1. Carl Pulley
  2. libbap

Wiki

Clone wiki

libbap / Home

Volatility Interface to the Binary Analysis Platform

In working with Volatility plugins to analyse (for example) the stack and the heap (work still in progress), I was starting to require a formal model of the x86 processor which could be used to analyse binary code. libbap is an attempt at investigating this issue by providing a Python/Volatility interface to the Binary Analysis Platform (BAP - which is mostly written in OCaml).

Broadly speaking, the idea is to use OCaml (via BAP) to perform code analysis and Python (via Volatility) to supply OS related knowledge and memory artefacts.

Note: as part of this effort, it is also possible to use libbap to write Volatility plugins in OCaml.

Updated