|
| 1 | +0.9.6 |
| 2 | +===== |
| 3 | + |
| 4 | +1. New loader backed with LLVM |
| 5 | + BAP now have another loader (image reader), that |
| 6 | + supports MACH-O, ELF, COFF, PE. This loader is |
| 7 | + backed with LLVM library. |
| 8 | + |
| 9 | +2. Online plugin system |
| 10 | + |
| 11 | + New extension point is added - "bap.project". Plugins marked with |
| 12 | + this plugin system will not be loaded automatically when |
| 13 | + `Plugins.load` is called, instead, they can be loaded dynamically |
| 14 | + (or online, hence the title), by using `-l` option to the `bap` |
| 15 | + utility. After being loaded the plugin is applied to a `project` |
| 16 | + data structure that contains all information about disassembled |
| 17 | + binary. Plugin can functionally update this data structure, to |
| 18 | + push information to other plugins or back to the `bap` utility. |
| 19 | + |
| 20 | + In addition to a common way of creating plugins with `oasis`, we |
| 21 | + extended `bapbuild` utility with a new rule the will product a |
| 22 | + `plugin` file. This is just a shared library underneath the hood, |
| 23 | + and you can load a plugin, created with this method directly, |
| 24 | + without installing it anywhere. `bap` utility will try to find the |
| 25 | + plugin, specified with `-l` option in a current folder, then in all |
| 26 | + folders specified in `BAP_PLUGIN_PATH` environment variable, and, |
| 27 | + finally in the system, using `ocamlfind`. |
| 28 | + |
| 29 | + In order to provide a typesafe way of interacting between plugins, |
| 30 | + we added extensible variants to BAP. But instead of using one from |
| 31 | + the 4.02, we're using universal types, based on that one, that Core |
| 32 | + library provides. First of all this is more portable, second it is |
| 33 | + more explicit and a little bit more safe. |
| 34 | + |
| 35 | +3. New ABI and CPU interfaces |
| 36 | + |
| 37 | + Modules that implements `CPU` interface are used to describe |
| 38 | + particular CPU in BIL terminology, e.g., it tells which variable |
| 39 | + corresponds to which register, flag, etc. To obtain such module, |
| 40 | + one should use `target_of_cpu` function. |
| 41 | + |
| 42 | + ABI is used to capture the procedure abstraction, starting from |
| 43 | + calling convetions and stack frame structure and ending with special |
| 44 | + function handling and support for different data-types. |
| 45 | + |
| 46 | + See d5cab1a5e122719b4a3b1ece2b1bc44f3f93095a for more information |
| 47 | + and examples. |
| 48 | + |
| 49 | +4. Bap-objdump renamed to bap |
| 50 | + |
| 51 | + bap-objdump has outgrown its name. Actually it was never really a |
| 52 | + bap-objdump at all. From now, it is just an entry point to the `bap` as |
| 53 | + platform. We will later unite `bap` with other utilities, to make them |
| 54 | + subcommands, e.g. `bap byteweight`. |
| 55 | + |
| 56 | +5. Cleanup of BIL modules |
| 57 | + |
| 58 | + Now there is a separation between BIL fur uns, and BIL fur |
| 59 | + OCaml. For writing BIL programs (as EDSL in OCaml) one should use |
| 60 | + `Bil` module, e.g. `Bil.(x = y)` will evaluate to a BIL |
| 61 | + expression. For using BIL entities as OCaml values, one should use |
| 62 | + corresponding module, e.g. `Exp.(x = y)` will compare to expressions |
| 63 | + and evaluate to a value of type `bool`. |
| 64 | + |
| 65 | +6. Enhanced IDA integration |
| 66 | + |
| 67 | + IDA intergation is now more robust. We switched to `IDA-32` by default, |
| 68 | + since 64-bit version doesn't support decompiler. Also `bap` utility |
| 69 | + can now output IDA python scripts. And `bap` plugins can annotate project |
| 70 | + with `python` commands, that later will be dumped into the script. |
| 71 | + |
| 72 | +7. In ARM switched to ARMv7 by default |
| 73 | +8. Introduce LNF algorithm and Sema library |
| 74 | + |
| 75 | + A new layer of BAP is started in this release. This would be a third pass |
| 76 | + of decompilation, where the semantic model of program will be built. Currently, |
| 77 | + there is nothing really interesting here, e.g., an implementation of the |
| 78 | + Loop nesting forest, that is not very usable right now. But the next release, |
| 79 | + will be dedicated to this layer. So, stay tuned. |
| 80 | + |
| 81 | +9. Add support for OCamlGraph |
| 82 | + |
| 83 | + Now we provide a helper utilities for those who would like to use |
| 84 | + ocamlgraph library for analysis. |
| 85 | + |
| 86 | +10. Extended bap-mc utility |
| 87 | + |
| 88 | + `bap-mc` utility now prints results in plethora of formats, |
| 89 | + including protocol buffers, from the piqi library, that was revived |
| 90 | + by Kenneth Miller. |
| 91 | + |
| 92 | +11. Interval trees, aka memory maps |
| 93 | + |
| 94 | + For working with arbitrary overlapping memory regions we now have a |
| 95 | + memory map data structure, aka interval trees, segment trees, etc. It |
| 96 | + is based on AVL trees, and performs logarithmic searches. |
| 97 | + |
| 98 | +12. Simplified CI |
| 99 | + |
| 100 | + We put Travis on a diet. Now only 4 machines with 20 ETA for all test |
| 101 | + suites to pass. (Instead of 8 * 40). |
| 102 | + |
| 103 | + |
| 104 | +0.9.5 |
| 105 | +===== |
| 106 | + |
| 107 | +1. removed tag warnings from the ocamlbuild |
| 108 | +2. fixed #114 |
| 109 | +3. moved Bap_plugins out of Bap library |
| 110 | +4. plugin library can now load arbitrary files |
| 111 | +5. bap-objdump is now pluggable |
| 112 | +6. added new extension point in the plugin system |
| 113 | +7. updated BAP LICENSE, baptop is now QPLed |
| 114 | +8. IDA can now work in a headless mode |
| 115 | +9. enhanced symbol resolution algorithm |
| 116 | +10. cleaned up image backend interface |
| 117 | +11. constraint OPAM file |
| 118 | + |
| 119 | + |
| 120 | +0.9.4 |
| 121 | +===== |
| 122 | + |
| 123 | +1. x86 and x86_64 lifter #106 |
| 124 | +2. New byteweight implementation #99 |
| 125 | +3. Intra-procedure CFG reconstruction #102 |
| 126 | +4. IDA integration #103 |
| 127 | +5. Binary release #108 |
| 128 | +6. Man pages and documentation #107 |
| 129 | +7. Unconstraint opam file and extended it with system dependents #109 |
| 130 | + |
| 131 | +0.9.3 |
| 132 | +===== |
| 133 | + |
| 134 | +1. Bitvector (aka Word, aka Addr) now provides all Integer |
| 135 | +interface without any monads right at the toplevel of the module. |
| 136 | +In other words, now you can write: Word.(x + y). |
| 137 | + |
| 138 | +2. Bitvector.Int is renamed to Bitvector.Int_exn so that it don't |
| 139 | +clobber the real Int module |
| 140 | + |
| 141 | +3. All BIL is now consolidated in one module named Bil. This module |
| 142 | +contains everything, including constructors for statements, expressions |
| 143 | +casts, binary and unary operations. It also includes functional |
| 144 | +constructors, that are now written by hand and, thus, don't suffer from |
| 145 | +syntactic clashes with keywords. There're also a plenty of other |
| 146 | +functions and new operators, available from the new Bap_helpers |
| 147 | +module, see later. Old modules, like Expr, Stmt, etc are still |
| 148 | +available, they implement Regular interface for corresponding types. |
| 149 | + |
| 150 | +4. New feature: visitor classes to traverse and transform the AST. |
| 151 | +Writing a pattern matching code every time you need to traverse or map |
| 152 | +the BIL AST is error prone and time-consuming. This visitors, do all the |
| 153 | +traversing for you, allowing you to override default behavior. Some |
| 154 | +handy algorithms, that use visitors are provided in an internal |
| 155 | +Bap_helpers module, that is included into resulting Bil |
| 156 | +module. Several optimizations were added to bap-objdump utility, like |
| 157 | +constant propogation, inlining, pruning unused variables and resolving |
| 158 | +addresses to symbols. |
| 159 | + |
| 160 | +5. Insn interface now provides predicates to query insn classes, this |
| 161 | +predicates use BIL if available. |
| 162 | + |
| 163 | +6. Disam interface now provides linear_sweep function. |
| 164 | + |
| 165 | + |
| 166 | +0.9.2 |
| 167 | +===== |
| 168 | + |
| 169 | +1. Recursive descent disassembler |
| 170 | +2. High-level simple to use interface to BAP |
| 171 | +3. New utility `bap-objdump` |
| 172 | +4. Enhanced pretty-printing |
| 173 | +5. Lots of small fixes and new handy functions |
| 174 | +6. Automatically generated documentation. |
| 175 | + |
| 176 | + |
| 177 | +0.9.1 |
| 178 | +===== |
| 179 | + |
| 180 | +First release of a new BAP. |
0 commit comments