GitHub - bryonglodencissp/loop

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
batteries		batteries
doc		doc
libasmir		libasmir
libtracewrap		libtracewrap
m4		m4
ocaml-proj.example		ocaml-proj.example
ocaml		ocaml
ocamlgraph		ocamlgraph
opq-testcases		opq-testcases
ounit		ounit
pcre-ocaml		pcre-ocaml
pintraces		pintraces
piqi-files		piqi-files
solvers		solvers
tests-proj.example		tests-proj.example
tests		tests
utils-proj.example		utils-proj.example
utils		utils
vagrant		vagrant
zarith		zarith
AUTHORS		AUTHORS
ChangeLog		ChangeLog
INSTALL		INSTALL
LICENSE.GPL		LICENSE.GPL
LICENSE.MIT		LICENSE.MIT
Makefile.am		Makefile.am
NEWS		NEWS
README		README
STYLE.C		STYLE.C
STYLE.ocaml		STYLE.ocaml
TODO		TODO
Vagrantfile		Vagrantfile
autogen.sh		autogen.sh
configure.ac		configure.ac
gpl-2.0.txt		gpl-2.0.txt

Repository files navigation

LOOP is a logic oriented opaque predicate checker. It is able 
to detect the following opaque predicates in binary code:

1. Invariant opaque predicate
2. Contextual opaque predicate
3. Dynamic opaque predicate

LOOP is developed based on BAP.

BAP: The Binary Analysis Platform. For more information see the
project webpage at http://bap.ece.cmu.edu

BAP is released under MIT license and the GPL license; see the
appropriate LICENSE.{MIT,GPL}.

How to use:

1. Use Pin to generate a execution trace. It also needs a lib called gentrace. The command is like:
   LOOPDIR/pin/pin -t LOOPDIR/pintraces/obj-ia32/gentrace.so -taint_args -- yourprogram yourargs

2. Convert trace into concrete trace:
   LOOPDIR/utils/iltrans -trace tracename -trace-concrete -pp-ast tracename.con.il

3. Preprocess the trace:
   LOOPDIR/utils/pre_process.pl tracename.con.il

4. Symbolic execute the trace:
   LOOPDIR/utils/iltrans -il tracename.con.il -il-formula tracename.stp

5. Solve the formula with STP. You will need a STP solver installed.
   stp tracename.stp