Introduction

The Carnegie Mellon University Binary Analysis Platform (CMU BAP) is a suite of utilities and libraries that enables analysis of programs in their machine representation. BAP is written in OCaml, relies on dynamically loaded plugins for extensibility, and is widely used for security analysis, program verification, and reverse engineering.

The framework consists of a bunch of libraries, plugins and frontends. The libraries provide code reusability, plugins facilitate extensibility and frontends serve as entry points.

Frontends come with comprehensive manuals, that can be accessed by using --help command line options, or via the man command, if the manpath is configured correctly. Finally, you can access a man page for a plugin using --<PLUGIN>-help command line option of a frontend, e.g., bap --map-terms-help.

Libraries

Core libraries

Foundation Libraries

Hardware Specific Libraries

Language and API/ABI Specific Libraries

Analyses and Auxiliary Libraries

Utility Libraries

Plugins

abi                      apply abi information to a project
analyze                  implements the analyze command
api                      add parameters to subroutines based on known API
arm                      provide ARM lifter
beagle                   microx powered obfuscated string solver
bil                      Provides bil optimizations
byteweight               find function starts using Byteweight algorithm
cache                    provide caching services
callgraph-collator       Collates programs based on their callgraphs
callsites                annotate callsites with subroutine's arguments
constant-tracker         Constant Tracking Analysis based on Primus
cxxfilt                  provide c++filt based demangler
demangle                 demangle subroutine names
dependencies             analyses the binary dependencies
disassemble              implements the disassemble command
dump-symbols             dump symbol information as a list of blocks
elf-loader               read ELF and DWARF formats in a pure OCaml
emit-ida-script          extract a IDA python script from bap
flatten                  flattens (unrolls) BIR expressions into a trivial form
frontc-parser            parse c files with FrontC
ghidra                   provide loader and disassembler using GHIDRA library
glibc-runtime            detects main and libc_start_main functions
ida                      use ida to provide rooter, symbolizer and reconstructor
llvm                     provide loader and disassembler using LLVM library
map-terms                map terms using BML DSL
mc                       BAP Core Library
mips                     provide MIPS lifter
objdump                  use objdump to provide a symbolizer
optimization             automatically removes dead code and propagates consts
phoenix                  output project information in a phoenix format
powerpc                  provide PowerPC lifter
primus-dictionary        provides a key-value storage
primus-exploring         evaluates all machines, prioritizing the least visited
primus-greedy            evaluates all machines in the DFS order
primus-limit             ensures termination by limiting Primus machines
primus-lisp              install and load Primus lisp libraries
primus-loader            generic program loader for Primus
primus-mark-visited      registers the bap:mark-visited component
primus-powerpc           powerpc support package
primus-print             prints Primus states and observations
primus-promiscuous       enables the promiscuous mode of execution
primus-propagate-taint   a compatibility layer between different taint analysis frameworks
primus-random            primus randomization components
primus-region            interval sets
primus-round-robin       evaluates all machines in the BFS order
primus-symbolic-executor Enables symbolic execution in Primus
primus-systems           installs, parses, and loads Primus systems
primus-taint             a taint analysis control interface
primus-test              Primus Program Testing and Verification Kit
primus-wandering         evaluates all machines while
primus-x86               x86 support package
print                    print project in various formats
propagate-taint          propagate taints through a program
radare2                  use radare2 to provide a symbolizer
raw                      BAP Core Library
read-symbols             read symbol information from file
recipe-command           manipulates bap recipes
relocatable              provides facility to load relocatable files
report                   reports program status
riscv                    provide Riscv target
run                      a pass that will run a program
specification            prints the specification of the binary (like readelf)
ssa                      translates a program into the SSA form
strings                  find strings of characters
stub-resolver            Substitutes calls to stubs with calls to real functions
systemz                  provide Systemz lifter
taint                    taint specified terms
thumb                    provide Thumb lifter
trace                    manage execution traces
trivial-condition-form   eliminates complex conditionals in branches
warn-unused              warn about unused results of certain functions
x86                      provide x86 lifter

Packages by name

b

  1. bap
  2. bap-abi
  3. bap-api
  4. bap-arm
  5. bap-beagle-prey
  6. bap-bml
  7. bap-build
  8. bap-bundle
  9. bap-byteweight
  10. bap-c
  11. bap-core-theory
  12. bap-demangle
  13. bap-dwarf
  14. bap-elf
  15. bap-future
  16. bap-ghidra
  17. bap-ida
  18. bap-knowledge
  19. bap-llvm
  20. bap-main
  21. bap-mips
  22. bap-plugins
  23. bap-powerpc
  24. bap-primus
  25. bap-primus-track-visited
  26. bap-recipe
  27. bap-relation
  28. bap-riscv
  29. bap-strings
  30. bap-systemz
  31. bap-taint
  32. bap-traces
  33. bap-x86-cpu
  34. bare
  35. bitvec
  36. bitvec-binprot
  37. bitvec-order
  38. bitvec-sexp

g

  1. graphlib

m

  1. monads

o

  1. ogre

r

  1. regular

t

  1. text-tags