GTIRB is GrammaTech’s Intermediate Representation for Binary analysis and rewriting. It seeks to be for binaries what LLVM is for source – allowing researchers and developers to compose tools and leverage each other’s work. GTIRB is described in a whitepaper, and in its manual.
We have built an ecosystem of tools around GTIRB, many of them available as open source and listed in the table below. In brief, our disassembler DDisasm generates GTIRB from binaries, while GTIRB-PPrinter can pretty-print GTIRB as assembly or as a binary executable. A variety of analyses run top of GTIRB, such as Retypd for binary type recovery. The gtirb-rewriting API supports modifying GTIRB files. It forms the foundation for a number of transforms that harden, optimize or debloat binaries, such as gtirb-stack-stamp and to-static. GTIRB-VSCode allows developers to work with GTIRB files in the VSCode IDE, while gtirb-ghidra-plugin supports Ghidra integrations.
GTIRB-based tools that are not open source are available to approved users via the GTIRB Omnibus image v 0.2.0.
|Intermediate Representation for Binaries
|Fast and accurate disassembler which produces GTIRB
|Utility that pretty prints GTIRB to assembler or a binary executable
|APIs for working with functions in GTIRB files
|Integration with the Capstone decoder
|APIs for working with types in GTIRB files
|Binary type analysis
|DDisasm front-end for Retypd type analysis
|Python API for rewriting GTIRB files
|Hardening transform over GTIRB
|VSCode extension to read, navigate, and (re)write GTIRB files
|Import/Export GTIRB files to/from Ghidra
This material is based upon work supported by the U.S. Navy and the U.S. Office of Naval Research under Contract(s) No. N68335-17-C-0700. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the Navy or the Office of Naval Research.