B2R2 API Reference
B2R2 is a binary reversing framework for inspecting binary formats, disassembling machine code, lifting instructions to LowUIR, recovering control flow, and building concrete or symbolic analysis scripts.
The primary API path is BinHandle for binary loading, BinaryBrew for
function and CFG recovery, and the concrete or symbolic executors for stateful
execution.
#r "nuget: B2R2.MiddleEnd.API"#r "nuget: B2R2.MiddleEnd.ConcEval"#r "nuget: B2R2.MiddleEnd.SymbEval"#r "nuget: B2R2.FrontEnd.Intel"
open B2R2open B2R2.FrontEndopen B2R2.MiddleEndopen B2R2.MiddleEnd.Executoropen B2R2.MiddleEnd.ConcEvalopen B2R2.MiddleEnd.SymbEvalReference Pages
Section titled “Reference Pages”| Page | Focus |
|---|---|
| BinHandle | Loading binaries, reading bytes and integers, creating lifting units. |
| BinaryBrew | Function recovery, CFG recovery, instruction collections, recovery strategies. |
| Concrete Execution | ConcExecutor, stop conditions, run results, and ConcStateAccessor. |
| Symbolic Execution | SymbExecutor, symbolic queries, solvers, models, buffers, and call hooks. |
Source Map
Section titled “Source Map”| B2R2 source path | Covered in |
|---|---|
src/FrontEnd/API/BinHandle.fsi | BinHandle |
src/MiddleEnd/API/BinaryBrew.fs | BinaryBrew |
src/MiddleEnd/Executor/IExecutor.fs | Concrete Execution / Symbolic Execution |
src/MiddleEnd/Executor/IStateAccessor.fs | Concrete Execution / Symbolic Execution |
src/MiddleEnd/ConcEval/ConcExecutor.fs | Concrete Execution |
src/MiddleEnd/ConcEval/ConcStateAccessor.fs | Concrete Execution |
src/MiddleEnd/SymbEval/SymbExecutor.fs | Symbolic Execution |
src/MiddleEnd/SymbEval/SymbStateAccessor.fs | Symbolic Execution |
src/MiddleEnd/SymbEval/SymbExpr.fs | Symbolic Execution |
src/MiddleEnd/SymbEval/ISolver.fs | Symbolic Execution |
src/MiddleEnd/SymbEval/SymbModel.fs | Symbolic Execution |
src/MiddleEnd/SymbEval/SymbCallHook.fs | Symbolic Execution |
Package Map
Section titled “Package Map”| Workflow | Package reference | Main namespace |
|---|---|---|
| Open binaries and lift instructions | #r "nuget: B2R2.FrontEnd.API" | B2R2.FrontEnd |
| Recover functions and CFGs | #r "nuget: B2R2.MiddleEnd.API" | B2R2.MiddleEnd |
| Concrete execution | #r "nuget: B2R2.MiddleEnd.ConcEval" | B2R2.MiddleEnd.ConcEval |
| Symbolic execution | #r "nuget: B2R2.MiddleEnd.SymbEval" | B2R2.MiddleEnd.SymbEval |
| Shared executor interfaces | Included by executor packages | B2R2.MiddleEnd.Executor |
Architecture packages such as B2R2.FrontEnd.Intel provide architecture-specific
parsers, lifters, and register factories.