Awesome
BAP Bindings
This project provides a C interface to BAP library and other
components of the infrastructure. The interface is rather complete,
although some functions may be omitted for a reason or accidentaly.
By desing, everything that is possible to do in OCaml with the Bap.Std
interface should be possible to implement in C, using bap.h
. If you
find any violations of this rule, please don't hesitate to file an
issue.
Quick start
The following simple program is a good test that your installation works fine.
int main(int argc, const char *argv) {
bap_init(argc, argv);
printf("Welcome to BAP %s", bap_version());
}
The examples
folder contains a set of small programs, that can be
viewed as tutorials to BAP and BAP bindings. The following order is
suggested:
- lift_insn - teaches how to disassemble, lift and print code;
- print_reachable - explains how to write simple analysis;
- show_image - uncovers low-level details of file parsing.
Requirements
- BAP 2.x.x
- OCaml 4.03+ with PIC runtime
- GCC
- Patience (it takes some time to generate the bindings)
The PIC runtime is usually installed with OCaml (at least in OPAM).
Compilation and installation
Nothing new here:
autoconf
./configure
make
make install
You can parametrize installation variables, e.g., prefix using the
configure script, see ./configure --help
for more information.
If the configure
script is not available (e.g., when you just cloned
the repo), then use autoconf
to generate it.
Documentation
Lacks. The long story is the following. There is an official searchable documentation for OCaml library. You should consult it as a primary source of information. Although it is for OCaml, it should be understandable without a dictionary. We were trying to follow some conventions to make it easier to map C functions to their OCaml counterpart.
-
Module namespaces are translated to the underscore delimited prefixes, with exception to Bap.Std that is translated just to
bap
, e.g.,Project.Input.file
isproject_input_file
. So to get the documentation for theproject_input_file
just typeProject.Input.file
in the search window of the OCaml documentation. The same is true for types. A typeProject.t
is defined as an opaque data structurebap_project_t
. The name is typedefed into from the structure tag namespace to the symbol namespace, so nostruct
word is needed. -
The order of function parameters is preserved, except that optional parameters (prefixed with
?
in OCaml) are specified after all required parameters. For example,Project.Input.file ?loader:string -> filename:string -> t
is translated intoproject_input_file(char *filename, char *loader)
. TheNULL
value can be passed as an argument to the optional parameter. -
If there are too many optional parameters, then they are passed using a strcture. Field names of a structure correspond to the names of optional parameters. For example,
bap_project_create
corresponds toProject.create
function that has the following interface:val create : ?disassembler:string -> ?brancher:brancher source -> ?symbolizer:symbolizer source -> ?rooter:rooter source -> ?reconstructor:reconstructor source -> input -> t Or_error.t
In C land it corresponds to
struct bap_project_t* bap_project_create(struct bap_project_input_t* input, struct bap_project_parameters_t* params);
Where structure `params` is defined as:
struct bap_project_parameters_t { bap_rooter_source_t* rooter; bap_brancher_source_t* brancher; bap_symbolizer_source_t* symbolizer; bap_reconstructor_source_t* reconstructor; char* disassember; };
Each individual field of the params data structure can be
NULL
. Moreover, the params itself can be alsoNULL
. That will denote that all optional arguments were omitted. -
Nontotal functions (those that return
t Or_error.t
ort option
instead oft
) may returnNULL
. If the OCaml counterpart was returning a value oft Or_error.t
then the error can be retrieved withbap_error_get
function. -
If a module
XXX
implementsPrintable.S
interface, then the following functions are available:bap_XXX_to_string(bap_XXX_t *)
returns a string representation of a value;bap_fprint(bap_XXX_t *value, FILE *)
prints value into a stream;bap_print(bap_XXX_t *)
prints a value into stdout;bap_eprint(bap_XXX_t *)
prints a value into stderr;
-
If a module
XXX
implementsData.S
interface, then the following functions are available:bap_XXX_data_version(void)
;bap_XXX_data_size(bap_XXX_t *)
;bap_XXX_copy(bap_XXX_t *value, char *data, int len)
;bap_XXX_of_bytes(char *data, int len)
;bap_XXX_input(const char *filename)
;bap_XXX_output(const char *filename)
;
-
If a module
XXX
implementsData.S
interface, (that subsumesPrintable.S
andData.S
) then the following functions are also available:bap_XXX_hash(bap_XXX_t *)
;bap_XXX_equal(bap_XXX_t *x, bap_XXX_t *y)
;bap_XXX_compare(bap_XXX_t *x, bap_XXX_t *y)
;
-
Polymorphic operations are provided for certain type in a type-safe maner. A polymorphic operation
OP
defined in moduleM
concretized for typeXXX
will be namedbap_XXX_M_OP
for example,Seq.map
for a sequence ofinsn
is namedbap_insn_seq_map
. Currenlty, all Regular types provide two polymorphic containers:set
andseq
. Theset
is implemented using mutable hash table, andseq
is a generic sequence (that can be even infinte). -
Truly generic operatons, like
Seq.length
are provided asbap_seq_length
, wherbap_seq_t
is base class for all sequences (in the sense,bap_XXX_seq_t
is an instance ofbap_seq_t
for allXXX
). The instance relation is checked in runtime, a static cast is required at compile time.