Ed's Blog

A PhD Student's Musings

Coming to a BAP Near You

There’s going to be a lot of surprises in BAP 0.8. Here’s a little preview:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58

addr 0x40d100 @asm "sub    0x10(%rsp),%r13"
label pc_0x40d100
T_t_4023:u64 = R_13:u64
R_13:u64 = R_13:u64 - mem:?u64[R_RSP:u64 + 0x10:u64, e_little]:u64
R_CF:bool = T_t_4023:u64 < mem:?u64[R_RSP:u64 + 0x10:u64, e_little]:u64
R_OF:bool =
  high:bool((T_t_4023:u64 ^ mem:?u64[R_RSP:u64 + 0x10:u64, e_little]:u64) &
            (T_t_4023:u64 ^ R_13:u64))
R_AF:bool =
  0x10:u64 ==
  (0x10:u64 &
  (R_13:u64 ^ T_t_4023:u64 ^ mem:?u64[R_RSP:u64 + 0x10:u64, e_little]:u64))
R_PF:bool =
  ~low:bool(R_13:u64 >> 7:u64 ^ R_13:u64 >> 6:u64 ^ R_13:u64 >> 5:u64 ^
            R_13:u64 >> 4:u64 ^ R_13:u64 >> 3:u64 ^ R_13:u64 >> 2:u64 ^
            R_13:u64 >> 1:u64 ^ R_13:u64)
R_SF:bool = high:bool(R_13:u64)
R_ZF:bool = 0:u64 == R_13:u64
addr 0x40d105 @asm "mov    0x10(%rsp),%rcx"
label pc_0x40d105
R_RCX:u64 = mem:?u64[R_RSP:u64 + 0x10:u64, e_little]:u64
addr 0x40d10a @asm "lea    (%rbx,%r14,8),%rdi"
label pc_0x40d10a
R_RDI:u64 = R_RBX:u64 + (R_14:u64 << 3:u64)
addr 0x40d10e @asm "mov    0x18(%rsp),%rax"
label pc_0x40d10e
R_RAX:u64 = mem:?u64[R_RSP:u64 + 0x18:u64, e_little]:u64
addr 0x40d113 @asm "add    $0x38,%rsp"
label pc_0x40d113
T_t1_4024:u64 = R_RSP:u64
T_t2_4025:u64 = 0x38:u64
R_RSP:u64 = R_RSP:u64 + T_t2_4025:u64
R_CF:bool = R_RSP:u64 < T_t1_4024:u64
R_OF:bool =
  high:bool((T_t1_4024:u64 ^ ~T_t2_4025:u64) & (T_t1_4024:u64 ^ R_RSP:u64))
R_AF:bool =
  0x10:u64 == (0x10:u64 & (R_RSP:u64 ^ T_t1_4024:u64 ^ T_t2_4025:u64))
R_PF:bool =
  ~low:bool(R_RSP:u64 >> 7:u64 ^ R_RSP:u64 >> 6:u64 ^ R_RSP:u64 >> 5:u64 ^
            R_RSP:u64 >> 4:u64 ^ R_RSP:u64 >> 3:u64 ^ R_RSP:u64 >> 2:u64 ^
            R_RSP:u64 >> 1:u64 ^ R_RSP:u64)
R_SF:bool = high:bool(R_RSP:u64)
R_ZF:bool = 0:u64 == R_RSP:u64
addr 0x40d117 @asm "pop    %rbx"
label pc_0x40d117
R_RBX:u64 = mem:?u64[R_RSP:u64, e_little]:u64
R_RSP:u64 = R_RSP:u64 + 8:u64
addr 0x40d118 @asm "pop    %rbp"
label pc_0x40d118
R_RBP:u64 = mem:?u64[R_RSP:u64, e_little]:u64
R_RSP:u64 = R_RSP:u64 + 8:u64
addr 0x40d119 @asm "pop    %r12"
label pc_0x40d119
R_12:u64 = mem:?u64[R_RSP:u64, e_little]:u64
R_RSP:u64 = R_RSP:u64 + 8:u64
addr 0x40d11b @asm "lea    0x0(,%r13,8),%rdx"
label pc_0x40d11b
R_RDX:u64 = 0:u64 + (R_13:u64 << 3:u64)

Comments