binaryanalysisplatform / bap-python Goto Github PK

View Code? Open in Web Editor NEW

20.0 5.0 12.0 69 KB

BAP python bindings

License: MIT License

Python 100.00%

bap python reverse-engineering program-analysis program-verification

bap-python's Introduction

BAP python bindings

Installing

Install python bindings with pip (after you have installed bap):

$ pip install bap

Alternatively you can just copy paste files into your project, or clone it with git-subtree.

Installing low-level bindings

An optional low-level interface, called [rpc] depends on the requests library and the bap-server package. To use it, you need to install them from pip and opam correspondigly:

$ pip install bap[rpc]
$ opam install bap-server

Installing development version

You can also install directly from github:

pip install git+git://github.com/BinaryAnalysisPlatform/bap-python.git

Using

>>> import bap
>>> proj = bap.run('/bin/true')
>>> main = proj.program.subs.find('main')
>>> entry = main.blks[0]
>>> next = main.blks.find(entry.jmps[0].target.arg)

For more information, read builtin documentation, for example with ipython:

    >>> bap?

Using low-level interface

The low-level interface provides an access to disassembler and image loader. It uses RPC interface to make calls to the library. So make sure that you have installed requests and bap-server (see Installation section).

    >>> import bap
    >>> print '\n'.join(insn.asm for insn in bap.disasm(b"\x48\x83\xec\x08"))
        decl    %eax
        subl    $0x8, %esp

A more complex example:

    >>> img = bap.image('coreutils_O0_ls')
    >>> sym = img.get_symbol('main')
    >>> print '\n'.join(insn.asm for insn in bap.disasm(sym))
        push    {r11, lr}
        add     r11, sp, #0x4
        sub     sp, sp, #0xc8
        ... <snip> ...

bap-python's People

Contributors

Stargazers

Watchers

Forkers

chubbymaggie mikea-cmu lynne294 fuzzyushi pombredanne michawe gitoleg xvilka clayne gmacon nasingfaund

bap-python's Issues

DeprecationWarning in noeval_parser on Python 3.10

I'm seeing this warning on Python 3.10:

  .../lib/python3.10/site-packages/bap/noeval_parser.py:124: DeprecationWarning: invalid escape sequence '\.'
    parent = objs[k] = (in_s[i+1:endpos]).encode('utf-8').decode('unicode_escape')

Error while executing bap.run

I got the following error while executing bap.run on a node binary. I was told on bap forum that it is a bug in bap:

Traceback (most recent call last):
File "extract_bpir.py", line 406, in
main()
File "extract_bpir.py", line 402, in main
proj = bap.run(sys.argv[1], ['--no-byteweight'])
File "/usr/local/lib/python2.7/dist-packages/bap/bap.py", line 124, in run
return parser'load'
File "/usr/local/lib/python2.7/dist-packages/bap/bir.py", line 367, in loads
return noeval_parser.parser(s)
File "/usr/local/lib/python2.7/dist-packages/bap/noeval_parser.py", line 328, in parser
result = _parser(input_str, logger=logger)
File "/usr/local/lib/python2.7/dist-packages/bap/noeval_parser.py", line 291, in _parser
assert len(stk) == 1
AssertionError

nodeO2.tar.gz

Remove Python 2 dependency, or at least make it optional.

Currently setup.py explicitly requires python2.7. Many distributions remove python 2 packages. Would be nice to kill it finally in favor of Python 3.

Missing small imports in adt.py

adt.py seems to be missing an import for bap.bir.Tid, so an attempt at using find with a key of that type fails (such as the simple example on the main page)

Documentation outdated

Hi,
bap does not have the image method anymore and I think the page needs to be updated with a new example. Am i right?

Thanks

How to use with current BAP, e.g. v2.2 or higher?

Following the setup instructions, running opam install bap-server and building from source (after figuring out LLVM dependencies, etc):

It seems bap-server uses ~/.opam/system/bin/bap. This binary is version 1.4.0, quite old.
Installing the latest release .deb packages on the system doesn't change the version used by bap-server, I think.

How can I configure the Python bindings to use a current BAP version through bap-server? Maybe bap-server can be added to the Debian releases, since it's a bit challenging to build?

Parsing Error for ADT Output with SSA Pass

Hi all,

I really enjoy using BAP, but I encountered some bugs today while using SSA pass. I attached the minimal reproducible source code and the compiled binary.
phi.zip

Configurations:

OS: Debian 9.9
BAP: 1.6.0
bap-python: 1.3.1

I invoked BAP with: bap.run('a.out', args=['--pass=ssa']) and got

Traceback (most recent call last):
  File "./run.py", line 14, in <module>
    proj = bap.run(args.filename, args=['--pass=ssa'])
  File "[truncated]/lib/python3.5/site-packages/bap/bap.py", line 124, in run
    return parser['load'](out)
  File "[truncated]/lib/python3.5/site-packages/bap/bir.py", line 369, in loads
    return noeval_parser.parser(s)
  File "[truncated]/lib/python3.5/site-packages/bap/noeval_parser.py", line 328, in parser
    result = _parser(input_str, logger=logger)
  File "[truncated]/lib/python3.5/site-packages/bap/noeval_parser.py", line 282, in _parser
    i = parse_func(in_c, in_s, i, objs, stk)
  File "[truncated]/lib/python3.5/site-packages/bap/noeval_parser.py", line 207, in _parse_end
    parent = objs[j] = getattr(bir, name)(*parent.get('children', ())) # pylint: disable=redefined-variable-type
  File "[truncated]/lib/python3.5/site-packages/bap/adt.py", line 509, in __init__
    self.elements = dict((x.arg[0],x.arg[1]) for x in args[0])
  File "[truncated]/lib/python3.5/site-packages/bap/adt.py", line 509, in <genexpr>
    self.elements = dict((x.arg[0],x.arg[1]) for x in args[0])
AttributeError: 'tuple' object has no attribute 'arg'

After examing the traceback and your source code, I believe it's either a bug in SSA pass that outputs malformed ADT string or a bug of the parser that fails to handle tuples.

Use bap.noeval_parser.parser to parse

Phi(Tid(0x00000237, "%00000237"), Attrs([]), Var("RBX.2",Imm(64)), Values([(Tid(0x00000049, "%00000049"),Var("RBX.1",Imm(64))),(Tid(0x0000005a, "%0000005a"),Var("RBX.3",Imm(64)))]))

can reproduce the bug. The string is a part of output from SSA pass that caused the problem (Values([(Tid(0x00000049, "%00000049"),Var("RBX.1",Imm(64))),(Tid(0x0000005a, "%0000005a"),Var("RBX.3",Imm(64)))]) is the root cause, Values should contain a list of ADT objects rather than a list of tuples).

I already sent a pull request #11 that contains a quick workaround on the bap-python side.