Volatility Interface to the Binary Analysis Platform
In working with Volatility plugins to analyse (for example) the stack and the heap (work still in progress), I was starting to require a formal model of the x86 processor which could be used to analyse binary code. libbap is an attempt at investigating this issue by providing a Python/Volatility interface to the Binary Analysis Platform (BAP - which is mostly written in OCaml).
Broadly speaking, the idea is to use OCaml (via BAP) to perform code analysis and Python (via Volatility) to supply OS related knowledge and memory artefacts.
Note: as part of this effort, it is also possible to use libbap to write Volatility plugins in OCaml.
- Volatility Interface to BAP
- Programmatic Interaction with BAP
- Viewing Graphs
- Graph Manipulations
- Calculating Weakest Pre-conditions
- Constraint Solving
- Using Abstract Interpretation
- Generating and Instrumenting LLVM Bitcode