code, 4 | under random context. 5 | 6 | The library provides two classes: 7 | 8 | - a concretizer 9 | concretization is a process of giving a value for unknown 10 | variable); 11 | - a conqueror, that is an IR interpreter, that tries to cover as 12 | much code as needed. 13 | 14 | *) 15 | 16 | [@@@deprecated "[since 2017-04] use Primus instead"] 17 | 18 | module Std = struct 19 | module Concretizer = Microx_concretizer 20 | module Conqueror = Microx_conqueror 21 | 22 | class ['a] concretizer = ['a] Concretizer.main 23 | class ['a] conqueror = ['a] Conqueror.main 24 | end 25 | -------------------------------------------------------------------------------- /oasis/mc: -------------------------------------------------------------------------------- 1 | Flag mc 2 | Description: Build BAP Machine Code frontend 3 | Default: false 4 | 5 | Library mc_plugin 6 | Path: plugins/mc 7 | FindLibName: bap-plugin-mc 8 | Build$: flag(everything) || flag(mc) 9 | CompiledObject: best 10 | Modules: Mc_main 11 | BuildDepends: core_kernel, bap-main, bap, regular, bap-plugins, 12 | bap-core-theory, bap-knowledge, ppx_bap, bitvec, 13 | ogre 14 | XMETAExtraLines: tags="command, disassemble" 15 | 16 | 17 | Executable "bap-mc" 18 | Path: src 19 | MainIs: bap_mc.ml 20 | Build$: flag(everything) || flag(mc) 21 | Install: true 22 | CompiledObject: best 23 | BuildDepends: unix 24 | -------------------------------------------------------------------------------- /lib/arm/arm_utils.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap.Std 3 | open Arm_types 4 | 5 | 6 | val tmp : ?name:string -> typ -> var 7 | 8 | val assn : var -> exp -> stmt 9 | 10 | val fail : Source_code_position.t -> ('a,unit,string,'b) format4 -> 'a 11 | 12 | val bitlen : typ -> int 13 | 14 | val exec : stmt list -> ?flags:stmt list -> ?wflag:op -> op -> stmt list 15 | 16 | val exp_of_op : op -> exp 17 | 18 | val exp_of_reg : reg -> exp 19 | 20 | val cast_of_sign : sign -> int -> exp -> exp 21 | 22 | 23 | val assert_reg : Source_code_position.t -> op -> reg 24 | 25 | val assert_imm : Source_code_position.t -> op -> word 26 | 27 | val assert_cond : Source_code_position.t -> op -> cond 28 | 29 | val msb : exp -> exp 30 | 31 | val zero : typ -> exp 32 | -------------------------------------------------------------------------------- /oasis/piqi-printers.setup.ml.in: -------------------------------------------------------------------------------- 1 | let piqic () : unit = 2 | let chop str = try 3 | Filename.chop_extension str 4 | with _ -> str in 5 | let piqic_path = BaseCheck.prog_best "piqic_path" ["piqic-ocaml"; "piqic"] () in 6 | BaseEnv.var_define "piqic_flags" (fun () -> 7 | if chop (Filename.basename (BaseEnv.var_get "piqic")) = "piqic" 8 | then "ocaml" 9 | else "") |> 10 | definition_end; 11 | BaseEnv.var_define "piqic" (fun () -> 12 | if List.mem (BaseStandardVar.os_type ()) ["Cygwin"; "Win32"] 13 | then 14 | String.concat " " 15 | (OASISExec.run_read_output ~ctxt "cygpath" [piqic_path]) 16 | else piqic_path) |> 17 | definition_end 18 | 19 | 20 | 21 | 22 | let () = define [piqic] 23 | -------------------------------------------------------------------------------- /vagrant/jessie64/Vagrantfile: -------------------------------------------------------------------------------- 1 | # -*- mode: ruby -*- 2 | # vi: set ft=ruby : 3 | 4 | Vagrant.configure(2) do |config| 5 | config.vm.box = "debian/jessie64" 6 | config.vm.provider "virtualbox" do |vb| 7 | vb.memory = "4096" 8 | end 9 | config.vm.provision "shell", privileged: false, inline: <<-SHELL 10 | sudo apt-get update 11 | sudo apt-get install curl make git m4 libcap-dev gcc unzip --yes 12 | 13 | echo "" | sh <(curl -sL https://raw.githubusercontent.com/ocaml/opam/master/shell/install.sh) 14 | 15 | yes | opam init --compiler=4.05.0 --disable-sandboxing 16 | eval $(opam env) 17 | 18 | opam install depext --yes 19 | opam depext bap -i --yes 20 | 21 | sudo apt-get install python-pip --yes 22 | sudo pip install bap 23 | SHELL 24 | end 25 | -------------------------------------------------------------------------------- /lib/bap_llvm/bap_llvm_disasm.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | 3 | [@@@ocaml.warning "-3"] 4 | 5 | external init : unit -> int = "disasm_llvm_init_stub" "noalloc" 6 | 7 | type x86_syntax = [`att | `intel] [@@deriving sexp] 8 | 9 | module X86_syntax = struct 10 | type t = x86_syntax [@@deriving sexp] 11 | let to_string s = Sexp.to_string @@ sexp_of_t s 12 | end 13 | 14 | let putenv s = 15 | Caml_unix.putenv 16 | "BAP_LLVM_OPTIONS" ("-x86-asm-syntax=" ^ X86_syntax.to_string s) 17 | 18 | let init ?(x86_syntax=`att) () = 19 | let () = putenv x86_syntax in 20 | let r = init () in 21 | if r < 0 then 22 | Error (Error.of_string (sprintf "LLVM initialization failed with error %d" r)) 23 | else Ok () 24 | 25 | let version = Bap_llvm_config.version 26 | -------------------------------------------------------------------------------- /oasis/thumb: -------------------------------------------------------------------------------- 1 | Flag thumb 2 | Description: Build Thumb lifter 3 | Default: false 4 | 5 | Library thumb_plugin 6 | XMETADescription: provide Thumb lifter 7 | Path: plugins/thumb 8 | Build$: flag(everything) || flag(thumb) 9 | BuildDepends: core_kernel, ppx_bap, ogre, 10 | bap-core-theory, bap-knowledge, bap-main, 11 | bap, bap-arm, bitvec 12 | FindlibName: bap-plugin-thumb 13 | InternalModules: Thumb_main, 14 | Thumb_bits, 15 | Thumb_branch, 16 | Thumb_core, 17 | Thumb_mem, 18 | Thumb_mov, 19 | Thumb_opcodes 20 | XMETAExtraLines: tags="thumb, lifter, arm" 21 | -------------------------------------------------------------------------------- /tools/bapclean.sh: -------------------------------------------------------------------------------- 1 | core_library="BAP Core Library" 2 | 3 | for package in `ocamlfind list | cut -d' ' -f1` 4 | do 5 | desc=`ocamlfind query -format "%D" $package` 6 | if [ "x$desc" = "x$core_library" ] 7 | then 8 | echo "deleting package $package that is a part of $core_library" 9 | ocamlfind remove $package 10 | else 11 | case $package in 12 | bap-plugin-*) 13 | echo "deleting $package because it is a bap-plugin" 14 | ocamlfind remove $package 15 | ;; 16 | bap-*) 17 | echo "deleting $package because it is prefixed with bap" 18 | ocamlfind remove $package 19 | ;; 20 | esac 21 | fi 22 | done 23 | -------------------------------------------------------------------------------- /lib/bap_disasm/bap_disasm_brancher.mli: -------------------------------------------------------------------------------- 1 | open Bap_types.Std 2 | open Bap_disasm_source 3 | open Bap_image_std 4 | open Bap_disasm_basic 5 | open Bap_disasm_block 6 | open Bap_knowledge 7 | 8 | type t 9 | type brancher = t 10 | 11 | type dest = addr option * edge [@@deriving sexp] 12 | type dests = dest list [@@deriving sexp] 13 | 14 | val create : (mem -> full_insn -> dests) -> t 15 | 16 | val set_path : t -> string -> t 17 | 18 | val path : t -> string option 19 | 20 | val of_bil : arch -> t 21 | 22 | val of_image : image -> t 23 | 24 | val resolve : t -> mem -> full_insn -> dests 25 | 26 | val empty : t 27 | 28 | val provide : t -> unit 29 | 30 | val providing : t -> (unit -> 'a knowledge) -> 'a knowledge 31 | 32 | module Factory : Factory with type t = t 33 | -------------------------------------------------------------------------------- /lib/bap_piqi/bir_piqi.mli: -------------------------------------------------------------------------------- 1 | open Bap.Std 2 | 3 | type fmt = [ `json | `pb | `piq | `pib | `xml ] 4 | 5 | 6 | val program_of_string : fmt -> string -> program term 7 | val sub_of_string : fmt -> string -> sub term 8 | val blk_of_string : fmt -> string -> blk term 9 | val arg_of_string : fmt -> string -> arg term 10 | val phi_of_string : fmt -> string -> phi term 11 | val def_of_string : fmt -> string -> def term 12 | 13 | val string_of_program : fmt -> program term -> string 14 | val string_of_sub : fmt -> sub term -> string 15 | val string_of_blk : fmt -> blk term -> string 16 | val string_of_arg : fmt -> arg term -> string 17 | val string_of_phi : fmt -> phi term -> string 18 | val string_of_def : fmt -> def term -> string 19 | -------------------------------------------------------------------------------- /plugins/cache/bap_cache_types.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Regular.Std 3 | 4 | type config = { 5 | capacity : int; (* Mb *) 6 | overhead : int; (* % *) 7 | gc_enabled : bool; 8 | } [@@deriving bin_io, compare, sexp] 9 | 10 | module Compatibility = struct 11 | module V2 = struct 12 | type entry = { 13 | atime : float; 14 | ctime : float; 15 | hits : int; 16 | path : string; 17 | size : int64; 18 | } [@@deriving bin_io, compare, sexp] 19 | 20 | type config = { 21 | max_size : int64; 22 | } [@@deriving bin_io, compare, sexp] 23 | 24 | type t = { 25 | config : config; 26 | entries : entry Data.Cache.Digest.Map.t; 27 | } [@@deriving bin_io, compare, sexp] 28 | end 29 | end 30 | -------------------------------------------------------------------------------- /oasis/regular: -------------------------------------------------------------------------------- 1 | Flag regular 2 | Description: Build regular library 3 | Default: false 4 | 5 | Library regular 6 | Build$: flag(everything) || flag(regular) 7 | Path: lib/regular 8 | FindlibName: regular 9 | CompiledObject: best 10 | BuildDepends: core_kernel, ppx_bap 11 | Modules: Regular 12 | InternalModules: 13 | Regular_bytes, 14 | Regular_cache, 15 | Regular_data, 16 | Regular_data_intf, 17 | Regular_data_types, 18 | Regular_data_write, 19 | Regular_data_read, 20 | Regular_opaque, 21 | Regular_regular, 22 | Regular_seq 23 | -------------------------------------------------------------------------------- /plugins/ghidra/ghidra_main.ml: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap_main 3 | 4 | let default_paths = 5 | let (/) = Filename.concat in 6 | Extension.Configuration.[ 7 | datadir / "ghidra"; 8 | sysdatadir / "ghidra"; 9 | "/usr/share/ghidra"; 10 | ] 11 | 12 | let show_targets = Extension.Configuration.flag "list-targets" 13 | ~aliases:["targets"] 14 | 15 | let paths = Extension.Configuration.parameters 16 | Extension.Type.(list string) "path" 17 | 18 | let () = Extension.declare @@ fun ctxt -> 19 | let open Extension.Syntax in 20 | Bap_ghidra.init () 21 | ~paths:(List.concat (ctxt-->paths) @ default_paths) 22 | ~print_targets:(ctxt-->show_targets); 23 | if (ctxt-->show_targets) 24 | then Error (Extension.Error.Exit_requested 0) 25 | else Ok () 26 | -------------------------------------------------------------------------------- /lib/bap_primus/bap_primus_pos.mli: -------------------------------------------------------------------------------- 1 | open Core_kernel 2 | open Bap.Std 3 | open Monads.Std 4 | 5 | type nil = Nil 6 | type top = program 7 | 8 | type ('a,'b) level = { 9 | me : 'a term; 10 | up : 'b; 11 | } 12 | 13 | type level3 = (top,nil) level 14 | type level2 = (sub,level3) level 15 | type 'a level1 = ('a,level2) level 16 | type 'a level0 = ('a,blk level1) level 17 | 18 | type t = 19 | | Top of level3 20 | | Sub of level2 21 | | Arg of arg level1 22 | | Blk of blk level1 23 | | Phi of phi level0 24 | | Def of def level0 25 | | Jmp of jmp level0 26 | [@@deriving sexp_of] 27 | 28 | val to_string : t -> string 29 | 30 | val tid : t -> tid 31 | val get : 'a tag -> t -> 'a option 32 | val next : t -> ('p,'t) cls -> 't term -> (t,Bap_primus_exn.t) Monad.Result.result 33 | --------------------------------------------------------------------------------