# coding=utf-8
# Copyright (c) 2015-2023 Vector 35 Inc
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
import struct
import threading
import queue
import traceback
import ctypes
import abc
import json
import inspect
import os
from typing import Callable, Generator, Optional, Union, Tuple, List, Mapping, Any, \
Iterator, Iterable, KeysView, ItemsView, ValuesView
from dataclasses import dataclass
import collections
from collections import defaultdict, OrderedDict, deque
# Binary Ninja components
import binaryninja
from . import _binaryninjacore as core
from . import decorators
from .enums import (
AnalysisState, SymbolType, Endianness, ModificationStatus, StringType, SegmentFlag, SectionSemantics, FindFlag,
TypeClass, BinaryViewEventType, FunctionGraphType, TagReferenceType, TagTypeType, RegisterValueType, LogLevel
)
from . import associateddatastore # required for _BinaryViewAssociatedDataStore
from .log import log_warn, log_error, Logger
from . import typelibrary
from . import fileaccessor
from . import databuffer
from . import basicblock
from . import component
from . import lineardisassembly
from . import metadata
from . import highlight
from . import settings
from . import variable
from . import architecture
from . import filemetadata
from . import lowlevelil
from . import mediumlevelil
from . import highlevelil
from . import debuginfo
from . import flowgraph
# The following are imported as such to allow the type checker disambiguate the module name
# from properties and methods of the same name
from . import workflow as _workflow
from . import function as _function
from . import types as _types
from . import platform as _platform
from . import deprecation
PathType = Union[str, os.PathLike]
InstructionsType = Generator[Tuple[List['_function.InstructionTextToken'], int], None, None]
NotificationType = Mapping['BinaryDataNotification', 'BinaryDataNotificationCallbacks']
ProgressFuncType = Callable[[int, int], bool]
DataMatchCallbackType = Callable[[int, 'databuffer.DataBuffer'], bool]
LineMatchCallbackType = Callable[[int, 'lineardisassembly.LinearDisassemblyLine'], bool]
StringOrType = Union[str, '_types.Type', '_types.TypeBuilder']
[docs]class RelocationWriteException(Exception):
pass
[docs]@dataclass(frozen=True)
class ReferenceSource:
function: Optional['_function.Function']
arch: Optional['architecture.Architecture']
address: int
def __repr__(self):
if self.arch:
return f"<ref: {self.arch.name}@{self.address:#x}>"
else:
return f"<ref: {self.address:#x}>"
@classmethod
def _from_core_struct(cls, view: 'BinaryView', ref: core.BNReferenceSource) -> 'ReferenceSource':
if ref.func:
func = _function.Function(view, core.BNNewFunctionReference(ref.func))
else:
func = None
if ref.arch:
arch = architecture.CoreArchitecture._from_cache(ref.arch)
else:
arch = None
return ReferenceSource(func, arch, ref.addr)
@property
def llil(self) -> Optional[lowlevelil.LowLevelILInstruction]:
"""Returns the low level il instruction at the current location if one exists"""
if self.function is None or self.arch is None:
return None
return self.function.get_low_level_il_at(self.address, self.arch)
@property
def mlil(self) -> Optional[mediumlevelil.MediumLevelILInstruction]:
"""Returns the medium level il instruction at the current location if one exists"""
llil = self.llil
return llil.mlil if llil is not None else None
@property
def hlil(self) -> Optional[highlevelil.HighLevelILInstruction]:
"""Returns the high level il instruction at the current location if one exists"""
mlil = self.mlil
return mlil.hlil if mlil is not None else None
[docs]class BinaryDataNotification:
def __init__(self):
pass
[docs] def data_written(self, view: 'BinaryView', offset: int, length: int) -> None:
pass
[docs] def data_inserted(self, view: 'BinaryView', offset: int, length: int) -> None:
pass
[docs] def data_removed(self, view: 'BinaryView', offset: int, length: int) -> None:
pass
[docs] def function_added(self, view: 'BinaryView', func: '_function.Function') -> None:
pass
[docs] def function_removed(self, view: 'BinaryView', func: '_function.Function') -> None:
pass
[docs] def function_updated(self, view: 'BinaryView', func: '_function.Function') -> None:
pass
[docs] def function_update_requested(self, view: 'BinaryView', func: '_function.Function') -> None:
pass
[docs] def data_var_added(self, view: 'BinaryView', var: 'DataVariable') -> None:
pass
[docs] def data_var_removed(self, view: 'BinaryView', var: 'DataVariable') -> None:
pass
[docs] def data_var_updated(self, view: 'BinaryView', var: 'DataVariable') -> None:
pass
[docs] def tag_type_updated(self, view: 'BinaryView', tag_type) -> None:
pass
[docs] def tag_added(
self, view: 'BinaryView', tag: 'Tag', ref_type: TagReferenceType, auto_defined: bool,
arch: Optional['architecture.Architecture'], func: Optional[_function.Function], addr: int
) -> None:
pass
[docs] def tag_updated(
self, view: 'BinaryView', tag: 'Tag', ref_type: TagReferenceType, auto_defined: bool,
arch: Optional['architecture.Architecture'], func: Optional[_function.Function], addr: int
) -> None:
pass
[docs] def tag_removed(
self, view: 'BinaryView', tag: 'Tag', ref_type: TagReferenceType, auto_defined: bool,
arch: Optional['architecture.Architecture'], func: Optional[_function.Function], addr: int
) -> None:
pass
[docs] def symbol_added(self, view: 'BinaryView', sym: '_types.CoreSymbol') -> None:
pass
[docs] def symbol_updated(self, view: 'BinaryView', sym: '_types.CoreSymbol') -> None:
pass
[docs] def symbol_removed(self, view: 'BinaryView', sym: '_types.CoreSymbol') -> None:
pass
[docs] def string_found(self, view: 'BinaryView', string_type: StringType, offset: int, length: int) -> None:
pass
[docs] def string_removed(self, view: 'BinaryView', string_type: StringType, offset: int, length: int) -> None:
pass
[docs] def type_defined(self, view: 'BinaryView', name: '_types.QualifiedName', type: '_types.Type') -> None:
pass
[docs] def type_undefined(self, view: 'BinaryView', name: '_types.QualifiedName', type: '_types.Type') -> None:
pass
[docs] def type_ref_changed(self, view: 'BinaryView', name: '_types.QualifiedName', type: '_types.Type') -> None:
pass
[docs] def type_field_ref_changed(self, view: 'BinaryView', name: '_types.QualifiedName', offset: int) -> None:
pass
[docs] def segment_added(self, view: 'BinaryView', segment: 'Segment') -> None:
pass
[docs] def segment_updated(self, view: 'BinaryView', segment: 'Segment') -> None:
pass
[docs] def segment_removed(self, view: 'BinaryView', segment: 'Segment') -> None:
pass
[docs] def section_added(self, view: 'BinaryView', section: 'Section') -> None:
pass
[docs] def section_updated(self, view: 'BinaryView', section: 'Section') -> None:
pass
[docs] def section_removed(self, view: 'BinaryView', section: 'Section') -> None:
pass
[docs] def component_added(self, view: 'BinaryView', _component: component.Component) -> None:
pass
[docs] def component_removed(self, view: 'BinaryView', formerParent: component.Component,
_component: component.Component) -> None:
pass
[docs] def component_name_updated(self, view: 'BinaryView', previous_name: str, _component: component.Component) -> None:
pass
[docs] def component_moved(self, view: 'BinaryView', formerParent: component.Component, newParent: component.Component,
_component: component.Component) -> None:
pass
[docs] def component_function_added(self, view: 'BinaryView', _component: component.Component, func: '_function.Function'):
pass
[docs] def component_function_removed(self, view: 'BinaryView', _component: component.Component,
func: '_function.Function'):
pass
[docs] def component_data_var_added(self, view: 'BinaryView', _component: component.Component, var: 'DataVariable'):
pass
[docs] def component_data_var_removed(self, view: 'BinaryView', _component: component.Component, var: 'DataVariable'):
pass
[docs]class StringReference:
_decodings = {
StringType.AsciiString: "ascii", StringType.Utf8String: "utf-8", StringType.Utf16String: "utf-16",
StringType.Utf32String: "utf-32",
}
def __init__(self, bv: 'BinaryView', string_type: StringType, start: int, length: int):
self._type = string_type
self._start = start
self._length = length
self._view = bv
def __repr__(self):
return f"<{self._type.name}: {self._start:#x}, len {self._length:#x}>"
def __str__(self):
return self.value
def __len__(self):
return self._length
@property
def value(self) -> str:
return self._view.read(self._start, self._length).decode(self._decodings[self._type])
@property
def raw(self) -> bytes:
return self._view.read(self._start, self._length)
@property
def type(self) -> StringType:
return self._type
@property
def start(self) -> int:
return self._start
@property
def length(self) -> int:
return self._length
@property
def view(self) -> 'BinaryView':
return self._view
[docs]class AnalysisCompletionEvent:
"""
The ``AnalysisCompletionEvent`` object provides an asynchronous mechanism for receiving
callbacks when analysis is complete. The callback runs once. A completion event must be added
for each new analysis in order to be notified of each analysis completion. The
AnalysisCompletionEvent class takes responsibility for keeping track of the object's lifetime.
:Example:
>>> def on_complete(self):
... print("Analysis Complete", self._view)
...
>>> evt = AnalysisCompletionEvent(bv, on_complete)
>>>
"""
_pending_analysis_completion_events = {}
def __init__(
self, view: 'BinaryView', callback: Union[Callable[['AnalysisCompletionEvent'], None], Callable[[], None]]
):
self._view = view
self.callback = callback
self._cb = ctypes.CFUNCTYPE(None, ctypes.c_void_p)(self._notify)
self.handle = core.BNAddAnalysisCompletionEvent(self._view.handle, None, self._cb)
self.__class__._pending_analysis_completion_events[id(self)] = self
def __del__(self):
if id(self) in self.__class__._pending_analysis_completion_events:
del self.__class__._pending_analysis_completion_events[id(self)]
if core is not None:
core.BNFreeAnalysisCompletionEvent(self.handle)
def _notify(self, ctxt):
if id(self) in self.__class__._pending_analysis_completion_events:
del self.__class__._pending_analysis_completion_events[id(self)]
try:
arg_offset = inspect.ismethod(self.callback)
callback_spec = inspect.getfullargspec(self.callback)
if len(callback_spec.args) > arg_offset:
self.callback(self) # type: ignore
else:
self.callback() # type: ignore
except:
log_error(traceback.format_exc())
def _empty_callback(self):
pass
[docs] def cancel(self) -> None:
"""
The ``cancel`` method will cancel analysis for an :py:class:`AnalysisCompletionEvent`.
.. warning:: This method should only be used when the system is being shut down and no further analysis should be done afterward.
"""
self.callback = self._empty_callback
core.BNCancelAnalysisCompletionEvent(self.handle)
if id(self) in self.__class__._pending_analysis_completion_events:
del self.__class__._pending_analysis_completion_events[id(self)]
@property
def view(self) -> 'BinaryView':
return self._view
[docs]class BinaryViewEvent:
"""
The ``BinaryViewEvent`` object provides a mechanism for receiving callbacks when a BinaryView
is Finalized or the initial analysis is finished. The BinaryView finalized callbacks run before the
initial analysis starts. The callbacks run one-after-another in the same order as they get registered.
It is a good place to modify the BinaryView to add extra information to it.
For newly opened binaries, the initial analysis completion callbacks run after the initial analysis,
as well as linear sweep and signature matcher (if they are configured to run), completed. For loading
old databases, the callbacks run after the database is loaded, as well as any automatic analysis
update finishes.
The callback function receives a BinaryView as its parameter. It is possible to call
BinaryView.add_analysis_completion_event() on it to set up other callbacks for analysis completion.
:Example:
>>> def callback(bv):
... print('start: 0x%x' % bv.start)
...
>>> BinaryViewType.add_binaryview_finalized_event(callback)
"""
BinaryViewEventCallback = Callable[['BinaryView'], None]
# This has no functional purposes;
# we just need it to stop Python from prematurely freeing the object
_binaryview_events = {}
[docs] @classmethod
def register(cls, event_type: BinaryViewEventType, callback: BinaryViewEventCallback) -> None:
callback_obj = ctypes.CFUNCTYPE(None, ctypes.c_void_p,
ctypes.POINTER(core.BNBinaryView
))(lambda ctxt, view: cls._notify(view, callback))
core.BNRegisterBinaryViewEvent(event_type, callback_obj, None)
cls._binaryview_events[len(cls._binaryview_events)] = callback_obj
@staticmethod
def _notify(view: core.BNBinaryViewHandle, callback: BinaryViewEventCallback) -> None:
try:
file_metadata = filemetadata.FileMetadata(handle=core.BNGetFileForView(view))
view_obj = BinaryView(file_metadata=file_metadata, handle=core.BNNewViewReference(view))
callback(view_obj)
except:
log_error(traceback.format_exc())
[docs]@dataclass(frozen=True)
class ActiveAnalysisInfo:
func: '_function.Function'
analysis_time: int
update_count: int
submit_count: int
def __repr__(self):
return f"<ActiveAnalysisInfo {self.func}, analysis_time {self.analysis_time}, update_count {self.update_count}, submit_count {self.submit_count}>"
[docs]@dataclass(frozen=True)
class AnalysisInfo:
state: AnalysisState
analysis_time: int
active_info: List[ActiveAnalysisInfo]
def __repr__(self):
return f"<AnalysisInfo {self.state}, analysis_time {self.analysis_time}, active_info {self.active_info}>"
[docs]@dataclass(frozen=True)
class AnalysisProgress:
state: AnalysisState
count: int
total: int
def __str__(self):
if self.state == AnalysisState.InitialState:
return "Initial"
if self.state == AnalysisState.HoldState:
return "Hold"
if self.state == AnalysisState.IdleState:
return "Idle"
if self.state == AnalysisState.DisassembleState:
return "Disassembling (%d/%d)" % (self.count, self.total)
if self.state == AnalysisState.AnalyzeState:
return "Analyzing (%d/%d)" % (self.count, self.total)
return "Extended Analysis"
def __repr__(self):
return f"<progress: {self}>"
[docs]class BinaryDataNotificationCallbacks:
def __init__(self, view: 'BinaryView', notify: 'BinaryDataNotification'):
self._view = view
self._notify = notify
self._cb = core.BNBinaryDataNotification()
self._cb.context = 0
self._cb.dataWritten = self._cb.dataWritten.__class__(self._data_written)
self._cb.dataInserted = self._cb.dataInserted.__class__(self._data_inserted)
self._cb.dataRemoved = self._cb.dataRemoved.__class__(self._data_removed)
self._cb.functionAdded = self._cb.functionAdded.__class__(self._function_added)
self._cb.functionRemoved = self._cb.functionRemoved.__class__(self._function_removed)
self._cb.functionUpdated = self._cb.functionUpdated.__class__(self._function_updated)
self._cb.functionUpdateRequested = self._cb.functionUpdateRequested.__class__(self._function_update_requested)
self._cb.dataVariableAdded = self._cb.dataVariableAdded.__class__(self._data_var_added)
self._cb.dataVariableRemoved = self._cb.dataVariableRemoved.__class__(self._data_var_removed)
self._cb.dataVariableUpdated = self._cb.dataVariableUpdated.__class__(self._data_var_updated)
self._cb.dataMetadataUpdated = self._cb.dataMetadataUpdated.__class__(self._data_metadata_updated)
self._cb.tagTypeUpdated = self._cb.tagTypeUpdated.__class__(self._tag_type_updated)
self._cb.tagAdded = self._cb.tagAdded.__class__(self._tag_added)
self._cb.tagUpdated = self._cb.tagUpdated.__class__(self._tag_updated)
self._cb.tagRemoved = self._cb.tagRemoved.__class__(self._tag_removed)
self._cb.symbolAdded = self._cb.symbolAdded.__class__(self._symbol_added)
self._cb.symbolUpdated = self._cb.symbolUpdated.__class__(self._symbol_updated)
self._cb.symbolRemoved = self._cb.symbolRemoved.__class__(self._symbol_removed)
self._cb.stringFound = self._cb.stringFound.__class__(self._string_found)
self._cb.stringRemoved = self._cb.stringRemoved.__class__(self._string_removed)
self._cb.typeDefined = self._cb.typeDefined.__class__(self._type_defined)
self._cb.typeUndefined = self._cb.typeUndefined.__class__(self._type_undefined)
self._cb.typeReferenceChanged = self._cb.typeReferenceChanged.__class__(self._type_ref_changed)
self._cb.typeFieldReferenceChanged = self._cb.typeFieldReferenceChanged.__class__(self._type_field_ref_changed)
self._cb.segmentAdded = self._cb.segmentAdded.__class__(self._segment_added)
self._cb.segmentUpdated = self._cb.segmentUpdated.__class__(self._segment_updated)
self._cb.segmentRemoved = self._cb.segmentRemoved.__class__(self._segment_removed)
self._cb.sectionAdded = self._cb.sectionAdded.__class__(self._section_added)
self._cb.sectionUpdated = self._cb.sectionUpdated.__class__(self._section_updated)
self._cb.sectionRemoved = self._cb.sectionRemoved.__class__(self._section_removed)
self._cb.componentNameUpdated = self._cb.componentNameUpdated.__class__(self._component_name_updated)
self._cb.componentAdded = self._cb.componentAdded.__class__(self._component_added)
self._cb.componentRemoved = self._cb.componentRemoved.__class__(self._component_removed)
self._cb.componentMoved = self._cb.componentMoved.__class__(self._component_moved)
self._cb.componentFunctionAdded = self._cb.componentFunctionAdded.__class__(self._component_function_added)
self._cb.componentFunctionRemoved = self._cb.componentFunctionRemoved.__class__(self._component_function_removed)
self._cb.componentDataVariableAdded = self._cb.componentDataVariableAdded.__class__(self._component_data_variable_added)
self._cb.componentDataVariableRemoved = self._cb.componentDataVariableRemoved.__class__(self._component_data_variable_removed)
def _register(self) -> None:
core.BNRegisterDataNotification(self._view.handle, self._cb)
def _unregister(self) -> None:
core.BNUnregisterDataNotification(self._view.handle, self._cb)
def _data_written(self, ctxt, view: core.BNBinaryView, offset: int, length: int) -> None:
try:
self._notify.data_written(self._view, offset, length)
except OSError:
log_error(traceback.format_exc())
def _data_inserted(self, ctxt, view: core.BNBinaryView, offset: int, length: int) -> None:
try:
self._notify.data_inserted(self._view, offset, length)
except:
log_error(traceback.format_exc())
def _data_removed(self, ctxt, view: core.BNBinaryView, offset: int, length: int) -> None:
try:
self._notify.data_removed(self._view, offset, length)
except:
log_error(traceback.format_exc())
def _function_added(self, ctxt, view: core.BNBinaryView, func: core.BNFunctionHandle) -> None:
try:
self._notify.function_added(self._view, _function.Function(self._view, core.BNNewFunctionReference(func)))
except:
log_error(traceback.format_exc())
def _function_removed(self, ctxt, view: core.BNBinaryView, func: core.BNFunctionHandle) -> None:
try:
self._notify.function_removed(self._view, _function.Function(self._view, core.BNNewFunctionReference(func)))
except:
log_error(traceback.format_exc())
def _function_updated(self, ctxt, view: core.BNBinaryView, func: core.BNFunctionHandle) -> None:
try:
self._notify.function_updated(self._view, _function.Function(self._view, core.BNNewFunctionReference(func)))
except:
log_error(traceback.format_exc())
def _function_update_requested(self, ctxt, view: core.BNBinaryView, func: core.BNFunctionHandle) -> None:
try:
self._notify.function_update_requested(
self._view, _function.Function(self._view, core.BNNewFunctionReference(func))
)
except:
log_error(traceback.format_exc())
def _data_var_added(self, ctxt, view: core.BNBinaryView, var: core.BNDataVariableHandle) -> None:
try:
self._notify.data_var_added(self._view, DataVariable.from_core_struct(var[0], self._view))
except:
log_error(traceback.format_exc())
def _data_var_removed(self, ctxt, view: core.BNBinaryView, var: core.BNDataVariableHandle) -> None:
try:
self._notify.data_var_removed(self._view, DataVariable.from_core_struct(var[0], self._view))
except:
log_error(traceback.format_exc())
def _data_var_updated(self, ctxt, view: core.BNBinaryView, var: core.BNDataVariableHandle) -> None:
try:
self._notify.data_var_updated(self._view, DataVariable.from_core_struct(var[0], self._view))
except:
log_error(traceback.format_exc())
def _data_metadata_updated(self, ctxt, view: core.BNBinaryView, offset: int) -> None:
try:
self._notify.data_metadata_updated(self._view, offset)
except:
log_error(traceback.format_exc())
def _tag_type_updated(self, ctxt, view: core.BNBinaryView, tag_type: core.BNTagTypeHandle) -> None:
try:
core_tag_type = core.BNNewTagTypeReference(tag_type)
assert core_tag_type is not None, "core.BNNewTagTypeReference returned None"
self._notify.tag_type_updated(self._view, TagType(core_tag_type))
except:
log_error(traceback.format_exc())
def _tag_added(self, ctxt, view: core.BNBinaryView, tag_ref: core.BNTagReferenceHandle) -> None:
try:
ref_type = tag_ref[0].refType
auto_defined = tag_ref[0].autoDefined
core_tag = core.BNNewTagReference(tag_ref[0].tag)
assert core_tag is not None, "core.BNNewTagReference returned None"
tag = Tag(core_tag)
# Null for data tags (not in any arch or function)
if ctypes.cast(tag_ref[0].arch, ctypes.c_void_p).value is None:
arch = None
else:
arch = architecture.CoreArchitecture._from_cache(tag_ref[0].arch)
if ctypes.cast(tag_ref[0].func, ctypes.c_void_p).value is None:
func = None
else:
func = _function.Function(self._view, core.BNNewFunctionReference(tag_ref[0].func))
addr = tag_ref[0].addr
self._notify.tag_added(self._view, tag, ref_type, auto_defined, arch, func, addr)
except:
log_error(traceback.format_exc())
def _tag_updated(self, ctxt, view: core.BNBinaryView, tag_ref: core.BNTagReferenceHandle) -> None:
try:
ref_type = tag_ref[0].refType
auto_defined = tag_ref[0].autoDefined
core_tag = core.BNNewTagReference(tag_ref[0].tag)
assert core_tag is not None
tag = Tag(core_tag)
# Null for data tags (not in any arch or function)
if ctypes.cast(tag_ref[0].arch, ctypes.c_void_p).value is None:
arch = None
else:
arch = architecture.CoreArchitecture._from_cache(tag_ref[0].arch)
if ctypes.cast(tag_ref[0].func, ctypes.c_void_p).value is None:
func = None
else:
func = _function.Function(self._view, core.BNNewFunctionReference(tag_ref[0].func))
addr = tag_ref[0].addr
self._notify.tag_updated(self._view, tag, ref_type, auto_defined, arch, func, addr)
except:
log_error(traceback.format_exc())
def _tag_removed(self, ctxt, view: core.BNBinaryView, tag_ref: core.BNTagReferenceHandle) -> None:
try:
ref_type = tag_ref[0].refType
auto_defined = tag_ref[0].autoDefined
core_tag = core.BNNewTagReference(tag_ref[0].tag)
assert core_tag is not None, "core.BNNewTagReference returned None"
tag = Tag(core_tag)
# Null for data tags (not in any arch or function)
if ctypes.cast(tag_ref[0].arch, ctypes.c_void_p).value is None:
arch = None
else:
arch = architecture.CoreArchitecture._from_cache(tag_ref[0].arch)
if ctypes.cast(tag_ref[0].func, ctypes.c_void_p).value is None:
func = None
else:
func = _function.Function(self._view, core.BNNewFunctionReference(tag_ref[0].func))
addr = tag_ref[0].addr
self._notify.tag_removed(self._view, tag, ref_type, auto_defined, arch, func, addr)
except:
log_error(traceback.format_exc())
def _symbol_added(self, ctxt, view: core.BNBinaryView, sym: core.BNSymbol) -> None:
try:
_handle = core.BNNewSymbolReference(sym)
assert _handle is not None, "core.BNNewSymbolReference returned None"
self._notify.symbol_added(self._view, _types.CoreSymbol(_handle))
except:
log_error(traceback.format_exc())
def _symbol_updated(self, ctxt, view: core.BNBinaryView, sym: core.BNSymbol) -> None:
try:
_handle = core.BNNewSymbolReference(sym)
assert _handle is not None, "core.BNNewSymbolReference returned None"
self._notify.symbol_updated(self._view, _types.CoreSymbol(_handle))
except:
log_error(traceback.format_exc())
def _symbol_removed(self, ctxt, view: core.BNBinaryView, sym: core.BNSymbol) -> None:
try:
_handle = core.BNNewSymbolReference(sym)
assert _handle is not None, "core.BNNewSymbolReference returned None"
self._notify.symbol_removed(self._view, _types.CoreSymbol(_handle))
except:
log_error(traceback.format_exc())
def _string_found(self, ctxt, view: core.BNBinaryView, string_type: int, offset: int, length: int) -> None:
try:
self._notify.string_found(self._view, StringType(string_type), offset, length)
except:
log_error(traceback.format_exc())
def _string_removed(self, ctxt, view: core.BNBinaryView, string_type: int, offset: int, length: int) -> None:
try:
self._notify.string_removed(self._view, StringType(string_type), offset, length)
except:
log_error(traceback.format_exc())
def _type_defined(self, ctxt, view: core.BNBinaryView, name: str, type_obj: '_types.Type') -> None:
try:
qualified_name = _types.QualifiedName._from_core_struct(name[0])
self._notify.type_defined(
self._view, qualified_name,
_types.Type.create(core.BNNewTypeReference(type_obj), platform=self._view.platform)
)
except:
log_error(traceback.format_exc())
def _type_undefined(self, ctxt, view: core.BNBinaryView, name: str, type_obj: '_types.Type') -> None:
try:
qualified_name = _types.QualifiedName._from_core_struct(name[0])
self._notify.type_undefined(
self._view, qualified_name,
_types.Type.create(core.BNNewTypeReference(type_obj), platform=self._view.platform)
)
except:
log_error(traceback.format_exc())
def _type_ref_changed(self, ctxt, view: core.BNBinaryView, name: str, type_obj: '_types.Type') -> None:
try:
qualified_name = _types.QualifiedName._from_core_struct(name[0])
self._notify.type_ref_changed(
self._view, qualified_name,
_types.Type.create(core.BNNewTypeReference(type_obj), platform=self._view.platform)
)
except:
log_error(traceback.format_exc())
def _type_field_ref_changed(self, ctxt, view: core.BNBinaryView, name: str, offset: int) -> None:
try:
qualified_name = _types.QualifiedName._from_core_struct(name[0])
self._notify.type_field_ref_changed(self._view, qualified_name, offset)
except:
log_error(traceback.format_exc())
def _segment_added(self, ctxt, view: core.BNBinaryView, segment_obj: core.BNSegment) -> None:
try:
segment_handle = core.BNNewSegmentReference(segment_obj)
assert segment_handle is not None, "core.BNNewSegmentReference returned None"
result = Segment(segment_handle)
self._notify.segment_added(self._view, result)
except:
log_error(traceback.format_exc())
def _segment_updated(self, ctxt, view: core.BNBinaryView, segment_obj: core.BNSegment) -> None:
try:
segment_handle = core.BNNewSegmentReference(segment_obj)
assert segment_handle is not None, "core.BNNewSegmentReference returned None"
result = Segment(segment_handle)
self._notify.segment_updated(self._view, result)
except:
log_error(traceback.format_exc())
def _segment_removed(self, ctxt, view: core.BNBinaryView, segment_obj: core.BNSegment) -> None:
try:
segment_handle = core.BNNewSegmentReference(segment_obj)
assert segment_handle is not None, "core.BNNewSegmentReference returned None"
result = Segment(segment_handle)
self._notify.segment_removed(self._view, result)
except:
log_error(traceback.format_exc())
def _section_added(self, ctxt, view: core.BNBinaryView, section_obj: core.BNSection) -> None:
try:
section_handle = core.BNNewSectionReference(section_obj)
assert section_handle is not None, "core.BNNewSectionReference returned None"
result = Section(section_handle)
self._notify.section_added(self._view, result)
except:
log_error(traceback.format_exc())
def _section_updated(self, ctxt, view: core.BNBinaryView, section_obj: core.BNSection) -> None:
try:
section_handle = core.BNNewSectionReference(section_obj)
assert section_handle is not None, "core.BNNewSectionReference returned None"
result = Section(section_handle)
self._notify.section_updated(self._view, result)
except:
log_error(traceback.format_exc())
def _section_removed(self, ctxt, view: core.BNBinaryView, section_obj: core.BNSection) -> None:
try:
section_handle = core.BNNewSectionReference(section_obj)
assert section_handle is not None, "core.BNNewSectionReference returned None"
result = Section(section_handle)
self._notify.section_removed(self._view, result)
except:
log_error(traceback.format_exc())
def _component_added(self, ctxt, view: core.BNBinaryView, _component: core.BNComponent):
try:
component_handle = core.BNNewComponentReference(_component)
assert component_handle is not None, "core.BNNewComponentReference returned None"
result = component.Component(component_handle)
self._notify.component_added(self._view, result)
except:
log_error(traceback.format_exc())
def _component_removed(self, ctxt, view: core.BNBinaryView, formerParent: core.BNComponent, _component: core.BNComponent):
try:
formerParent_handle = core.BNNewComponentReference(formerParent)
assert formerParent_handle is not None, "core.BNNewComponentReference returned None"
formerParentResult = component.Component(formerParent_handle)
component_handle = core.BNNewComponentReference(_component)
assert component_handle is not None, "core.BNNewComponentReference returned None"
result = component.Component(component_handle)
self._notify.component_removed(self._view, formerParentResult, result)
except:
log_error(traceback.format_exc())
def _component_name_updated(self, ctxt, view: core.BNBinaryView, previous_name: str, _component: core.BNComponent):
try:
component_handle = core.BNNewComponentReference(_component)
assert component_handle is not None, "core.BNNewComponentReference returned None"
result = component.Component(component_handle)
self._notify.component_name_updated(self._view, previous_name, result)
except:
log_error(traceback.format_exc())
def _component_moved(self, ctxt, view: core.BNBinaryView, formerParent: core.BNComponent,
newParent: core.BNComponent, _component: core.BNComponent):
try:
formerParent_handle = core.BNNewComponentReference(formerParent)
assert formerParent_handle is not None, "core.BNNewComponentReference returned None"
formerParentResult = component.Component(formerParent_handle)
newParent_handle = core.BNNewComponentReference(newParent)
assert newParent_handle is not None, "core.BNNewComponentReference returned None"
newParentResult = component.Component(newParent_handle)
component_handle = core.BNNewComponentReference(_component)
assert component_handle is not None, "core.BNNewComponentReference returned None"
result = component.Component(component_handle)
self._notify.component_moved(self._view, formerParentResult, newParentResult, result)
except:
log_error(traceback.format_exc())
def _component_function_added(self, ctxt, view: core.BNBinaryView, _component: core.BNComponent,
func: '_function.Function'):
try:
component_handle = core.BNNewComponentReference(_component)
assert component_handle is not None, "core.BNNewComponentReference returned None"
result = component.Component(component_handle)
function_handle = core.BNNewFunctionReference(func)
assert function_handle is not None, "core.BNNewFunctionReference returned None"
function = _function.Function(self._view, function_handle)
self._notify.component_function_added(self._view, result, function)
except:
log_error(traceback.format_exc())
def _component_function_removed(self, ctxt, view: core.BNBinaryView, _component: core.BNComponent,
func: '_function.Function'):
try:
component_handle = core.BNNewComponentReference(_component)
assert component_handle is not None, "core.BNNewComponentReference returned None"
result = component.Component(component_handle)
function_handle = core.BNNewFunctionReference(func)
assert function_handle is not None, "core.BNNewFunctionReference returned None"
function = _function.Function(self._view, function_handle)
self._notify.component_function_removed(self._view, result, function)
except:
log_error(traceback.format_exc())
def _component_data_variable_added(self, ctxt, view: core.BNBinaryView, _component: core.BNComponent,
var: core.BNDataVariable):
try:
component_handle = core.BNNewComponentReference(_component)
assert component_handle is not None, "core.BNNewComponentReference returned None"
result = component.Component(component_handle)
self._notify.component_data_var_added(self._view, result, DataVariable.from_core_struct(var, self._view))
except:
log_error(traceback.format_exc())
def _component_data_variable_removed(self, ctxt, view: core.BNBinaryView, _component: core.BNComponent,
var: core.BNDataVariable):
try:
component_handle = core.BNNewComponentReference(_component)
assert component_handle is not None, "core.BNNewComponentReference returned None"
result = component.Component(component_handle)
self._notify.component_data_var_removed(self._view, result, DataVariable.from_core_struct(var, self._view))
except:
log_error(traceback.format_exc())
@property
def view(self) -> 'BinaryView':
return self._view
@property
def notify(self) -> 'BinaryDataNotification':
return self._notify
class _BinaryViewTypeMetaclass(type):
def __iter__(self):
binaryninja._init_plugins()
count = ctypes.c_ulonglong()
types = core.BNGetBinaryViewTypes(count)
if types is None:
return
try:
for i in range(0, count.value):
yield BinaryViewType(types[i])
finally:
core.BNFreeBinaryViewTypeList(types)
def __getitem__(self, value):
binaryninja._init_plugins()
view_type = core.BNGetBinaryViewTypeByName(str(value))
if view_type is None:
raise KeyError(f"'{value}' is not a valid view type")
return BinaryViewType(view_type)
[docs]class BinaryViewType(metaclass=_BinaryViewTypeMetaclass):
"""
The ``BinaryViewType`` object is used internally and should not be directly instantiated.
"""
_platform_recognizers = {} # Used to force Python callback objects to not get garbage collected
def __init__(self, handle: core.BNBinaryViewTypeHandle):
_handle = core.BNBinaryViewTypeHandle
self.handle = ctypes.cast(handle, _handle)
def __repr__(self):
return f"<view type: '{self.name}'>"
def __eq__(self, other):
if not isinstance(other, self.__class__):
return NotImplemented
return ctypes.addressof(self.handle.contents) == ctypes.addressof(other.handle.contents)
def __ne__(self, other):
if not isinstance(other, self.__class__):
return NotImplemented
return not (self == other)
def __hash__(self):
return hash(ctypes.addressof(self.handle.contents))
@property
def name(self) -> str:
"""BinaryView name (read-only)"""
return core.BNGetBinaryViewTypeName(self.handle)
@property
def long_name(self) -> str:
"""BinaryView long name (read-only)"""
return core.BNGetBinaryViewTypeLongName(self.handle)
@property
def is_deprecated(self) -> bool:
"""returns if the BinaryViewType is deprecated (read-only)"""
return core.BNIsBinaryViewTypeDeprecated(self.handle)
[docs] def create(self, data: 'BinaryView') -> Optional['BinaryView']:
view = core.BNCreateBinaryViewOfType(self.handle, data.handle)
if view is None:
return None
return BinaryView(file_metadata=data.file, handle=view)
[docs] def open(self, src: PathType, file_metadata: 'filemetadata.FileMetadata' = None) -> Optional['BinaryView']:
"""
``open`` opens an instance of a particular BinaryViewType and returns it, or None if not possible.
:param str src: path to filename or bndb to open
:param FileMetadata file_metadata: Optional parameter for a :py:class:`~binaryninja.filemetadata.FileMetadata` object
:return: returns a :py:class:`BinaryView` object for the given filename
:rtype: :py:class:`BinaryView` or ``None``
"""
data = BinaryView.open(src, file_metadata)
if data is None:
return None
return self.create(data)
[docs] @classmethod
def get_view_of_file(
cls, filename: PathType, update_analysis: bool = True, progress_func: Optional[ProgressFuncType] = None
) -> Optional['BinaryView']:
"""
``get_view_of_file`` opens and returns the first available :py:class:`BinaryView`, excluding a Raw :py:class:`BinaryViewType` unless no other view is available
.. warning:: The recommended code pattern for opening a BinaryView is to use the \
:py:func:`~binaryninja.open_view` API as a context manager like ``with open_view('/bin/ls') as bv:`` \
which will automatically clean up when done with the view. If using this API directly \
you will need to call `bv.file.close()` before the BinaryView leaves scope to ensure the \
reference is properly removed and prevents memory leaks.
:param str filename: path to filename or bndb to open
:param bool update_analysis: whether or not to run :py:func:`~BinaryView.update_analysis_and_wait` after opening a :py:class:`BinaryView`, defaults to ``True``
:param callback progress_func: optional function to be called with the current progress and total count
:return: returns a :py:class:`BinaryView` object for the given filename
:rtype: :py:class:`BinaryView` or ``None``
"""
sqlite = b"SQLite format 3"
if not isinstance(filename, str):
filename = str(filename)
is_database = filename.endswith(".bndb")
if is_database:
f = open(filename, 'rb')
if f is None or f.read(len(sqlite)) != sqlite:
return None
f.close()
view = filemetadata.FileMetadata().open_existing_database(filename, progress_func)
else:
view = BinaryView.open(filename)
if view is None:
return None
for available in view.available_view_types:
if available.name != "Raw":
if is_database:
bv = view.get_view_of_type(available.name)
else:
bv = available.open(filename)
break
else:
if is_database:
bv = view.get_view_of_type("Raw")
else:
bv = cls["Raw"].open(filename) # type: ignore
if bv is not None and update_analysis:
bv.update_analysis_and_wait()
return bv
[docs] @classmethod
def get_view_of_file_with_options(
cls, filename: Union[str, 'os.PathLike'], update_analysis: Optional[bool] = True, progress_func: Optional[ProgressFuncType] = None,
options: Mapping[str, Any] = {}
) -> Optional['BinaryView']:
"""
``get_view_of_file_with_options`` opens, generates default load options (which are overridable), and returns the first available \
:py:class:`BinaryView`. If no :py:class:`BinaryViewType` is available, then a ``Mapped`` :py:class:`BinaryViewType` is used to load \
the :py:class:`BinaryView` with the specified load options. The ``Mapped`` view type attempts to auto-detect the architecture of the \
file during initialization. If no architecture is detected or specified in the load options, then the ``Mapped`` view type fails to \
initialize and returns ``None``.
.. note:: Calling this method without providing options is not necessarily equivalent to simply calling :py:func:`get_view_of_file`. This is because \
a :py:class:`BinaryViewType` is in control of generating load options, this method allows an alternative default way to open a file. For \
example, opening a relocatable object file with :py:func:`get_view_of_file` sets **'loader.imageBase'** to `0`, whereas enabling the **`'files.pic.autoRebase'`** \
setting and opening with :py:func:`get_view_of_file_with_options` sets **'loader.imageBase'** to ``0x400000`` for 64-bit binaries, or ``0x10000`` for 32-bit binaries.
.. note:: Although general container file support is not complete, support for Universal archives exists. It's possible to control the architecture preference \
with the **'files.universal.architecturePreference'** setting. This setting is scoped to SettingsUserScope and can be modified as follows ::
>>> Settings().set_string_list("files.universal.architecturePreference", ["arm64"])
It's also possible to override the **'files.universal.architecturePreference'** user setting by specifying it directly with :py:func:`get_view_of_file_with_options`.
This specific usage of this setting is experimental and may change in the future ::
>>> bv = BinaryViewType.get_view_of_file_with_options('/bin/ls', options={'files.universal.architecturePreference': ['arm64']})
.. warning:: The recommended code pattern for opening a BinaryView is to use the \
:py:func:`~binaryninja.open_view` API as a context manager like ``with open_view('/bin/ls') as bv:`` \
which will automatically clean up when done with the view. If using this API directly \
you will need to call `bv.file.close()` before the BinaryView leaves scope to ensure the \
reference is properly removed and prevents memory leaks.
:param Union[str, 'os.PathLike'] filename: path to filename or bndb to open
:param bool update_analysis: whether or not to run :py:func:`~BinaryView.update_analysis_and_wait` after opening a :py:class:`BinaryView`, defaults to ``True``
:param callback progress_func: optional function to be called with the current progress and total count
:param dict options: a dictionary in the form {setting identifier string : object value}
:return: returns a :py:class:`BinaryView` object for the given filename or ``None``
:rtype: :py:class:`BinaryView` or ``None``
:Example:
>>> BinaryViewType.get_view_of_file_with_options('/bin/ls', options={'loader.imageBase': 0xfffffff0000, 'loader.macho.processFunctionStarts' : False})
<BinaryView: '/bin/ls', start 0xfffffff0000, len 0xa290>
>>>
"""
return BinaryViewType.load(filename, update_analysis, progress_func, options)
[docs] @classmethod
def load_raw_view_with_options(
cls, raw_view: Optional['BinaryView'], update_analysis: Optional[bool] = True, progress_func: Optional[ProgressFuncType] = None,
options: Mapping[str, Any] = {}
) -> Optional['BinaryView']:
"""
``load_raw_view_with_options`` opens, generates default load options (which are overridable), and returns the first available \
:py:class:`BinaryView`. If no :py:class:`BinaryViewType` is available, then a ``Mapped`` :py:class:`BinaryViewType` is used to load \
the :py:class:`BinaryView` with the specified load options. The ``Mapped`` view type attempts to auto-detect the architecture of the \
file during initialization. If no architecture is detected or specified in the load options, then the ``Mapped`` view type fails to \
initialize and returns ``None``.
.. note:: Calling this method without providing options is not necessarily equivalent to simply calling :py:func:`get_view_of_file`. This is because \
a :py:class:`BinaryViewType` is in control of generating load options, this method allows an alternative default way to open a file. For \
example, opening a relocatable object file with :py:func:`get_view_of_file` sets 'loader.imageBase' to `0`, whereas enabling the **'files.pic.autoRebase'** \
setting and opening with :py:func:`load_raw_view_with_options` sets **'loader.imageBase'** to ``0x400000`` for 64-bit binaries, or ``0x10000`` for 32-bit binaries.
.. note:: Although general container file support is not complete, support for Universal archives exists. It's possible to control the architecture preference \
with the **'files.universal.architecturePreference'** setting. This setting is scoped to SettingsUserScope and can be modified as follows ::
>>> Settings().set_string_list("files.universal.architecturePreference", ["arm64"])
It's also possible to override the **'files.universal.architecturePreference'** user setting by specifying it directly with :py:func:`load_raw_view_with_options`.
This specific usage of this setting is experimental and may change in the future ::
>>> bv = BinaryViewType.load_raw_view_with_options('/bin/ls', options={'files.universal.architecturePreference': ['arm64']})
.. warning:: The recommended code pattern for opening a BinaryView is to use the \
:py:func:`~binaryninja.open_view` API as a context manager like ``with open_view('/bin/ls') as bv:`` \
which will automatically clean up when done with the view. If using this API directly \
you will need to call `bv.file.close()` before the BinaryView leaves scope to ensure the \
reference is properly removed and prevents memory leaks.
:param BinaryView raw_view: an existing 'Raw' BinaryView object
:param bool update_analysis: whether or not to run :py:func:`~BinaryView.update_analysis_and_wait` after opening a :py:class:`BinaryView`, defaults to ``True``
:param callback progress_func: optional function to be called with the current progress and total count
:param dict options: a dictionary in the form {setting identifier string : object value}
:return: returns a :py:class:`BinaryView` object for the given filename or ``None``
:rtype: :py:class:`BinaryView` or ``None``
:Example:
>>> raw_view = BinaryView.open('/bin/ls')
>>> BinaryViewType.load_raw_view_with_options(raw_view, options={'loader.imageBase': 0xfffffff0000, 'loader.macho.processFunctionStarts' : False})
<BinaryView: '/bin/ls', start 0xfffffff0000, len 0xa290>
>>>
"""
if raw_view is None:
return None
elif raw_view.view_type != 'Raw':
return None
is_database = raw_view.file.has_database
bvt = None
universal_bvt = None
for available in raw_view.available_view_types:
if available.name == "Universal":
universal_bvt = available
continue
if bvt is None and available.name not in ["Raw", "Debugger"]:
bvt = available
if bvt is None:
bvt = cls["Mapped"] # type: ignore
default_settings = settings.Settings(bvt.name + "_settings")
default_settings.deserialize_schema(settings.Settings().serialize_schema())
default_settings.set_resource_id(bvt.name)
load_settings = None
if is_database:
load_settings = raw_view.get_load_settings(bvt.name)
if options is None:
options = {}
if load_settings is None:
if universal_bvt is not None and "files.universal.architecturePreference" in options:
load_settings = universal_bvt.get_load_settings_for_data(raw_view)
if load_settings is None:
raise Exception(f"Could not load entry from Universal image. No load settings!")
arch_list = json.loads(load_settings.get_string('loader.universal.architectures'))
arch_entry = None
for arch_pref in options['files.universal.architecturePreference']:
arch_entry = [entry for entry in arch_list if entry['architecture'] == arch_pref]
if arch_entry:
break
if not arch_entry:
arch_names = [entry['architecture'] for entry in arch_list if entry['architecture']]
raise Exception(
f"Could not load any of: {options['files.universal.architecturePreference']} from Universal image. Entry not found! Available entries: {arch_names}"
)
load_settings = settings.Settings(core.BNGetUniqueIdentifierString())
load_settings.deserialize_schema(arch_entry[0]['loadSchema'])
else:
load_settings = bvt.get_load_settings_for_data(raw_view)
if load_settings is None:
raise Exception(f"Could not get load settings for binary view of type '{bvt.name}'")
load_settings.set_resource_id(bvt.name)
raw_view.set_load_settings(bvt.name, load_settings)
for key, value in options.items():
if load_settings.contains(key):
if not load_settings.set_json(key, json.dumps(value), raw_view):
raise ValueError("Setting: {} set operation failed!".format(key))
elif default_settings.contains(key):
if not default_settings.set_json(key, json.dumps(value), raw_view):
raise ValueError("Setting: {} set operation failed!".format(key))
else:
raise NotImplementedError("Setting: {} not available!".format(key))
if is_database:
view = raw_view.file.open_existing_database(raw_view.file.filename, progress_func)
if view is None:
raise Exception(f"Unable to open_existing_database with filename {raw_view.file.filename}")
bv = view.get_view_of_type(bvt.name)
else:
bv = bvt.create(raw_view)
if bv is None:
return raw_view
elif update_analysis:
bv.update_analysis_and_wait()
return bv
[docs] @classmethod
def load(cls, source: Union[str, bytes, bytearray, 'databuffer.DataBuffer', 'os.PathLike'], *args, **kwargs) -> Optional['BinaryView']:
"""
`load` is a convenience wrapper for :py:func:`load_raw_view_with_options` that opens a BinaryView object.
:param Union[str, bytes, bytearray, 'databuffer.DataBuffer', os.PathLike] source: a file or byte stream from which to load data into a virtual memory space
:param bool update_analysis: whether or not to run :py:func:`~BinaryView.update_analysis_and_wait` after opening a :py:class:`BinaryView`, defaults to ``True``
:param callback progress_func: optional function to be called with the current progress and total count
:param dict options: a dictionary in the form {setting identifier string : object value}
:return: returns a :py:class:`BinaryView` object for the given filename or ``None``
:rtype: :py:class:`BinaryView` or ``None``
.. note:: The progress_func callback **must** return True to continue the load operation, False will abort the load operation.
:Example:
>>> from binaryninja import *
>>> with load("/bin/ls") as bv:
... print(len(list(bv.functions)))
...
134
>>> with load(bytes.fromhex('5054ebfe'), options={'loader.architecture' : 'x86'}) as bv:
... print(len(list(bv.functions)))
...
1
"""
if isinstance(source, os.PathLike):
source = str(source)
if isinstance(source, str):
if source.endswith(".bndb"):
sqlite = b"SQLite format 3"
f = open(source, 'rb')
if f is None or f.read(len(sqlite)) != sqlite:
return None
f.close()
raw_view = filemetadata.FileMetadata(source).open_database_for_configuration(source)
else:
raw_view = BinaryView.open(source)
elif isinstance(source, bytes) or isinstance(source, bytearray) or isinstance(source, databuffer.DataBuffer):
raw_view = BinaryView.new(source)
else:
raise NotImplementedError
return BinaryViewType.load_raw_view_with_options(raw_view, *args, **kwargs)
[docs] def parse(self, data: 'BinaryView') -> Optional['BinaryView']:
view = core.BNParseBinaryViewOfType(self.handle, data.handle)
if view is None:
return None
return BinaryView(file_metadata=data.file, handle=view)
[docs] def is_valid_for_data(self, data: 'BinaryView') -> bool:
return core.BNIsBinaryViewTypeValidForData(self.handle, data.handle)
[docs] def get_default_load_settings_for_data(self, data: 'BinaryView') -> Optional['settings.Settings']:
load_settings = core.BNGetBinaryViewDefaultLoadSettingsForData(self.handle, data.handle)
if load_settings is None:
return None
return settings.Settings(handle=load_settings)
[docs] def get_load_settings_for_data(self, data: 'BinaryView') -> Optional['settings.Settings']:
view_handle = None
if data is not None:
view_handle = data.handle
load_settings = core.BNGetBinaryViewLoadSettingsForData(self.handle, view_handle)
if load_settings is None:
return None
return settings.Settings(handle=load_settings)
[docs] def register_arch(self, ident: int, endian: Endianness, arch: 'architecture.Architecture') -> None:
core.BNRegisterArchitectureForViewType(self.handle, ident, endian, arch.handle)
[docs] def get_arch(self, ident: int, endian: Endianness) -> Optional['architecture.Architecture']:
arch = core.BNGetArchitectureForViewType(self.handle, ident, endian)
if arch is None:
return None
return architecture.CoreArchitecture._from_cache(arch)
[docs] @staticmethod
def add_binaryview_finalized_event(callback: BinaryViewEvent.BinaryViewEventCallback) -> None:
"""
`add_binaryview_finalized_event` adds a callback that gets executed
when new binaryview is finalized.
For more details, please refer to the documentation of BinaryViewEvent.
"""
BinaryViewEvent.register(BinaryViewEventType.BinaryViewFinalizationEvent, callback)
[docs] @staticmethod
def add_binaryview_initial_analysis_completion_event(callback: BinaryViewEvent.BinaryViewEventCallback) -> None:
"""
`add_binaryview_initial_analysis_completion_event` adds a callback
that gets executed after the initial analysis, as well as linear
sweep and signature matcher (if they are configured to run) completed.
For more details, please refer to the documentation of BinaryViewEvent.
"""
BinaryViewEvent.register(BinaryViewEventType.BinaryViewInitialAnalysisCompletionEvent, callback)
[docs]class Segment:
"""
The ``Segment`` object is returned during BinaryView creation and should not be directly instantiated.
"""
def __init__(self, handle: core.BNSegmentHandle):
self.handle = handle
def __del__(self):
if core is not None:
core.BNFreeSegment(self.handle)
def __repr__(self):
r = "r" if self.readable else "-"
w = "w" if self.writable else "-"
x = "x" if self.executable else "-"
return f"<segment: {self.start:#x}-{self.end:#x}, {r}{w}{x}>"
@deprecation.deprecated(deprecated_in="3.4.3997", details="Use .length instead. Python disallows the length of an object to "
">= 0x8000000000000000. See https://bugs.python.org/issue21444.")
def __len__(self):
return self.length
@property
def length(self):
return int(core.BNSegmentGetLength(self.handle))
def __bool__(self):
return True
def __eq__(self, other):
if not isinstance(other, self.__class__):
return NotImplemented
return ctypes.addressof(self.handle.contents) == ctypes.addressof(other.handle.contents)
def __ne__(self, other):
if not isinstance(other, self.__class__):
return NotImplemented
return not (self == other)
def __hash__(self):
return hash(ctypes.addressof(self.handle.contents))
def __contains__(self, i: int):
return i >= self.start and i < self.end
@property
def start(self) -> int:
return core.BNSegmentGetStart(self.handle)
@property
def end(self) -> int:
return core.BNSegmentGetEnd(self.handle)
@property
def executable(self) -> bool:
return (core.BNSegmentGetFlags(self.handle) & SegmentFlag.SegmentExecutable) != 0
@property
def writable(self) -> bool:
return (core.BNSegmentGetFlags(self.handle) & SegmentFlag.SegmentWritable) != 0
@property
def readable(self) -> bool:
return (core.BNSegmentGetFlags(self.handle) & SegmentFlag.SegmentReadable) != 0
@property
def data_length(self) -> int:
return core.BNSegmentGetDataLength(self.handle)
@property
def data_offset(self) -> int:
return core.BNSegmentGetDataOffset(self.handle)
@property
def data_end(self) -> int:
return core.BNSegmentGetDataEnd(self.handle)
@property
def relocation_count(self) -> int:
return core.BNSegmentGetRelocationsCount(self.handle)
@property
def auto_defined(self) -> bool:
return core.BNSegmentIsAutoDefined(self.handle)
@property
def relocation_ranges(self) -> List[Tuple[int, int]]:
"""List of relocation range tuples (read-only)"""
count = ctypes.c_ulonglong()
ranges = core.BNSegmentGetRelocationRanges(self.handle, count)
assert ranges is not None, "core.BNSegmentGetRelocationRanges returned None"
try:
return [(ranges[i].start, ranges[i].end) for i in range(count.value)]
finally:
core.BNFreeRelocationRanges(ranges)
[docs] def relocation_ranges_at(self, addr: int) -> List[Tuple[int, int]]:
"""List of relocation range tuples (read-only)"""
count = ctypes.c_ulonglong()
ranges = core.BNSegmentGetRelocationRangesAtAddress(self.handle, addr, count)
assert ranges is not None, "core.BNSegmentGetRelocationRangesAtAddress returned None"
try:
return [(ranges[i].start, ranges[i].end) for i in range(count.value)]
finally:
core.BNFreeRelocationRanges(ranges)
[docs]class Section:
"""
The ``Section`` object is returned during BinaryView creation and should not be directly instantiated.
"""
def __init__(self, handle: core.BNSectionHandle):
self.handle = handle
def __del__(self):
if core is not None:
core.BNFreeSection(self.handle)
def __repr__(self):
return f"<section {self.name}: {self.start:#x}-{self.end:#x}>"
@deprecation.deprecated(deprecated_in="3.4.3997", details="Use .length instead. Python disallows the length of an object to "
">= 0x8000000000000000. See https://bugs.python.org/issue21444.")
def __len__(self):
return self.length
def __bool__(self):
return True
def __eq__(self, other):
if not isinstance(other, self.__class__):
return NotImplemented
return ctypes.addressof(self.handle.contents) == ctypes.addressof(other.handle.contents)
def __ne__(self, other):
if not isinstance(other, self.__class__):
return NotImplemented
return not (self == other)
def __hash__(self):
return hash(ctypes.addressof(self.handle.contents))
def __contains__(self, i: int):
return i >= self.start and i < self.end
@property
def name(self) -> str:
return core.BNSectionGetName(self.handle)
@property
def type(self) -> str:
return core.BNSectionGetType(self.handle)
@property
def start(self) -> int:
return core.BNSectionGetStart(self.handle)
@property
def linked_section(self) -> str:
return core.BNSectionGetLinkedSection(self.handle)
@property
def info_section(self) -> str:
return core.BNSectionGetInfoSection(self.handle)
@property
def info_data(self) -> int:
return core.BNSectionGetInfoData(self.handle)
@property
def align(self) -> int:
return core.BNSectionGetAlign(self.handle)
@property
def entry_size(self) -> int:
return core.BNSectionGetEntrySize(self.handle)
@property
def semantics(self) -> SectionSemantics:
return SectionSemantics(core.BNSectionGetSemantics(self.handle))
@property
def auto_defined(self) -> bool:
return core.BNSectionIsAutoDefined(self.handle)
@property
def length(self):
return int(core.BNSectionGetLength(self.handle))
@property
def end(self) -> int:
return self.start + self.length
[docs]class TagType:
"""
The ``TagType`` object is created by the create_tag_type API and should not be directly instantiated.
"""
def __init__(self, handle: core.BNTagTypeHandle):
self.handle = handle
def __del__(self):
if core is not None:
core.BNFreeTagType(self.handle)
def __repr__(self):
return f"<tag type {self.name}: {self.icon}>"
def __eq__(self, other):
if not isinstance(other, self.__class__):
return NotImplemented
return ctypes.addressof(self.handle.contents) == ctypes.addressof(other.handle.contents)
def __ne__(self, other):
if not isinstance(other, self.__class__):
return NotImplemented
return not (self == other)
def __hash__(self):
return hash(ctypes.addressof(self.handle.contents))
@property
def id(self) -> str:
"""Unique id of the TagType"""
return core.BNTagTypeGetId(self.handle)
@property
def name(self) -> str:
"""Name of the TagType"""
return core.BNTagTypeGetName(self.handle)
@name.setter
def name(self, value: str) -> None:
core.BNTagTypeSetName(self.handle, value)
@property
def icon(self) -> str:
"""Unicode str containing an emoji to be used as an icon"""
return core.BNTagTypeGetIcon(self.handle)
@icon.setter
def icon(self, value: str) -> None:
core.BNTagTypeSetIcon(self.handle, value)
@property
def visible(self) -> bool:
"""Boolean for whether the tags of this type are visible"""
return core.BNTagTypeGetVisible(self.handle)
@visible.setter
def visible(self, value: bool) -> None:
core.BNTagTypeSetVisible(self.handle, value)
@property
def type(self) -> TagTypeType:
"""Type from enums.TagTypeType"""
return TagTypeType(core.BNTagTypeGetType(self.handle))
@type.setter
def type(self, value: TagTypeType) -> None:
core.BNTagTypeSetType(self.handle, value)
[docs]class Tag:
"""
The ``Tag`` object is created by other APIs (create_*_tag) and should not be directly instantiated.
"""
def __init__(self, handle: core.BNTagHandle):
self.handle = handle
def __del__(self):
if core is not None:
core.BNFreeTag(self.handle)
def __repr__(self):
return f"<tag {self.type.icon} {self.type.name}: {self.data}>"
def __eq__(self, other):
if not isinstance(other, self.__class__):
return NotImplemented
return ctypes.addressof(self.handle.contents) == ctypes.addressof(other.handle.contents)
def __ne__(self, other):
if not isinstance(other, self.__class__):
return NotImplemented
return not (self == other)
def __hash__(self):
return hash(ctypes.addressof(self.handle.contents))
@property
def id(self) -> str:
return core.BNTagGetId(self.handle)
@property
def type(self) -> TagType:
core_tag_type = core.BNTagGetType(self.handle)
assert core_tag_type is not None, "core.BNTagGetType returned None"
return TagType(core_tag_type)
@property
def data(self) -> str:
return core.BNTagGetData(self.handle)
@data.setter
def data(self, value: str) -> None:
core.BNTagSetData(self.handle, value)
class _BinaryViewAssociatedDataStore(associateddatastore._AssociatedDataStore):
_defaults = {}
[docs]class SymbolMapping(collections.abc.Mapping): # type: ignore
"""
SymbolMapping object is used to improve performance of the `bv.symbols` API.
This allows pythonic code like this to have reasonable performance characteristics
>>> my_symbols = get_my_symbols()
>>> for symbol in my_symbols:
>>> if bv.symbols[symbol].address == 0x41414141:
>>> print("Found")
"""
def __init__(self, view: 'BinaryView'):
self._symbol_list = None
self._count = None
self._symbol_cache: Optional[Mapping[str, List[_types.CoreSymbol]]] = None
self._view = view
self._n = 0
self._keys = None
def __repr__(self):
return f"<SymbolMapping {len(self)} symbols: {self._symbol_cache}>"
def __del__(self):
if core is not None and self._symbol_list is not None:
core.BNFreeSymbolList(self._symbol_list, len(self))
def __getitem__(self, key: str) -> Optional[List['_types.CoreSymbol']]:
if self._symbol_cache is None:
sym = self._view.get_symbols_by_raw_name(key)
if len(sym) == 0:
raise KeyError(f"'{key}': symbol not found")
return sym
else:
return self._symbol_cache[key]
def _build_symbol_cache(self):
count = ctypes.c_ulonglong(0)
self._symbol_list = core.BNGetSymbols(self._view.handle, count, None)
assert self._symbol_list is not None, "core.BNGetSymbols returned None"
self._symbol_cache = {}
self._count = count.value
for i in range(len(self)):
_handle = core.BNNewSymbolReference(self._symbol_list[i])
assert _handle is not None, "core.BNNewSymbolReference returned None"
sym = _types.CoreSymbol(_handle)
try:
if sym.raw_name in self._symbol_cache:
self._symbol_cache[sym.raw_name].append(sym)
else:
self._symbol_cache[sym.raw_name] = [sym]
except UnicodeDecodeError:
mapped_str = sym.raw_bytes.decode('charmap')
if mapped_str in self._symbol_cache:
self._symbol_cache[mapped_str].append(sym)
else:
self._symbol_cache[mapped_str] = [sym]
def __iter__(self) -> Iterator[str]:
if self._symbol_cache is None:
self._build_symbol_cache()
assert self._symbol_cache is not None
yield from self._symbol_cache
def __next__(self) -> List['_types.CoreSymbol']:
if self._symbol_cache is None:
self._build_symbol_cache()
assert self._symbol_cache is not None
if self._keys is None:
self._keys = list(self._symbol_cache.keys())
self._n += 1
return self._symbol_cache[self._keys[self._n - 1]]
def __len__(self):
if self._symbol_cache is None:
self._build_symbol_cache()
return self._count
def __contains__(self, value: str):
try:
_ = self[value]
return True
except KeyError:
return False
[docs] def keys(self) -> KeysView[str]:
if self._symbol_cache is None:
self._build_symbol_cache()
assert self._symbol_cache is not None
return self._symbol_cache.keys()
[docs] def items(self) -> ItemsView[str, List['_types.CoreSymbol']]:
if self._symbol_cache is None:
self._build_symbol_cache()
assert self._symbol_cache is not None
return self._symbol_cache.items()
[docs] def values(self) -> ValuesView[List['_types.CoreSymbol']]:
if self._symbol_cache is None:
self._build_symbol_cache()
assert self._symbol_cache is not None
return self._symbol_cache.values()
[docs] def get(self, key: str, default: Optional[List['_types.CoreSymbol']] = None) -> Optional[List['_types.CoreSymbol']]:
try:
return self[key]
except KeyError:
return default
[docs]class TypeMapping(collections.abc.Mapping): # type: ignore
"""
TypeMapping object is used to improve performance of the `bv.types` API.
This allows pythonic code like this to have reasonable performance characteristics
>>> my_types = get_my_types()
>>> for type_name in my_types:
>>> if bv.types[type_name].width == 4:
>>> print("Found")
"""
def __init__(self, view: 'BinaryView', get_list_fn=core.BNGetAnalysisTypeList):
self._type_list = None
self._count = None
self._type_cache: Optional[Mapping[_types.QualifiedName, _types.Type]] = None
self._view = view
self._get_list_fn = get_list_fn
def __repr__(self):
return f"<TypeMapping {len(self)} symbols: {self._type_cache}>"
def __del__(self):
if core is not None and self._type_list is not None:
core.BNFreeTypeList(self._type_list, len(self))
def __getitem__(self, key):
if self._type_cache is None:
result = self._view.get_type_by_name(key)
if result is None:
raise KeyError(key)
return result
else:
return self._type_cache[key]
def __iter__(self):
if self._type_cache is not None:
yield from self._type_cache
count = ctypes.c_ulonglong(0)
type_list = self._get_list_fn(self._view.handle, count)
assert type_list is not None, "core.BNGetAnalysisTypeList returned None"
self._type_list = type_list
self._type_cache = {}
self._count = count.value
for i in range(len(self)):
name = _types.QualifiedName._from_core_struct(self._type_list[i].name)
type = _types.Type.create(core.BNNewTypeReference(self._type_list[i].type), platform=self._view.platform)
self._type_cache[name] = type
yield name, type
def _build_type_cache(self):
for _, _ in self:
pass
def __len__(self):
if self._type_cache is None:
self._build_type_cache()
return self._count
def __contains__(self, value):
try:
self[value]
return True
except KeyError:
return False
def __eq__(self, other):
return self._view == other._view
def __ne__(self, other):
return not (self == other)
[docs] def keys(self):
if self._type_cache is None:
self._build_type_cache()
assert self._type_cache is not None
return self._type_cache.keys()
[docs] def items(self):
if self._type_cache is None:
self._build_type_cache()
assert self._type_cache is not None
return self._type_cache.items()
[docs] def values(self):
if self._type_cache is None:
self._build_type_cache()
assert self._type_cache is not None
return self._type_cache.values()
[docs] def get(self, value, default = None):
try:
return self[value]
except KeyError:
return default
[docs]class FunctionList:
def __init__(self, view: 'BinaryView'):
count = ctypes.c_ulonglong(0)
_funcs = core.BNGetAnalysisFunctionList(view.handle, count)
assert _funcs is not None, "core.BNGetAnalysisFunctionList returned None"
self._funcs = _funcs
self._count = count.value
self._view = view
self._n = 0
def __iter__(self):
for i in range(0, len(self)):
yield _function.Function(self._view, core.BNNewFunctionReference(self._funcs[i]))
def __next__(self):
if self._n >= len(self):
raise StopIteration
func = core.BNNewFunctionReference(self._funcs[self._n])
assert func is not None, "core.BNNewFunctionReference returned None"
self._n += 1
return _function.Function(self._view, func)
def __getitem__(self, i: Union[int, slice]) -> Union['_function.Function', List['_function.Function']]:
if isinstance(i, int):
if i < 0:
i = len(self) + i
if i >= len(self):
raise IndexError(f"Index {i} out of bounds for FunctionList of size {len(self)}")
return _function.Function(self._view, core.BNNewFunctionReference(self._funcs[i]))
elif isinstance(i, slice):
result = []
if i.start < 0 or i.start >= len(self) or i.stop < 0 or i.stop >= len(self):
raise IndexError(f"Slice {i} out of bounds for FunctionList of size {len(self)}")
for j in range(i.start, i.stop, i.step if i.step is not None else 1):
result.append(_function.Function(self._view, core.BNNewFunctionReference(self._funcs[j])))
return result
raise ValueError("FunctionList.__getitem__ supports argument of type integer or slice")
def __del__(self):
core.BNFreeFunctionList(self._funcs, len(self))
def __len__(self) -> int:
return self._count
[docs]class AdvancedILFunctionList:
"""
The purpose of this class is to generate IL functions IL function in the background
improving the performance of iterating MediumLevelIL and HighLevelILFunctions.
Using this class or the associated helper methods BinaryView.mlil_functions / BinaryView.hlil_functions
can improve the performance of ILFunction iteration significantly
The prefetch_limit property is configurable and should be modified based upon your machines hardware and RAM limitations.
.. warning:: Setting the prefetch_limit excessively high can result in high memory utilization.
:Example:
>>> import timeit
>>> len(bv.functions)
4817
>>> # Calculate the average time to generate hlil for all functions withing 'bv':
>>> timeit.timeit(lambda:[f.hlil for f in bv.functions], number=1)
21.761621682000168
>>> t1 = _
>>> # Now try again with the advanced analysis iterator
>>> timeit.timeit(lambda:[f for f in bv.hlil_functions(128)], number=1)
6.3147709989998475
>>> t1/_
3.4461458199270947
>>> # This particular binary can iterate hlil functions 3.4x faster
>>> # If you don't need IL then its still much faster to just use `bv.functions`
>>> timeit.timeit(lambda:[f for f in bv.functions], number=1)
0.02230275600004461
"""
def __init__(self, view: 'BinaryView', preload_limit: int = 5, functions: Optional[Iterable] = None):
self._view = view
self._func_queue = deque()
self._preload_limit = preload_limit
if functions is None:
self._functions = FunctionList(self._view)
else:
self._functions = iter(functions)
def __iter__(self):
while True:
while len(self._func_queue) < self._preload_limit:
try:
self._func_queue.append(_function.AdvancedFunctionAnalysisDataRequestor(next(self._functions)))
except StopIteration:
break
if not self._func_queue:
break
yield self._func_queue.popleft().function
[docs]class BinaryView:
"""
``class BinaryView`` implements a view on binary data, and presents a queryable interface of a binary file. One key
job of BinaryView is file format parsing which allows Binary Ninja to read, write, insert, remove portions
of the file given a virtual address. For the purposes of this documentation we define a virtual address as the
memory address that the various pieces of the physical file will be loaded at.
A binary file does not have to have just one BinaryView, thus much of the interface to manipulate disassembly exists
within or is accessed through a BinaryView. All files are guaranteed to have at least the ``Raw`` BinaryView. The
``Raw`` BinaryView is simply a hex editor, but is helpful for manipulating binary files via their absolute addresses.
BinaryViews are plugins and thus registered with Binary Ninja at startup, and thus should **never** be instantiated
directly as this is already done. The list of available BinaryViews can be seen in the BinaryViewType class which
provides an iterator and map of the various installed BinaryViews::
>>> list(BinaryViewType)
[<view type: 'Raw'>, <view type: 'ELF'>, <view type: 'Mach-O'>, <view type: 'PE'>]
>>> BinaryViewType['ELF']
<view type: 'ELF'>
To open a file with a given BinaryView the following code is recommended:
>>> with open_view("/bin/ls") as bv:
... bv
<BinaryView: '/bin/ls', start 0x100000000, len 0x142c8>
`By convention in the rest of this document we will use bv to mean an open and, analyzed, BinaryView of an executable file.`
When a BinaryView is open on an executable view analysis is automatically run unless specific named parameters are used
to disable updates. If such a parameter is used, updates can be triggered using the :py:func:`update_analysis_and_wait` method
which disassembles the executable and returns when all disassembly and analysis is complete::
>>> bv.update_analysis_and_wait()
>>>
Since BinaryNinja's analysis is multi-threaded (depending on version) this can also be done in the background
by using the :py:func:`update_analysis` method instead.
By standard python convention methods which start with '_' should be considered private and should not
be called externally. Additionally, methods which begin with ``perform_`` should not be called directly
either and are used explicitly for subclassing a BinaryView.
.. note:: An important note on the ``*_user_*()`` methods. Binary Ninja makes a distinction between edits \
performed by the user and actions performed by auto analysis. Auto analysis actions that can quickly be recalculated \
are not saved to the database. Auto analysis actions that take a long time and all user edits are stored in the \
database (e.g. :py:func:`remove_user_function` rather than :py:func:`remove_function`). Thus use ``_user_`` methods if saving \
to the database is desired.
"""
name: Optional[str] = None
long_name: Optional[str] = None
_registered = False
_registered_cb = None
registered_view_type = None
_associated_data = {}
_registered_instances = []
def __init__(
self, file_metadata: Optional['filemetadata.FileMetadata'] = None, parent_view: Optional['BinaryView'] = None,
handle: Optional[core.BNBinaryViewHandle] = None
):
if handle is not None:
_handle = handle
if file_metadata is None:
self._file = filemetadata.FileMetadata(handle=core.BNGetFileForView(handle))
else:
self._file = file_metadata
elif self.__class__ is BinaryView:
binaryninja._init_plugins()
if file_metadata is None:
file_metadata = filemetadata.FileMetadata()
_handle = core.BNCreateBinaryDataView(file_metadata.handle)
self._file = filemetadata.FileMetadata(handle=core.BNNewFileReference(file_metadata.handle))
else:
binaryninja._init_plugins()
if not self.__class__._registered:
raise TypeError("view type not registered")
self._cb = core.BNCustomBinaryView()
self._cb.context = 0
self._cb.init = self._cb.init.__class__(self._init)
self._cb.externalRefTaken = self._cb.externalRefTaken.__class__(self._external_ref_taken)
self._cb.externalRefReleased = self._cb.externalRefReleased.__class__(self._external_ref_released)
self._cb.read = self._cb.read.__class__(self._read)
self._cb.write = self._cb.write.__class__(self._write)
self._cb.insert = self._cb.insert.__class__(self._insert)
self._cb.remove = self._cb.remove.__class__(self._remove)
self._cb.getModification = self._cb.getModification.__class__(self._get_modification)
self._cb.isValidOffset = self._cb.isValidOffset.__class__(self._is_valid_offset)
self._cb.isOffsetReadable = self._cb.isOffsetReadable.__class__(self._is_offset_readable)
self._cb.isOffsetWritable = self._cb.isOffsetWritable.__class__(self._is_offset_writable)
self._cb.isOffsetExecutable = self._cb.isOffsetExecutable.__class__(self._is_offset_executable)
self._cb.getNextValidOffset = self._cb.getNextValidOffset.__class__(self._get_next_valid_offset)
self._cb.getStart = self._cb.getStart.__class__(self._get_start)
self._cb.getLength = self._cb.getLength.__class__(self._get_length)
self._cb.getEntryPoint = self._cb.getEntryPoint.__class__(self._get_entry_point)
self._cb.isExecutable = self._cb.isExecutable.__class__(self._is_executable)
self._cb.getDefaultEndianness = self._cb.getDefaultEndianness.__class__(self._get_default_endianness)
self._cb.isRelocatable = self._cb.isRelocatable.__class__(self._is_relocatable)
self._cb.getAddressSize = self._cb.getAddressSize.__class__(self._get_address_size)
self._cb.save = self._cb.save.__class__(self._save)
if file_metadata is None:
raise Exception("Attempting to create a BinaryView with FileMetadata which is None")
self._file = file_metadata
_parent_view = None
if parent_view is not None:
_parent_view = parent_view.handle
_handle = core.BNCreateCustomBinaryView(self.__class__.name, file_metadata.handle, _parent_view, self._cb)
assert _handle is not None
self.handle = _handle
self._notifications = {}
self._parse_only = False
self._preload_limit = 5
self._platform = None
self._endianness = None
def __enter__(self):
return self
def __exit__(self, type, value, traceback):
self.file.close()
def __del__(self):
if core is None:
return
for i in self._notifications.values():
i._unregister()
core.BNFreeBinaryView(self.handle)
def __repr__(self):
start = self.start
length = self.length
if start != 0:
size = f"start {start:#x}, len {length:#x}"
else:
size = f"len {length:#x}"
filename = self._file.filename
if len(filename) > 0:
return f"<BinaryView: '{filename}', {size}>"
return f"<BinaryView: {size}>"
@deprecation.deprecated(deprecated_in="3.4.3997", details="Use .length instead. Python disallows the length of an object to "
">= 0x8000000000000000. See https://bugs.python.org/issue21444.")
def __len__(self):
return int(core.BNGetViewLength(self.handle))
@property
def length(self):
return int(core.BNGetViewLength(self.handle))
def __bool__(self):
return True
def __eq__(self, other):
if not isinstance(other, self.__class__):
return NotImplemented
return ctypes.addressof(self.handle.contents) == ctypes.addressof(other.handle.contents)
def __ne__(self, other):
if not isinstance(other, self.__class__):
return NotImplemented
return not (self == other)
def __hash__(self):
return hash(ctypes.addressof(self.handle.contents))
def __iter__(self) -> Generator['_function.Function', None, None]:
yield from self.functions
def __getitem__(self, i) -> bytes:
if isinstance(i, tuple):
result = bytes()
for s in i:
result += self.__getitem__(s)
return result
elif isinstance(i, slice):
if i.step is not None:
raise IndexError("step not implemented")
i = i.indices(self.end)
start = i[0]
stop = i[1]
if stop <= start:
return b""
return self.read(start, stop - start)
elif i < 0:
if i >= -self.length:
value = self.read(self.start + int(self.length + i), 1)
if len(value) == 0:
raise IndexError("index not readable")
return value
raise IndexError("index out of range")
elif (i >= self.start) and (i < self.end):
value = self.read(int(i), 1)
if len(value) == 0:
raise IndexError("index not readable")
return value
else:
raise IndexError("index out of range")
def __setitem__(self, i, value):
if isinstance(i, slice):
if i.step is not None:
raise IndexError("step not supported on assignment")
i = i.indices(self.end)
start = i[0]
stop = i[1]
if stop < start:
stop = start
if len(value) != (stop - start):
self.remove(start, stop - start)
self.insert(start, value)
else:
self.write(start, value)
elif i < 0:
if i >= -self.length:
if len(value) != 1:
raise ValueError("expected single byte for assignment")
if self.write(self.start + int(self.length + i), value) != 1:
raise IndexError("index not writable")
else:
raise IndexError("index out of range")
elif (i >= self.start) and (i < self.end):
if len(value) != 1:
raise ValueError("expected single byte for assignment")
if self.write(int(i), value) != 1:
raise IndexError("index not writable")
else:
raise IndexError("index out of range")
def __contains__(self, i: int):
for s in self.segments:
if i in s:
return True
return False
[docs] @classmethod
def register(cls) -> None:
binaryninja._init_plugins()
if cls.name is None:
raise ValueError("view 'name' not defined")
if cls.long_name is None:
cls.long_name = cls.name
cls._registered_cb = core.BNCustomBinaryViewType()
cls._registered_cb.context = 0
cls._registered_cb.create = cls._registered_cb.create.__class__(cls._create)
cls._registered_cb.parse = cls._registered_cb.parse.__class__(cls._parse)
cls._registered_cb.isValidForData = cls._registered_cb.isValidForData.__class__(cls._is_valid_for_data)
cls._registered_cb.isDeprecated = cls._registered_cb.isDeprecated.__class__(cls._is_deprecated)
cls._registered_cb.getLoadSettingsForData = cls._registered_cb.getLoadSettingsForData.__class__(
cls._get_load_settings_for_data
)
view_handle = core.BNRegisterBinaryViewType(cls.name, cls.long_name, cls._registered_cb)
assert view_handle is not None, "core.BNRegisterBinaryViewType returned None"
cls.registered_view_type = BinaryViewType(view_handle)
cls._registered = True
@property
def parse_only(self) -> bool:
return self._parse_only
@parse_only.setter
def parse_only(self, value: bool) -> None:
self._parse_only = value
@classmethod
def _create(cls, ctxt, data: core.BNBinaryView):
try:
file_metadata = filemetadata.FileMetadata(handle=core.BNGetFileForView(data))
view = cls(BinaryView(file_metadata=file_metadata, handle=core.BNNewViewReference(data))) # type: ignore
if view is None:
return None
view.parse_only = False
view_handle = core.BNNewViewReference(view.handle)
assert view_handle is not None, "core.BNNewViewReference returned None"
return ctypes.cast(view_handle, ctypes.c_void_p).value
except:
log_error(traceback.format_exc())
return None
@classmethod
def _parse(cls, ctxt, data: core.BNBinaryView):
try:
file_metadata = filemetadata.FileMetadata(handle=core.BNGetFileForView(data))
view = cls(BinaryView(file_metadata=file_metadata, handle=core.BNNewViewReference(data))) # type: ignore
if view is None:
return None
view.parse_only = True
view_handle = core.BNNewViewReference(view.handle)
assert view_handle is not None, "core.BNNewViewReference returned None"
return ctypes.cast(view_handle, ctypes.c_void_p).value
except:
log_error(traceback.format_exc())
return None
@classmethod
def _is_valid_for_data(cls, ctxt, data):
try:
# I'm not sure whats going on here even so I've suppressed the linter warning
return cls.is_valid_for_data(BinaryView(handle=core.BNNewViewReference(data))) # type: ignore
except:
log_error(traceback.format_exc())
return False
@classmethod
def _is_deprecated(cls, ctxt):
# Since the is_deprecated() method is newly added, existing code may not have it at all
# So here we do not consider it as an error
if not callable(getattr(cls, 'is_deprecated', None)):
return False
try:
return cls.is_deprecated() # type: ignore
except:
log_error(traceback.format_exc())
return False
@classmethod
def _get_load_settings_for_data(cls, ctxt, data):
try:
attr = getattr(cls, "get_load_settings_for_data", None)
if callable(attr):
result = cls.get_load_settings_for_data(
BinaryView(handle=core.BNNewViewReference(data))
) # type: ignore
settings_handle = core.BNNewSettingsReference(result.handle)
assert settings_handle is not None, "core.BNNewSettingsReference returned None"
return ctypes.cast(settings_handle, ctypes.c_void_p).value
else:
return None
except:
log_error(traceback.format_exc())
return None
[docs] @staticmethod
def open(src, file_metadata=None) -> Optional['BinaryView']:
binaryninja._init_plugins()
if isinstance(src, fileaccessor.FileAccessor):
if file_metadata is None:
file_metadata = filemetadata.FileMetadata()
view = core.BNCreateBinaryDataViewFromFile(file_metadata.handle, src._cb)
else:
if file_metadata is None:
file_metadata = filemetadata.FileMetadata(str(src))
view = core.BNCreateBinaryDataViewFromFilename(file_metadata.handle, str(src))
if view is None:
return None
return BinaryView(file_metadata=file_metadata, handle=view)
[docs] @staticmethod
def new(data: Optional[Union[bytes, bytearray, 'databuffer.DataBuffer']] = None, file_metadata: Optional['filemetadata.FileMetadata'] = None) -> Optional['BinaryView']:
binaryninja._init_plugins()
if file_metadata is None:
file_metadata = filemetadata.FileMetadata()
if data is None:
view = core.BNCreateBinaryDataView(file_metadata.handle)
elif isinstance(data, databuffer.DataBuffer):
view = core.BNCreateBinaryDataViewFromBuffer(file_metadata.handle, data.handle)
else:
buf = databuffer.DataBuffer(data)
view = core.BNCreateBinaryDataViewFromBuffer(file_metadata.handle, buf.handle)
if view is None:
return None
return BinaryView(file_metadata=file_metadata, handle=view)
@classmethod
def _unregister(cls, view: core.BNBinaryView) -> None:
handle = ctypes.cast(view, ctypes.c_void_p)
if handle.value in cls._associated_data:
del cls._associated_data[handle.value]
[docs] @staticmethod
def set_default_session_data(name: str, value: str) -> None:
"""
``set_default_session_data`` saves a variable to the BinaryView.
:param str name: name of the variable to be saved
:param str value: value of the variable to be saved
:Example:
>>> BinaryView.set_default_session_data("variable_name", "value")
>>> bv.session_data.variable_name
'value'
"""
_BinaryViewAssociatedDataStore.set_default(name, value)
@property
def preload_limit(self) -> int:
return self._preload_limit
@preload_limit.setter
def preload_limit(self, value: int) -> None:
self._preload_limit = value
@property
def basic_blocks(self) -> Generator['basicblock.BasicBlock', None, None]:
"""A generator of all BasicBlock objects in the BinaryView"""
for func in self:
yield from func.basic_blocks
@property
def llil_basic_blocks(self) -> Generator['lowlevelil.LowLevelILBasicBlock', None, None]:
"""A generator of all LowLevelILBasicBlock objects in the BinaryView"""
for func in self:
yield from func.low_level_il.basic_blocks
@property
def mlil_basic_blocks(self) -> Generator['mediumlevelil.MediumLevelILBasicBlock', None, None]:
"""A generator of all MediumLevelILBasicBlock objects in the BinaryView"""
for func in self.mlil_functions():
yield from func.basic_blocks
@property
def hlil_basic_blocks(self) -> Generator['highlevelil.HighLevelILBasicBlock', None, None]:
"""A generator of all HighLevelILBasicBlock objects in the BinaryView"""
for func in self.hlil_functions():
yield from func.basic_blocks
@property
def instructions(self) -> InstructionsType:
"""A generator of instruction tokens and their start addresses"""
for block in self.basic_blocks:
start = block.start
for i in block:
yield (i[0], start)
start += i[1]
@property
def llil_instructions(self) -> 'lowlevelil.LLILInstructionsType':
"""A generator of llil instructions"""
for block in self.llil_basic_blocks:
yield from block
@property
def mlil_instructions(self) -> Generator['mediumlevelil.MediumLevelILInstruction', None, None]:
"""A generator of mlil instructions"""
for block in self.mlil_basic_blocks:
yield from block
@property
def hlil_instructions(self) -> 'highlevelil.HLILInstructionsType':
"""A generator of hlil instructions"""
for block in self.hlil_basic_blocks:
yield from block
@property
def parent_view(self) -> Optional['BinaryView']:
"""View that contains the raw data used by this view (read-only)"""
result = core.BNGetParentView(self.handle)
if result is None:
return None
return BinaryView(handle=result)
@property
def modified(self) -> bool:
"""boolean modification state of the BinaryView (read/write)"""
return self._file.modified
@modified.setter
def modified(self, value: bool) -> None:
self._file.modified = value
@property
def analysis_changed(self) -> bool:
"""boolean analysis state changed of the currently running analysis (read-only)"""
return self._file.analysis_changed
@property
def has_database(self) -> bool:
"""boolean has a database been written to disk (read-only)"""
return self._file.has_database
@property
def view(self) -> 'str':
return self._file.view
@view.setter
def view(self, value: str) -> None:
self._file.view = value
@property
def offset(self) -> int:
return self._file.offset
@offset.setter
def offset(self, value: int) -> None:
self._file.offset = value
@property
def file(self) -> 'filemetadata.FileMetadata':
""":py:class:`~binaryninja.filemetadata.FileMetadata` backing the BinaryView """
return self._file
@property
def start(self) -> int:
"""Start offset of the binary (read-only)"""
return core.BNGetStartOffset(self.handle)
@property
def end(self) -> int:
"""End offset of the binary (read-only)"""
return core.BNGetEndOffset(self.handle)
@property
def entry_point(self) -> int:
"""Entry point of the binary (read-only)"""
return core.BNGetEntryPoint(self.handle)
@property
def arch(self) -> Optional['architecture.Architecture']:
"""The architecture associated with the current :py:class:`BinaryView` (read/write)"""
arch = core.BNGetDefaultArchitecture(self.handle)
if arch is None:
return None
return architecture.CoreArchitecture._from_cache(handle=arch)
@arch.setter
def arch(self, value: 'architecture.Architecture') -> None:
if value is None:
core.BNSetDefaultArchitecture(self.handle, None)
else:
core.BNSetDefaultArchitecture(self.handle, value.handle)
@property
def platform(self) -> Optional['_platform.Platform']:
"""The platform associated with the current BinaryView (read/write)"""
if self._platform is not None:
return self._platform
plat = core.BNGetDefaultPlatform(self.handle)
if plat is None:
return None
self._platform = _platform.Platform(self.arch, handle=plat)
return self._platform
@platform.setter
def platform(self, value: Optional['_platform.Platform']) -> None:
if value is None:
core.BNSetDefaultPlatform(self.handle, None)
else:
core.BNSetDefaultPlatform(self.handle, value.handle)
self._platform = None
@property
def endianness(self) -> Endianness:
"""Endianness of the binary (read-only)"""
if self._endianness is None:
self._endianness = Endianness(core.BNGetDefaultEndianness(self.handle))
return self._endianness
@property
def relocatable(self) -> bool:
"""Boolean - is the binary relocatable (read-only)"""
return core.BNIsRelocatable(self.handle)
@property
def address_size(self) -> int:
"""Address size of the binary (read-only)"""
return core.BNGetViewAddressSize(self.handle)
@property
def executable(self) -> bool:
"""Whether the binary is an executable (read-only)"""
return core.BNIsExecutableView(self.handle)
@property
def functions(self) -> FunctionList:
"""returns a FunctionList object (read-only)"""
return FunctionList(self)
[docs] def mlil_functions(
self, preload_limit: Optional[int] = None,
function_generator: Optional[Generator['_function.Function', None, None]] = None
) -> Generator['mediumlevelil.MediumLevelILFunction', None, None]:
"""
Generates a list of il functions. This method should be used instead of 'functions' property if
MLIL is needed and performance is a concern.
"""
for func in AdvancedILFunctionList(
self, self.preload_limit if preload_limit is None else preload_limit, function_generator
):
mlil = func.mlil
if mlil:
yield mlil
[docs] def hlil_functions(
self, preload_limit: Optional[int] = None,
function_generator: Optional[Generator['_function.Function', None, None]] = None
) -> Generator['highlevelil.HighLevelILFunction', None, None]:
"""
Generates a list of il functions. This method should be used instead of 'functions' property if
HLIL is needed and performance is a concern.
"""
for func in AdvancedILFunctionList(
self, self.preload_limit if preload_limit is None else preload_limit, function_generator
):
hlil = func.hlil
if hlil:
yield hlil
@property
def has_functions(self) -> bool:
"""Boolean whether the binary has functions (read-only)"""
return core.BNHasFunctions(self.handle)
@property
def has_symbols(self) -> bool:
"""Boolean whether the binary has symbols (read-only)"""
return core.BNHasSymbols(self.handle)
@property
def has_data_variables(self) -> bool:
"""Boolean whether the binary has data variables (read-only)"""
return core.BNHasDataVariables(self.handle)
@property
def entry_function(self) -> Optional['_function.Function']:
"""Entry function (read-only)"""
func = core.BNGetAnalysisEntryPoint(self.handle)
if func is None:
return None
return _function.Function(self, func)
@property
def symbols(self) -> SymbolMapping:
"""
Dict of symbols (read-only)
Items in the dict are lists of all symbols matching that name.
:Example:
>>> bv.symbols['_main']
[<FunctionSymbol: "_main" @ 0x1dd0>]
>>> list(bv.symbols)
['_start', '_main', '_printf', '_scanf', ...]
>>> bv.symbols['foo']
KeyError: "'foo': symbol not found"
:return: a dict-like generator of symbol names and values
:rtype: Generator[str, None, None]
"""
return SymbolMapping(self)
[docs] @staticmethod
def internal_namespace() -> '_types.NameSpace':
"""Internal namespace for the current BinaryView"""
ns = core.BNGetInternalNameSpace()
try:
return _types.NameSpace._from_core_struct(ns)
finally:
core.BNFreeNameSpace(ns)
[docs] @staticmethod
def external_namespace() -> '_types.NameSpace':
"""External namespace for the current BinaryView"""
ns = core.BNGetExternalNameSpace()
try:
return _types.NameSpace._from_core_struct(ns)
finally:
core.BNFreeNameSpace(ns)
@property
def namespaces(self) -> List['_types.NameSpace']:
"""Returns a list of namespaces for the current BinaryView"""
count = ctypes.c_ulonglong(0)
nameSpaceList = core.BNGetNameSpaces(self.handle, count)
assert nameSpaceList is not None, "core.BNGetNameSpaces returned None"
result = []
try:
for i in range(count.value):
result.append(_types.NameSpace._from_core_struct(nameSpaceList[i]))
return result
finally:
core.BNFreeNameSpaceList(nameSpaceList, count.value)
@property
def view_type(self) -> str:
"""View type (read-only)"""
return core.BNGetViewType(self.handle)
@property
def available_view_types(self) -> List[BinaryViewType]:
"""Available view types (read-only)"""
count = ctypes.c_ulonglong(0)
types = core.BNGetBinaryViewTypesForData(self.handle, count)
result = []
if types is None:
return result
try:
for i in range(0, count.value):
result.append(BinaryViewType(types[i]))
return result
finally:
core.BNFreeBinaryViewTypeList(types)
@property
def strings(self) -> List['StringReference']:
"""List of strings (read-only)"""
return self.get_strings()
@property
def saved(self) -> bool:
"""boolean state of whether or not the file has been saved (read/write)"""
return self._file.saved
@saved.setter
def saved(self, value: bool) -> None:
self._file.saved = value
@property
def analysis_info(self) -> AnalysisInfo:
"""Provides instantaneous analysis state information and a list of current functions under analysis (read-only).
All times are given in units of milliseconds (ms). Per-function `analysis_time` is the aggregation of time spent
performing incremental updates and is reset on a full function update. Per-function `update_count` tracks the
current number of incremental updates and is reset on a full function update. Per-function `submit_count` tracks the
current number of full updates that have completed.
.. note:: `submit_count` is currently not reset across analysis updates.
"""
info_ref = core.BNGetAnalysisInfo(self.handle)
assert info_ref is not None, "core.BNGetAnalysisInfo returned None"
info = info_ref[0]
active_info_list: List[ActiveAnalysisInfo] = []
try:
for i in range(0, info.count):
func = _function.Function(self, core.BNNewFunctionReference(info.activeInfo[i].func))
active_info = ActiveAnalysisInfo(
func, info.activeInfo[i].analysisTime, info.activeInfo[i].updateCount,
info.activeInfo[i].submitCount
)
active_info_list.append(active_info)
return AnalysisInfo(info.state, info.analysisTime, active_info_list)
finally:
core.BNFreeAnalysisInfo(info_ref)
@property
def analysis_progress(self) -> AnalysisProgress:
"""Status of current analysis (read-only)"""
result = core.BNGetAnalysisProgress(self.handle)
return AnalysisProgress(result.state, result.count, result.total)
@property
def linear_disassembly(self) -> Iterator['lineardisassembly.LinearDisassemblyLine']:
"""Iterator for all lines in the linear disassembly of the view"""
return self.get_linear_disassembly(None)
@property
def data_vars(self) -> Mapping[int, 'DataVariable']:
"""List of data variables (read-only)"""
count = ctypes.c_ulonglong(0)
var_list = core.BNGetDataVariables(self.handle, count)
assert var_list is not None, "core.BNGetDataVariables returned None"
result = {}
try:
for i in range(0, count.value):
result[var_list[i].address] = DataVariable.from_core_struct(var_list[i], self)
return result
finally:
core.BNFreeDataVariables(var_list, count.value)
@property
def types(self) -> TypeMapping:
return TypeMapping(self)
@property
def dependency_sorted_types(self) -> TypeMapping:
"""
List of all types, sorted such that types are after all types on which they depend (read-only)
Order is guaranteed for any collection of types with no cycles. If you have cycles
in type dependencies, order for types in a cycle is not guaranteed.
.. note:: Dependency order is based on named type references for all non-structure types, i.e.
``struct Foo m_foo`` will induce a dependency, whereas ``struct Foo* m_pFoo`` will not.
:return: sorted types as defined above
"""
return TypeMapping(self, core.BNGetAnalysisDependencySortedTypeList)
@property
def type_names(self) -> List['_types.QualifiedName']:
"""List of defined type names (read-only)"""
count = ctypes.c_ulonglong(0)
name_list = core.BNGetAnalysisTypeNames(self.handle, count, "")
assert name_list is not None, "core.BNGetAnalysisTypeNames returned None"
result = []
try:
for i in range(0, count.value):
result.append(_types.QualifiedName._from_core_struct(name_list[i]))
return result
finally:
core.BNFreeTypeNameList(name_list, count.value)
@property
def type_libraries(self) -> List['typelibrary.TypeLibrary']:
"""List of imported type libraries (read-only)"""
count = ctypes.c_ulonglong(0)
libraries = core.BNGetBinaryViewTypeLibraries(self.handle, count)
assert libraries is not None, "core.BNGetBinaryViewTypeLibraries returned None"
result = []
try:
for i in range(0, count.value):
result.append(typelibrary.TypeLibrary(core.BNNewTypeLibraryReference(libraries[i])))
return result
finally:
core.BNFreeTypeLibraryList(libraries, count.value)
@property
def segments(self) -> List['Segment']:
"""List of segments (read-only)"""
count = ctypes.c_ulonglong(0)
segment_list = core.BNGetSegments(self.handle, count)
assert segment_list is not None, "core.BNGetSegments returned None"
result = []
try:
for i in range(0, count.value):
segment_handle = core.BNNewSegmentReference(segment_list[i])
assert segment_handle is not None, "core.BNNewSegmentReference returned None"
result.append(Segment(segment_handle))
return result
finally:
core.BNFreeSegmentList(segment_list, count.value)
@property
def sections(self) -> Mapping[str, 'Section']:
"""Dictionary of sections (read-only)"""
count = ctypes.c_ulonglong(0)
section_list = core.BNGetSections(self.handle, count)
assert section_list is not None, "core.BNGetSections returned None"
result = {}
try:
for i in range(0, count.value):
section_handle = core.BNNewSectionReference(section_list[i])
assert section_handle is not None, "core.BNNewSectionReference returned None"
result[core.BNSectionGetName(section_list[i])] = Section(section_handle)
return result
finally:
core.BNFreeSectionList(section_list, count.value)
@property
def allocated_ranges(self) -> List['variable.AddressRange']:
"""List of valid address ranges for this view (read-only)"""
count = ctypes.c_ulonglong(0)
range_list = core.BNGetAllocatedRanges(self.handle, count)
assert range_list is not None, "core.BNGetAllocatedRanges returned None"
result = []
try:
for i in range(0, count.value):
result.append(variable.AddressRange(range_list[i].start, range_list[i].end))
return result
finally:
core.BNFreeAddressRanges(range_list)
@property
def session_data(self): # TODO add type hint
"""Dictionary object where plugins can store arbitrary data associated with the view"""
handle = ctypes.cast(self.handle, ctypes.c_void_p)
if handle.value not in BinaryView._associated_data:
obj = _BinaryViewAssociatedDataStore()
BinaryView._associated_data[handle.value] = obj
return obj
else:
return BinaryView._associated_data[handle.value]
@property
def global_pointer_value(self) -> 'variable.RegisterValue':
"""Discovered value of the global pointer register, if the binary uses one (read-only)"""
result = core.BNGetGlobalPointerValue(self.handle)
return variable.RegisterValue.from_BNRegisterValue(result, self.arch)
@property
def parameters_for_analysis(self):
return core.BNGetParametersForAnalysis(self.handle)
@parameters_for_analysis.setter
def parameters_for_analysis(self, params):
core.BNSetParametersForAnalysis(self.handle, params)
@property
def max_function_size_for_analysis(self) -> int:
"""Maximum size of function (sum of basic block sizes in bytes) for auto analysis"""
return core.BNGetMaxFunctionSizeForAnalysis(self.handle)
@max_function_size_for_analysis.setter
def max_function_size_for_analysis(self, size: int) -> None:
core.BNSetMaxFunctionSizeForAnalysis(self.handle, size)
@property
def relocation_ranges(self) -> List[Tuple[int, int]]:
"""List of relocation range tuples (read-only)"""
count = ctypes.c_ulonglong()
ranges = core.BNGetRelocationRanges(self.handle, count)
assert ranges is not None, "core.BNGetRelocationRanges returned None"
try:
return [(ranges[i].start, ranges[i].end) for i in range(count.value)]
finally:
core.BNFreeRelocationRanges(ranges)
[docs] def relocation_ranges_at(self, addr: int) -> List[Tuple[int, int]]:
"""List of relocation range tuples for a given address"""
count = ctypes.c_ulonglong()
ranges = core.BNGetRelocationRangesAtAddress(self.handle, addr, count)
assert ranges is not None, "core.BNGetRelocationRangesAtAddress returned None"
try:
return [(ranges[i].start, ranges[i].end) for i in range(count.value)]
finally:
core.BNFreeRelocationRanges(ranges)
[docs] def range_contains_relocation(self, addr: int, size: int) -> bool:
"""Checks if the specified range overlaps with a relocation"""
return core.BNRangeContainsRelocation(self.handle, addr, size)
@property
def new_auto_function_analysis_suppressed(self) -> bool:
"""Whether or not automatically discovered functions will be analyzed"""
return core.BNGetNewAutoFunctionAnalysisSuppressed(self.handle)
@new_auto_function_analysis_suppressed.setter
def new_auto_function_analysis_suppressed(self, suppress: bool) -> None:
core.BNSetNewAutoFunctionAnalysisSuppressed(self.handle, suppress)
def _init(self, ctxt):
try:
return self.init()
except:
log_error(traceback.format_exc())
return False
def _external_ref_taken(self, ctxt):
try:
self.__class__._registered_instances.append(self)
except:
log_error(traceback.format_exc())
def _external_ref_released(self, ctxt):
try:
self.__class__._registered_instances.remove(self)
except:
log_error(traceback.format_exc())
def _read(self, ctxt, dest, offset, length):
try:
data = self.perform_read(offset, length)
if data is None:
return 0
if len(data) > length:
data = data[0:length]
ctypes.memmove(dest, data, len(data))
return len(data)
except:
log_error(traceback.format_exc())
return 0
def _write(self, ctxt, offset, src, length):
try:
data = ctypes.create_string_buffer(length)
ctypes.memmove(data, src, length)
return self.perform_write(offset, data.raw)
except:
log_error(traceback.format_exc())
return 0
def _insert(self, ctxt, offset, src, length):
try:
data = ctypes.create_string_buffer(length)
ctypes.memmove(data, src, length)
return self.perform_insert(offset, data.raw)
except:
log_error(traceback.format_exc())
return 0
def _remove(self, ctxt, offset, length):
try:
return self.perform_remove(offset, length)
except:
log_error(traceback.format_exc())
return 0
def _get_modification(self, ctxt, offset):
try:
return self.perform_get_modification(offset)
except:
log_error(traceback.format_exc())
return ModificationStatus.Original
def _is_valid_offset(self, ctxt, offset):
try:
return self.perform_is_valid_offset(offset)
except:
log_error(traceback.format_exc())
return False
def _is_offset_readable(self, ctxt, offset):
try:
return self.perform_is_offset_readable(offset)
except:
log_error(traceback.format_exc())
return False
def _is_offset_writable(self, ctxt, offset):
try:
return self.perform_is_offset_writable(offset)
except:
log_error(traceback.format_exc())
return False
def _is_offset_executable(self, ctxt, offset):
try:
return self.perform_is_offset_executable(offset)
except:
log_error(traceback.format_exc())
return False
def _get_next_valid_offset(self, ctxt, offset):
try:
return self.perform_get_next_valid_offset(offset)
except:
log_error(traceback.format_exc())
return offset
def _get_start(self, ctxt):
try:
return self.perform_get_start()
except:
log_error(traceback.format_exc())
return 0
def _get_length(self, ctxt):
try:
return self.perform_get_length()
except:
log_error(traceback.format_exc())
return 0
def _get_entry_point(self, ctxt):
try:
return self.perform_get_entry_point()
except:
log_error(traceback.format_exc())
return 0
def _is_executable(self, ctxt):
try:
return self.perform_is_executable()
except:
log_error(traceback.format_exc())
return False
def _get_default_endianness(self, ctxt):
try:
return self.perform_get_default_endianness()
except:
log_error(traceback.format_exc())
return Endianness.LittleEndian
def _is_relocatable(self, ctxt):
try:
return self.perform_is_relocatable()
except:
log_error(traceback.format_exc())
return False
def _get_address_size(self, ctxt):
try:
return self.perform_get_address_size()
except:
log_error(traceback.format_exc())
return 8
def _save(self, ctxt, file_accessor):
try:
return self.perform_save(fileaccessor.CoreFileAccessor(file_accessor))
except:
log_error(traceback.format_exc())
return False
[docs] def init(self) -> bool:
return True
[docs] def disassembly_tokens(
self, addr: int, arch: Optional['architecture.Architecture'] = None
) -> Generator[Tuple[List['_function.InstructionTextToken'], int], None, None]:
if arch is None:
if self.arch is None:
raise Exception("Can not call method disassembly with no Architecture specified")
arch = self.arch
size = 1
while size != 0:
tokens, size = arch.get_instruction_text(self.read(addr, arch.max_instr_length), addr)
addr += size
if size == 0 or tokens is None:
break
yield (tokens, size)
[docs] def disassembly_text(self, addr: int,
arch: Optional['architecture.Architecture'] = None) -> Generator[Tuple[str, int], None, None]:
"""
``disassembly_text`` helper function for getting disassembly of a given address
:param int addr: virtual address of instruction
:param Architecture arch: optional Architecture, ``self.arch`` is used if this parameter is None
:return: a str representation of the instruction at virtual address ``addr`` or None
:rtype: str or None
:Example:
>>> next(bv.disassembly_text(bv.entry_point))
'push ebp', 1
>>>
"""
if arch is None:
if self.arch is None:
raise Exception("Can not call method disassembly with no Architecture specified")
arch = self.arch
size = 1
while size != 0:
tokens, size = arch.get_instruction_text(self.read(addr, arch.max_instr_length), addr)
addr += size
if size == 0 or tokens is None:
break
yield (''.join(str(a) for a in tokens).strip(), size)
[docs] def get_disassembly(self, addr: int, arch: Optional['architecture.Architecture'] = None) -> Optional[str]:
"""
``get_disassembly`` simple helper function for printing disassembly of a given address
:param int addr: virtual address of instruction
:param Architecture arch: optional Architecture, ``self.arch`` is used if this parameter is None
:return: a str representation of the instruction at virtual address ``addr`` or None
:rtype: str or None
:Example:
>>> bv.get_disassembly(bv.entry_point)
'push ebp'
>>>
.. note:: This API is very simplistic and only returns text. See :py:func:`disassembly_text` and \
`instructions` for more capable APIs.
"""
if arch is None:
if self.arch is None:
raise Exception("Can not call method disassembly with no Architecture specified")
arch = self.arch
txt, _ = arch.get_instruction_text(self.read(addr, arch.max_instr_length), addr)
if txt is None:
return None
return ''.join(str(a) for a in txt).strip()
[docs] def perform_get_entry_point(self) -> int:
"""
``perform_get_entry_point`` implements a query for the initial entry point for code execution.
.. note:: This method **should** be implemented for custom BinaryViews that are executable.
.. warning:: This method **must not** be called directly.
:return: the virtual address of the entry point
:rtype: int
"""
return 0
[docs] def create_database(
self, filename: str, progress_func: Optional[ProgressFuncType] = None,
settings: Optional['filemetadata.SaveSettings'] = None
) -> bool:
"""
``create_database`` writes the current database (.bndb) out to the specified file.
:param str filename: path and filename to write the bndb to, this string `should` have ".bndb" appended to it.
:param callback progress_func: optional function to be called with the current progress and total count.
:param SaveSettings settings: optional argument for special save options.
:return: True on success, False on failure
:rtype: bool
.. warning:: The calling thread must not hold a lock on the BinaryView instance as this action is run on the main thread which requires the lock.
:Example:
>>> settings = SaveSettings()
>>> bv.create_database(f"{bv.file.filename}.bndb", None, settings)
True
"""
return self._file.create_database(filename, progress_func, settings)
[docs] def save_auto_snapshot(
self, progress_func: Optional[ProgressFuncType] = None, settings: Optional['filemetadata.SaveSettings'] = None
) -> bool:
"""
``save_auto_snapshot`` saves the current database to the already created file.
.. note:: :py:func:`create_database` should have been called prior to executing this method
:param callback progress_func: optional function to be called with the current progress and total count.
:param SaveSettings settings: optional argument for special save options.
:return: True if it successfully saved the snapshot, False otherwise
:rtype: bool
"""
return self._file.save_auto_snapshot(progress_func, settings)
[docs] def get_view_of_type(self, name: str) -> Optional['BinaryView']:
"""
``get_view_of_type`` returns the BinaryView associated with the provided name if it exists.
:param str name: Name of the view to be retrieved
:return: BinaryView object associated with the provided name or None on failure
:rtype: BinaryView or None
"""
return self._file.get_view_of_type(name)
[docs] def begin_undo_actions(self) -> None:
"""
``begin_undo_actions`` start recording actions taken so the can be undone at some point.
:rtype: None
:Example:
>>> bv.get_disassembly(0x100012f1)
'xor eax, eax'
>>> bv.begin_undo_actions()
>>> bv.convert_to_nop(0x100012f1)
True
>>> bv.commit_undo_actions()
>>> bv.get_disassembly(0x100012f1)
'nop'
>>> bv.undo()
>>> bv.get_disassembly(0x100012f1)
'xor eax, eax'
>>>
"""
self._file.begin_undo_actions()
[docs] def commit_undo_actions(self) -> None:
"""
``commit_undo_actions`` commit the actions taken since the last commit to the undo database.
:rtype: None
:Example:
>>> bv.get_disassembly(0x100012f1)
'xor eax, eax'
>>> bv.begin_undo_actions()
>>> bv.convert_to_nop(0x100012f1)
True
>>> bv.commit_undo_actions()
>>> bv.get_disassembly(0x100012f1)
'nop'
>>> bv.undo()
>>> bv.get_disassembly(0x100012f1)
'xor eax, eax'
>>>
"""
self._file.commit_undo_actions()
[docs] def undo(self) -> None:
"""
``undo`` undo the last committed action in the undo database.
:rtype: None
:Example:
>>> bv.get_disassembly(0x100012f1)
'xor eax, eax'
>>> bv.begin_undo_actions()
>>> bv.convert_to_nop(0x100012f1)
True
>>> bv.commit_undo_actions()
>>> bv.get_disassembly(0x100012f1)
'nop'
>>> bv.undo()
>>> bv.get_disassembly(0x100012f1)
'xor eax, eax'
>>> bv.redo()
>>> bv.get_disassembly(0x100012f1)
'nop'
>>>
"""
self._file.undo()
[docs] def redo(self) -> None:
"""
``redo`` redo the last committed action in the undo database.
:rtype: None
:Example:
>>> bv.get_disassembly(0x100012f1)
'xor eax, eax'
>>> bv.begin_undo_actions()
>>> bv.convert_to_nop(0x100012f1)
True
>>> bv.commit_undo_actions()
>>> bv.get_disassembly(0x100012f1)
'nop'
>>> bv.undo()
>>> bv.get_disassembly(0x100012f1)
'xor eax, eax'
>>> bv.redo()
>>> bv.get_disassembly(0x100012f1)
'nop'
>>>
"""
self._file.redo()
[docs] def navigate(self, view_name: str, offset: int) -> bool:
"""
``navigate`` navigates the UI to the specified virtual address in the specified View
The View name is created by combining a View type (e.g. "Graph") with a BinaryView type (e.g. "Mach-O"),
seperated by a colon, resulting in something like "Graph:Mach-O".
:param str view_name: View name.
:param int offset: address to navigate to
:return: whether navigation succeeded
:rtype: bool
:Example:
>>> bv.navigate(bv.view, bv.start)
True
>>> bv.file.existing_views
['Mach-O', 'Raw']
>>> import binaryninjaui
>>> [i.getName() for i in binaryninjaui.ViewType.getTypes()]
['Graph', 'Hex', 'Linear', 'Strings', 'Types', 'Triage', 'Bytes']
>>> bv.navigate('Graph:Mach-O', bv.entry_point)
True
"""
return self._file.navigate(view_name, offset)
[docs] def read(self, addr: int, length: int) -> bytes:
"""
``read`` returns the data reads at most ``length`` bytes from virtual address ``addr``.
.. note:: Python2 returns a str, but Python3 returns a bytes object. str(DataBufferObject) will \
still get you a str in either case.
:param int addr: virtual address to read from.
:param int length: number of bytes to read.
:return: at most ``length`` bytes from the virtual address ``addr``, empty string on error or no data
:rtype: bytes
:Example:
>>> #Opening a x86_64 Mach-O binary
>>> bv = BinaryViewType['Raw'].open("/bin/ls") #note that we are using open instead of get_view_of_file to get the raw view
>>> bv.read(0,4)
b\'\\xcf\\xfa\\xed\\xfe\'
"""
if (addr < 0) or (length < 0):
raise ValueError("length and address must both be positive")
buf = databuffer.DataBuffer(handle=core.BNReadViewBuffer(self.handle, addr, length))
return bytes(buf)
[docs] def read_int(self, address: int, size: int, sign: bool = True, endian: Optional[Endianness] = None) -> int:
_endian = self.endianness
if endian is not None:
_endian = endian
data = self.read(address, size)
if len(data) != size:
raise ValueError(f"Couldn't read {size} bytes from address: {address:#x}")
return TypedDataAccessor.int_from_bytes(data, size, sign, _endian)
[docs] def read_pointer(self, address: int, size: Optional[int] = None) -> int:
if size is None:
if self.arch is None:
raise ValueError("Can't read pointer for BinaryView without an architecture")
size = self.arch.address_size
return self.read_int(address, size, False, self.endianness)
[docs] def write(self, addr: int, data: bytes, except_on_relocation: bool = True) -> int:
"""
``write`` writes the bytes in ``data`` to the virtual address ``addr``.
:param int addr: virtual address to write to.
:param bytes data: data to be written at addr.
:param bool except_on_relocation: (default True) raise exception when write overlaps a relocation
:return: number of bytes written to virtual address ``addr``
:rtype: int
:Example:
>>> bv.read(0,4)
b'BBBB'
>>> bv.write(0, b"AAAA")
4
>>> bv.read(0,4)
b'AAAA'
"""
if not (isinstance(data, bytes) or isinstance(data, bytearray) or isinstance(data, str)):
raise TypeError("Must be bytes, bytearray, or str")
buf = databuffer.DataBuffer(data)
if except_on_relocation and self.range_contains_relocation(addr, addr + len(data)):
raise RelocationWriteException("Attempting to write to a location which has a relocation")
return core.BNWriteViewBuffer(self.handle, addr, buf.handle)
[docs] def insert(self, addr: int, data: bytes) -> int:
"""
``insert`` inserts the bytes in ``data`` to the virtual address ``addr``.
:param int addr: virtual address to write to.
:param bytes data: data to be inserted at addr.
:return: number of bytes inserted to virtual address ``addr``
:rtype: int
:Example:
>>> bv.insert(0,"BBBB")
4
>>> bv.read(0,8)
'BBBBAAAA'
"""
if not (isinstance(data, bytes) or isinstance(data, bytearray) or isinstance(data, str)):
raise TypeError("Must be bytes, bytearray, or str")
else:
buf = databuffer.DataBuffer(data)
return core.BNInsertViewBuffer(self.handle, addr, buf.handle)
[docs] def remove(self, addr: int, length: int) -> int:
"""
``remove`` removes at most ``length`` bytes from virtual address ``addr``.
:param int addr: virtual address to remove from.
:param int length: number of bytes to remove.
:return: number of bytes removed from virtual address ``addr``
:rtype: int
:Example:
>>> bv.read(0,8)
'BBBBAAAA'
>>> bv.remove(0,4)
4
>>> bv.read(0,4)
'AAAA'
"""
return core.BNRemoveViewData(self.handle, addr, length)
[docs] def get_entropy(self, addr: int, length: int, block_size: int = 0) -> List[float]:
"""
``get_entropy`` returns the shannon entropy given the start ``addr``, ``length`` in bytes, and optionally in
``block_size`` chunks.
:param int addr: virtual address
:param int length: total length in bytes
:param int block_size: optional block size
:return: list of entropy values for each chunk
:rtype: list(float)
"""
result = []
if length == 0:
return result
if block_size == 0:
block_size = length
data = (ctypes.c_float * ((length//block_size) + 1))()
length = core.BNGetEntropy(self.handle, addr, length, block_size, data)
for i in range(0, length):
result.append(float(data[i]))
return result
[docs] def get_modification(self, addr: int, length: Optional[int] = None) -> List[ModificationStatus]:
"""
``get_modification`` returns the modified bytes of up to ``length`` bytes from virtual address ``addr``, or if
``length`` is None returns the ModificationStatus.
:param int addr: virtual address to get modification from
:param int length: optional length of modification
:return: List of ModificationStatus values for each byte in range
:rtype: List[ModificationStatus]
"""
if length is None:
return [ModificationStatus(core.BNGetModification(self.handle, addr))]
data = (ctypes.c_int * length)()
length = core.BNGetModificationArray(self.handle, addr, data, length)
return [ModificationStatus(a) for a in data[:length]]
[docs] def get_next_valid_offset(self, addr: int) -> int:
"""
``get_next_valid_offset`` returns the next valid offset after ``addr``.
:param int addr: a virtual address
:return: The minimum of the next valid offset in the BinaryView and the end address of the BinaryView
:rtype: int
"""
return core.BNGetNextValidOffset(self.handle, addr)
[docs] def is_valid_offset(self, addr: int) -> bool:
"""
``is_valid_offset`` checks if a virtual address ``addr`` is valid .
:param int addr: a virtual address to be checked
:return: True if the virtual address is valid, False if the virtual address is invalid or error
:rtype: bool
"""
return core.BNIsValidOffset(self.handle, addr)
[docs] def is_offset_readable(self, addr: int) -> bool:
"""
``is_offset_readable`` checks if a virtual address ``addr`` is valid for reading.
:param int addr: a virtual address to be checked
:return: True if the virtual address is valid for reading, False if the virtual address is invalid or error
:rtype: bool
"""
return core.BNIsOffsetReadable(self.handle, addr)
[docs] def is_offset_writable(self, addr: int) -> bool:
"""
``is_offset_writable`` checks if a virtual address ``addr`` is valid for writing.
:param int addr: a virtual address to be checked
:return: True if the virtual address is valid for writing, False if the virtual address is invalid or error
:rtype: bool
"""
return core.BNIsOffsetWritable(self.handle, addr)
[docs] def is_offset_executable(self, addr: int) -> bool:
"""
``is_offset_executable`` checks if a virtual address ``addr`` is valid for executing.
:param int addr: a virtual address to be checked
:return: True if the virtual address is valid for executing, False if the virtual address is invalid or error
:rtype: bool
"""
return core.BNIsOffsetExecutable(self.handle, addr)
[docs] def is_offset_code_semantics(self, addr: int) -> bool:
"""
``is_offset_code_semantics`` checks if a virtual address ``addr`` is semantically valid for code.
:param int addr: a virtual address to be checked
:return: True if the virtual address is valid for code semantics, False if the virtual address is invalid or error
:rtype: bool
"""
return core.BNIsOffsetCodeSemantics(self.handle, addr)
[docs] def is_offset_extern_semantics(self, addr: int) -> bool:
"""
``is_offset_extern_semantics`` checks if a virtual address ``addr`` is semantically valid for external references.
:param int addr: a virtual address to be checked
:return: true if the virtual address is valid for external references, false if the virtual address is invalid or error
:rtype: bool
"""
return core.BNIsOffsetExternSemantics(self.handle, addr)
[docs] def is_offset_writable_semantics(self, addr: int) -> bool:
"""
``is_offset_writable_semantics`` checks if a virtual address ``addr`` is semantically writable. Some sections
may have writable permissions for linking purposes but can be treated as read-only for the purposes of
analysis.
:param int addr: a virtual address to be checked
:return: True if the virtual address is valid for writing, False if the virtual address is invalid or error
:rtype: bool
"""
return core.BNIsOffsetWritableSemantics(self.handle, addr)
[docs] def save(self, dest: Union['fileaccessor.FileAccessor', str]) -> bool:
"""
``save`` saves the original binary file to the provided destination ``dest`` along with any modifications.
:param str dest: destination path and filename of file to be written
:return: True on success, False on failure
:rtype: bool
"""
if isinstance(dest, fileaccessor.FileAccessor):
return core.BNSaveToFile(self.handle, dest._cb)
return core.BNSaveToFilename(self.handle, str(dest))
[docs] def register_notification(self, notify: BinaryDataNotification) -> None:
"""
`register_notification` provides a mechanism for receiving callbacks for various analysis events. A full
list of callbacks can be seen in :py:class:`BinaryDataNotification`.
:param BinaryDataNotification notify: notify is a subclassed instance of :py:class:`BinaryDataNotification`.
:rtype: None
"""
cb = BinaryDataNotificationCallbacks(self, notify)
cb._register()
self._notifications[notify] = cb
[docs] def unregister_notification(self, notify: BinaryDataNotification) -> None:
"""
`unregister_notification` unregisters the :py:class:`BinaryDataNotification` object passed to
`register_notification`
:param BinaryDataNotification notify: notify is a subclassed instance of :py:class:`BinaryDataNotification`.
:rtype: None
"""
if notify in self._notifications:
self._notifications[notify]._unregister()
del self._notifications[notify]
[docs] def add_function(self, addr: int, plat: Optional['_platform.Platform'] = None, auto_discovered: bool = False, func_type: Optional['_function.Function'] = None) -> Optional['_function.Function']:
"""
``add_function`` add a new function of the given ``plat`` at the virtual address ``addr``
.. warning:: This function is used to create auto functions, often used when writing loaders, etc. Most users will want to use :py:func:`create_user_function` in their scripts.
:param int addr: virtual address of the function to be added
:param Platform plat: Platform for the function to be added
:param auto_discovered: True if function was automatically discovered, False if created by user
:param func_type: optional function type
:rtype: None
:Example:
>>> bv.add_function(1)
>>> bv.functions
[<func: [email protected]>]
"""
if self.platform is None and plat is None:
raise Exception("Default platform not set in BinaryView")
if plat is None:
plat = self.platform
if not isinstance(plat, _platform.Platform):
raise ValueError("Provided platform is not of type `Platform`")
if isinstance(func_type, _types.Type):
func_type = func_type.handle
elif func_type is not None:
raise ValueError("Provided type is not of type `binaryninja.Type`")
result = core.BNAddFunctionForAnalysis(self.handle, plat.handle, addr, auto_discovered, func_type)
if result:
return _function.Function(self, result)
return None
[docs] def add_entry_point(self, addr: int, plat: Optional['_platform.Platform'] = None) -> None:
"""
``add_entry_point`` adds a virtual address to start analysis from for a given plat.
:param int addr: virtual address to start analysis from
:param Platform plat: Platform for the entry point analysis
:rtype: None
:Example:
>>> bv.add_entry_point(0xdeadbeef)
>>>
"""
if self.platform is None and plat is None:
raise Exception("Default platform not set in BinaryView")
if plat is None:
plat = self.platform
if not isinstance(plat, _platform.Platform):
raise ValueError("Provided platform is not of type `Platform`")
core.BNAddEntryPointForAnalysis(self.handle, plat.handle, addr)
[docs] def remove_function(self, func: '_function.Function', update_refs = False) -> None:
"""
``remove_function`` removes the function ``func`` from the list of functions
.. warning:: This method should only be used when the function that is removed is expected to re-appear after any other analysis executes that could re-add it. Most users will want to use :py:func:`remove_user_function` in their scripts.
:param Function func: a Function object.
:param bool update_refs: automatically update other functions that were referenced
:rtype: None
:Example:
>>> bv.functions
[<func: [email protected]>]
>>> bv.remove_function(next(bv.functions))
>>> bv.functions
[]
"""
core.BNRemoveAnalysisFunction(self.handle, func.handle, update_refs)
[docs] def create_user_function(self, addr: int, plat: Optional['_platform.Platform'] = None) -> '_function.Function':
"""
``create_user_function`` add a new *user* function of the given ``plat`` at the virtual address ``addr``
:param int addr: virtual address of the *user* function to be added
:param Platform plat: Platform for the function to be added
:rtype: None
:Example:
>>> bv.create_user_function(1)
>>> bv.functions
[<func: [email protected]>]
"""
if plat is None:
if self.platform is None:
raise Exception("Attempting to call create_user_function with no specified platform")
plat = self.platform
return _function.Function(self, core.BNCreateUserFunction(self.handle, plat.handle, addr))
[docs] def remove_user_function(self, func: '_function.Function') -> None:
"""
``remove_user_function`` removes the function ``func`` from the list of functions as a user action.
.. note:: This API will prevent the function from being re-created if any analysis later triggers that would re-add it, unlike :py:func:`remove_function`.
:param Function func: a Function object.
:rtype: None
:Example:
>>> bv.functions
[<func: [email protected]>]
>>> bv.remove_user_function(next(bv.functions))
>>> bv.functions
[]
"""
core.BNRemoveUserFunction(self.handle, func.handle)
[docs] def add_analysis_option(self, name: str) -> None:
"""
``add_analysis_option`` adds an analysis option. Analysis options elaborate the analysis phase. The user must
start analysis by calling either :py:func:`update_analysis` or :py:func:`update_analysis_and_wait`.
:param str name: name of the analysis option. Available options are: "linearsweep", and "signaturematcher".
:rtype: None
:Example:
>>> bv.add_analysis_option("linearsweep")
>>> bv.update_analysis_and_wait()
"""
core.BNAddAnalysisOption(self.handle, name)
[docs] def has_initial_analysis(self) -> bool:
"""
``has_initial_analysis`` check for the presence of an initial analysis in this BinaryView.
:return: True if the BinaryView has a valid initial analysis, False otherwise
:rtype: bool
"""
return core.BNHasInitialAnalysis(self.handle)
[docs] def set_analysis_hold(self, enable: bool) -> None:
"""
``set_analysis_hold`` control the analysis hold for this BinaryView. Enabling analysis hold defers all future
analysis updates, therefore causing :py:func:`update_analysis` or :py:func:`update_analysis_and_wait` to take no action.
:rtype: None
"""
core.BNSetAnalysisHold(self.handle, enable)
[docs] def update_analysis(self) -> None:
"""
``update_analysis`` asynchronously starts the analysis running and returns immediately. Analysis of BinaryViews
does not occur automatically, the user must start analysis by calling either :py:func:`update_analysis` or
:py:func:`update_analysis_and_wait`. An analysis update **must** be run after changes are made which could change
analysis results such as adding functions.
:rtype: None
"""
core.BNUpdateAnalysis(self.handle)
[docs] def update_analysis_and_wait(self) -> None:
"""
``update_analysis_and_wait`` blocking call to update the analysis, this call returns when the analysis is
complete. Analysis of BinaryViews does not occur automatically, the user must start analysis by calling either
:py:func:`update_analysis` or :py:func:`update_analysis_and_wait`. An analysis update **must** be run after changes are
made which could change analysis results such as adding functions.
:rtype: None
"""
core.BNUpdateAnalysisAndWait(self.handle)
[docs] def abort_analysis(self) -> None:
"""
``abort_analysis`` will abort the currently running analysis.
.. warning:: This method should be considered non-recoverable and generally only used when shutdown is imminent after stopping.
:rtype: None
"""
core.BNAbortAnalysis(self.handle)
[docs] def define_data_var(
self, addr: int, var_type: StringOrType, name: Optional[Union[str, '_types.CoreSymbol']] = None
) -> None:
"""
``define_data_var`` defines a non-user data variable ``var_type`` at the virtual address ``addr``.
:param int addr: virtual address to define the given data variable
:param StringOrType var_type: type to be defined at the given virtual address
:param Optional[Union[str, '_types.CoreSymbol']] name: Optionally additionally define a symbol at this location
:rtype: None
:Example:
>>> t = bv.parse_type_string("int foo")
>>> t
(<type: int32_t>, 'foo')
>>> bv.define_data_var(bv.entry_point, t[0])
>>> bv.define_data_var(bv.entry_point + 4, "int", "foo")
>>> bv.get_symbol_at(bv.entry_point + 4)
<DataSymbol: "foo" @ 0x23950>
>>> bv.get_data_var_at(bv.entry_point + 4)
<var 0x23950: int32_t>
"""
if isinstance(var_type, str):
(var_type, _) = self.parse_type_string(var_type)
tc = var_type._to_core_struct()
core.BNDefineDataVariable(self.handle, addr, tc)
if name is not None:
if isinstance(name, str):
name = _types.Symbol(SymbolType.DataSymbol, addr, name)
self.define_auto_symbol(name)
[docs] def define_user_data_var(
self, addr: int, var_type: StringOrType, name: Optional[Union[str, '_types.CoreSymbol']] = None
) -> Optional['DataVariable']:
"""
``define_user_data_var`` defines a user data variable ``var_type`` at the virtual address ``addr``.
:param int addr: virtual address to define the given data variable
:param binaryninja.Type var_type: type to be defined at the given virtual address
:param Optional[Union[str, _types.CoreSymbol]] name: Optionally, additionally define a symbol at this same address
:rtype: Optional[DataVariable]
:Example:
>>> t = bv.parse_type_string("int foo")
>>> t
(<type: int32_t>, 'foo')
>>> bv.define_user_data_var(bv.entry_point, t[0])
<var 0x2394c: int32_t>
>>> bv.define_user_data_var(bv.entry_point + 4, "int", "foo")
<var 0x23950: int32_t>
>>> bv.get_symbol_at(bv.entry_point + 4)
<DataSymbol: "foo" @ 0x23950>
>>> bv.get_data_var_at(bv.entry_point + 4)
<var 0x23950: int32_t>
"""
if isinstance(var_type, str):
(var_type, _) = self.parse_type_string(var_type)
tc = var_type._to_core_struct()
core.BNDefineUserDataVariable(self.handle, addr, tc)
if name is not None:
if isinstance(name, str):
name = _types.Symbol(SymbolType.DataSymbol, addr, name)
self.define_user_symbol(name)
return self.get_data_var_at(addr)
[docs] def undefine_data_var(self, addr: int) -> None:
"""
``undefine_data_var`` removes the non-user data variable at the virtual address ``addr``.
:param int addr: virtual address to define the data variable to be removed
:rtype: None
:Example:
>>> bv.undefine_data_var(bv.entry_point)
>>>
"""
core.BNUndefineDataVariable(self.handle, addr)
[docs] def undefine_user_data_var(self, addr: int) -> None:
"""
``undefine_user_data_var`` removes the user data variable at the virtual address ``addr``.
:param int addr: virtual address to define the data variable to be removed
:rtype: None
:Example:
>>> bv.undefine_user_data_var(bv.entry_point)
>>>
"""
core.BNUndefineUserDataVariable(self.handle, addr)
[docs] def get_data_var_at(self, addr: int) -> Optional['DataVariable']:
"""
``get_data_var_at`` returns the data type at a given virtual address.
:param int addr: virtual address to get the data type from
:return: returns the DataVariable at the given virtual address, None on error
:rtype: DataVariable
:Example:
>>> t = bv.parse_type_string("int foo")
>>> bv.define_data_var(bv.entry_point, t[0])
>>> bv.get_data_var_at(bv.entry_point)
<var 0x100001174: int32_t>
"""
var = core.BNDataVariable()
if not core.BNGetDataVariableAtAddress(self.handle, addr, var):
return None
result = DataVariable.from_core_struct(var, self)
core.BNFreeDataVariable(var)
return result
[docs] def get_functions_containing(self, addr: int,
plat: Optional['_platform.Platform'] = None) -> List['_function.Function']:
"""
``get_functions_containing`` returns a list of :py:class:`~binaryninja.function.Function` objects which contain the given address.
:param int addr: virtual address to query.
:rtype: list of :py:class:`~binaryninja.function.Function` objects
"""
count = ctypes.c_ulonglong(0)
funcs = core.BNGetAnalysisFunctionsContainingAddress(self.handle, addr, count)
assert funcs is not None, "core.BNGetAnalysisFunctionsContainingAddress returned None"
result = []
try:
for i in range(0, count.value):
result.append(_function.Function(self, core.BNNewFunctionReference(funcs[i])))
if plat is not None:
result = [func for func in result if func.platform == plat]
return result
finally:
core.BNFreeFunctionList(funcs, count.value)
[docs] def get_functions_by_name(
self, name: str, plat: Optional['_platform.Platform'] = None, ordered_filter: Optional[List[SymbolType]] = None
) -> List['_function.Function']:
"""``get_functions_by_name`` returns a list of :py:class:`~binaryninja.function.Function` objects
function with a :py:class:`~binaryninja.types.Symbol` of ``name``.
:param str name: name of the functions
:param Platform plat: (optional) platform
:param list(SymbolType) ordered_filter: (optional) an ordered filter based on SymbolType
:return: returns a list of :py:class:`~binaryninja.function.Function` objects or an empty list
:rtype: list(Function)
:Example:
>>> bv.get_functions_by_name("main")
[<func: [email protected]>]
>>>
"""
if ordered_filter is None:
ordered_filter = [
SymbolType.FunctionSymbol, SymbolType.ImportedFunctionSymbol, SymbolType.LibraryFunctionSymbol
]
if plat == None:
plat = self.platform
fns = []
addresses = [sym.address for sym in self.get_symbols_by_name(name, ordered_filter=ordered_filter)]
if len(addresses) == 0 and name.startswith("sub_"):
try:
addresses = [int(name[4:], 16)]
except:
addresses = []
for address in addresses:
for fn in self.get_functions_at(address):
if fn.start == address and fn.platform == plat:
fns.append(fn)
return fns
[docs] def get_function_at(self, addr: int, plat: Optional['_platform.Platform'] = None) -> Optional['_function.Function']:
"""
``get_function_at`` gets a Function object for the function that starts at virtual address ``addr``:
:param int addr: starting virtual address of the desired function
:param Platform plat: platform of the desired function
:return: returns a Function object or None for the function at the virtual address provided
:rtype: Function
:Example:
>>> bv.get_function_at(bv.entry_point)
<func: [email protected]>
>>>
"""
if plat is None:
funcs = self.get_functions_at(addr)
if not funcs:
return None
result = [func for func in funcs if (func.platform == self.platform)]
if not result:
result = funcs
return result[0]
else:
func = core.BNGetAnalysisFunction(self.handle, plat.handle, addr)
if func is None:
return None
return _function.Function(self, func)
[docs] def get_functions_at(self, addr: int) -> List['_function.Function']:
"""
``get_functions_at`` get a list of :py:class:`~binaryninja.function.Function` objects (one for each valid platform) that start at the
given virtual address. Binary Ninja does not limit the number of platforms in a given file thus there may be
multiple functions defined from different architectures at the same location. This API allows you to query all
of valid platforms.
You may also be interested in :py:func:`get_functions_containing` which is useful for requesting all function
that contain a given address
:param int addr: virtual address of the desired Function object list.
:return: a list of :py:class:`~binaryninja.function.Function` objects defined at the provided virtual address
:rtype: list(Function)
"""
count = ctypes.c_ulonglong(0)
funcs = core.BNGetAnalysisFunctionsForAddress(self.handle, addr, count)
assert funcs is not None, "core.BNGetAnalysisFunctionsForAddress returned None"
result = []
try:
for i in range(0, count.value):
result.append(_function.Function(self, core.BNNewFunctionReference(funcs[i])))
return result
finally:
core.BNFreeFunctionList(funcs, count.value)
[docs] def get_recent_function_at(self, addr: int) -> Optional['_function.Function']:
func = core.BNGetRecentAnalysisFunctionForAddress(self.handle, addr)
if func is None:
return None
return _function.Function(self, func)
[docs] def get_basic_blocks_at(self, addr: int) -> List['basicblock.BasicBlock']:
"""
``get_basic_blocks_at`` get a list of :py:class:`~binaryninja.basicblock.BasicBlock` objects which exist at the provided virtual address.
:param int addr: virtual address of BasicBlock desired
:return: a list of :py:class:`~binaryninja.basicblock.BasicBlock` objects
:rtype: list(BasicBlock)
"""
count = ctypes.c_ulonglong(0)
blocks = core.BNGetBasicBlocksForAddress(self.handle, addr, count)
assert blocks is not None, "core.BNGetBasicBlocksForAddress returned None"
result = []
try:
for i in range(0, count.value):
block_handle = core.BNNewBasicBlockReference(blocks[i])
assert block_handle is not None, "core.BNNewBasicBlockReference is None"
result.append(basicblock.BasicBlock(block_handle, self))
return result
finally:
core.BNFreeBasicBlockList(blocks, count.value)
[docs] def get_basic_blocks_starting_at(self, addr: int) -> List['basicblock.BasicBlock']:
"""
``get_basic_blocks_starting_at`` get a list of :py:class:`~binaryninja.basicblock.BasicBlock` objects which start at the provided virtual address.
:param int addr: virtual address of BasicBlock desired
:return: a list of :py:class:`~binaryninja.basicblock.BasicBlock` objects
:rtype: list(BasicBlock)
"""
count = ctypes.c_ulonglong(0)
blocks = core.BNGetBasicBlocksStartingAtAddress(self.handle, addr, count)
assert blocks is not None, "core.BNGetBasicBlocksStartingAtAddress returned None"
result = []
try:
for i in range(0, count.value):
block_handle = core.BNNewBasicBlockReference(blocks[i])
assert block_handle is not None, "core.BNNewBasicBlockReference returned None"
result.append(basicblock.BasicBlock(block_handle, self))
return result
finally:
core.BNFreeBasicBlockList(blocks, count.value)
[docs] def get_recent_basic_block_at(self, addr: int) -> Optional['basicblock.BasicBlock']:
block = core.BNGetRecentBasicBlockForAddress(self.handle, addr)
if block is None:
return None
return basicblock.BasicBlock(block, self)
[docs] def get_code_refs(self, addr: int, length: Optional[int] = None) -> Generator['ReferenceSource', None, None]:
"""
``get_code_refs`` returns a generator of :py:class:`~binaryninja.binaryview.ReferenceSource` objects (xrefs or cross-references) that point to the provided virtual address.
This function returns both autoanalysis ("auto") and user-specified ("user") xrefs.
To add a user-specified reference, see :py:func:`~binaryninja.function.Function.add_user_code_ref`.
The related :py:func:`get_data_refs` is used to find data references to an address unlike this API which returns references that exist in code.
.. note:: Note that `get_code_refs` returns xrefs to code that references the address being queried. \
`get_data_refs` on the other hand returns references that exist in data (pointers in global variables for example). \
The related :py:func:`get_refs_from` looks for references that are outgoing from the queried address to other locations.
:param int addr: virtual address to query for references
:param int length: optional length of query
:return: A generator of References for the given virtual address
:rtype: Generator[ReferenceSource, None, None]
:Example:
>>> bv.get_code_refs(here)
[<ref: [email protected]>]
>>>
"""
count = ctypes.c_ulonglong(0)
if length is None:
refs = core.BNGetCodeReferences(self.handle, addr, count)
assert refs is not None, "core.BNGetCodeReferences returned None"
else:
refs = core.BNGetCodeReferencesInRange(self.handle, addr, length, count)
assert refs is not None, "core.BNGetCodeReferencesInRange returned None"
try:
for i in range(0, count.value):
yield ReferenceSource._from_core_struct(self, refs[i])
finally:
core.BNFreeCodeReferences(refs, count.value)
[docs] def get_code_refs_from(
self, addr: int, func: Optional['_function.Function'] = None,
arch: Optional['architecture.Architecture'] = None, length: Optional[int] = None
) -> List[int]:
"""
``get_code_refs_from`` returns a list of virtual addresses referenced by code in the function ``func``,
of the architecture ``arch``, and at the address ``addr``. If no function is specified, references from
all functions and containing the address will be returned. If no architecture is specified, the
architecture of the function will be used.
This function returns both autoanalysis ("auto") and user-specified ("user") xrefs.
To add a user-specified reference, see :py:func:`~binaryninja.function.Function.add_user_code_ref`.
:param int addr: virtual address to query for references
:param int length: optional length of query
:param Architecture arch: optional architecture of query
:return: list of integers
:rtype: list(integer)
"""
result = []
funcs = self.get_functions_containing(addr) if func is None else [func]
if not funcs:
return []
for src_func in funcs:
src_arch = src_func.arch if arch is None else arch
assert src_arch is not None
ref_src = core.BNReferenceSource(src_func.handle, src_arch.handle, addr)
count = ctypes.c_ulonglong(0)
if length is None:
refs = core.BNGetCodeReferencesFrom(self.handle, ref_src, count)
assert refs is not None, "core.BNGetCodeReferencesFrom returned None"
else:
refs = core.BNGetCodeReferencesFromInRange(self.handle, ref_src, length, count)
assert refs is not None, "core.BNGetCodeReferencesFromInRange returned None"
for i in range(0, count.value):
result.append(refs[i])
core.BNFreeAddressList(refs)
return result
[docs] def get_data_refs(self, addr: int, length: Optional[int] = None) -> Generator[int, None, None]:
"""
``get_data_refs`` returns a list of virtual addresses of _data_ (not code) which references ``addr``, optionally specifying
a length. When ``length`` is set ``get_data_refs`` returns the data which references in the range ``addr``-``addr``+``length``.
This function returns both autoanalysis ("auto") and user-specified ("user") xrefs. To add a user-specified
reference, see :py:func:`add_user_data_ref`.
.. warning:: If you're looking at this API, please double check that you don't mean to use :py:func:`get_code_refs` instead. \
`get_code_refs` returns references from code to the specified address while this API returns references from data \
(pointers in global variables for example). \
:param int addr: virtual address to query for references
:param int length: optional length of query
:return: list of integers
:rtype: list(integer)
:Example:
>>> bv.get_data_refs(here)
[4203812]
>>>
"""
count = ctypes.c_ulonglong(0)
if length is None:
refs = core.BNGetDataReferences(self.handle, addr, count)
assert refs is not None, "core.BNGetDataReferences returned None"
else:
refs = core.BNGetDataReferencesInRange(self.handle, addr, length, count)
assert refs is not None, "core.BNGetDataReferencesInRange returned None"
try:
for i in range(0, count.value):
yield refs[i]
finally:
core.BNFreeDataReferences(refs)
[docs] def get_data_refs_from(self, addr: int, length: Optional[int] = None) -> Generator[int, None, None]:
"""
``get_data_refs_from`` returns a list of virtual addresses referenced by the address ``addr``. Optionally specifying
a length. When ``length`` is set ``get_data_refs_from`` returns the data referenced in the range ``addr``-``addr``+``length``.
This function returns both autoanalysis ("auto") and user-specified ("user") xrefs. To add a user-specified
reference, see :py:func:`add_user_data_ref`.
:param int addr: virtual address to query for references
:param int length: optional length of query
:return: list of integers
:rtype: list(integer)
:Example:
>>> bv.get_data_refs_from(here)
[4200327]
>>>
"""
count = ctypes.c_ulonglong(0)
if length is None:
refs = core.BNGetDataReferencesFrom(self.handle, addr, count)
assert refs is not None, "core.BNGetDataReferencesFrom returned None"
else:
refs = core.BNGetDataReferencesFromInRange(self.handle, addr, length, count)
assert refs is not None, "core.BNGetDataReferencesFromInRange returned None"
try:
for i in range(0, count.value):
yield refs[i]
finally:
core.BNFreeDataReferences(refs)
[docs] def get_code_refs_for_type(self, name: str) -> Generator[ReferenceSource, None, None]:
"""
``get_code_refs_for_type`` returns a Generator[ReferenceSource] objects (xrefs or cross-references) that reference the provided QualifiedName.
:param QualifiedName name: name of type to query for references
:return: List of References for the given type
:rtype: list(ReferenceSource)
:Example:
>>> bv.get_code_refs_for_type('A')
[<ref: [email protected]>]
>>>
"""
count = ctypes.c_ulonglong(0)
_name = _types.QualifiedName(name)._to_core_struct()
refs = core.BNGetCodeReferencesForType(self.handle, _name, count)
assert refs is not None, "core.BNGetCodeReferencesForType returned None"
try:
for i in range(0, count.value):
yield ReferenceSource._from_core_struct(self, refs[i])
finally:
core.BNFreeCodeReferences(refs, count.value)
[docs] def get_code_refs_for_type_field(self, name: str,
offset: int) -> Generator['_types.TypeFieldReference', None, None]:
"""
``get_code_refs_for_type`` returns a Generator[TypeFieldReference] objects (xrefs or cross-references) that reference the provided type field.
:param QualifiedName name: name of type to query for references
:param int offset: offset of the field, relative to the type
:return: Generator of References for the given type
:rtype: Generator[TypeFieldReference]
:Example:
>>> bv.get_code_refs_for_type_field('A', 0x8)
[<ref: [email protected]>]
>>>
"""
count = ctypes.c_ulonglong(0)
_name = _types.QualifiedName(name)._to_core_struct()
refs = core.BNGetCodeReferencesForTypeField(self.handle, _name, offset, count)
assert refs is not None, "core.BNGetCodeReferencesForTypeField returned None"
try:
for i in range(0, count.value):
if refs[i].func:
func = _function.Function(self, core.BNNewFunctionReference(refs[i].func))
else:
func = None
if refs[i].arch:
arch = architecture.CoreArchitecture._from_cache(refs[i].arch)
else:
arch = None
addr = refs[i].addr
size = refs[i].size
typeObj = None
if refs[i].incomingType.type:
typeObj = _types.Type(
core.BNNewTypeReference(refs[i].incomingType.type), confidence=refs[i].incomingType.confidence
)
yield _types.TypeFieldReference(func, arch, addr, size, typeObj)
finally:
core.BNFreeTypeFieldReferences(refs, count.value)
[docs] def get_data_refs_for_type(self, name: str) -> Generator[int, None, None]:
"""
``get_data_refs_for_type`` returns a list of virtual addresses of data which references the type ``name``.
Note, the returned addresses are the actual start of the queried type. For example, suppose there is a DataVariable
at 0x1000 that has type A, and type A contains type B at offset 0x10. Then `get_data_refs_for_type('B')` will
return 0x1010 for it.
:param QualifiedName name: name of type to query for references
:return: list of integers
:rtype: list(integer)
:Example:
>>> bv.get_data_refs_for_type('A')
[4203812]
>>>
"""
count = ctypes.c_ulonglong(0)
_name = _types.QualifiedName(name)._to_core_struct()
refs = core.BNGetDataReferencesForType(self.handle, _name, count)
assert refs is not None, "core.BNGetDataReferencesForType returned None"
try:
for i in range(0, count.value):
yield refs[i]
finally:
core.BNFreeDataReferences(refs)
[docs] def get_data_refs_for_type_field(self, name: '_types.QualifiedNameType', offset: int) -> List[int]:
"""
``get_data_refs_for_type_field`` returns a list of virtual addresses of data which references the type ``name``.
Note, the returned addresses are the actual start of the queried type field. For example, suppose there is a
DataVariable at 0x1000 that has type A, and type A contains type B at offset 0x10.
Then `get_data_refs_for_type_field('B', 0x8)` will return 0x1018 for it.
:param QualifiedName name: name of type to query for references
:param int offset: offset of the field, relative to the type
:return: list of integers
:rtype: list(integer)
:Example:
>>> bv.get_data_refs_for_type_field('A', 0x8)
[4203812]
>>>
"""
count = ctypes.c_ulonglong(0)
_name = _types.QualifiedName(name)._to_core_struct()
refs = core.BNGetDataReferencesForTypeField(self.handle, _name, offset, count)
assert refs is not None, "core.BNGetDataReferencesForTypeField returned None"
result = []
try:
for i in range(0, count.value):
result.append(refs[i])
return result
finally:
core.BNFreeDataReferences(refs)
[docs] def get_data_refs_from_for_type_field(self, name: '_types.QualifiedNameType', offset: int) -> List[int]:
"""
``get_data_refs_from_for_type_field`` returns a list of virtual addresses of data which are referenced by the type ``name``.
Only data referenced by structures with the ``__data_var_refs`` attribute are included.
:param QualifiedName name: name of type to query for references
:param int offset: offset of the field, relative to the type
:return: list of integers
:rtype: list(integer)
:Example:
>>> bv.get_data_refs_from_for_type_field('A', 0x8)
[4203812]
>>>
"""
count = ctypes.c_ulonglong(0)
_name = _types.QualifiedName(name)._to_core_struct()
refs = core.BNGetDataReferencesFromForTypeField(self.handle, _name, offset, count)
assert refs is not None, "core.BNGetDataReferencesFromForTypeField returned None"
result = []
try:
for i in range(0, count.value):
result.append(refs[i])
return result
finally:
core.BNFreeDataReferences(refs)
[docs] def get_type_refs_for_type(self, name: '_types.QualifiedNameType') -> List['_types.TypeReferenceSource']:
"""
``get_type_refs_for_type`` returns a list of TypeReferenceSource objects (xrefs or cross-references) that reference the provided QualifiedName.
:param QualifiedName name: name of type to query for references
:return: List of references for the given type
:rtype: list(TypeReferenceSource)
:Example:
>>> bv.get_type_refs_for_type('A')
['<type D, offset 0x8, direct>', '<type C, offset 0x10, indirect>']
>>>
"""
count = ctypes.c_ulonglong(0)
_name = _types.QualifiedName(name)._to_core_struct()
refs = core.BNGetTypeReferencesForType(self.handle, _name, count)
assert refs is not None, "core.BNGetTypeReferencesForType returned None"
result = []
try:
for i in range(0, count.value):
type_field = _types.TypeReferenceSource(
_types.QualifiedName._from_core_struct(refs[i].name), refs[i].offset, refs[i].type
)
result.append(type_field)
return result
finally:
core.BNFreeTypeReferences(refs, count.value)
[docs] def get_type_refs_for_type_field(self, name: '_types.QualifiedNameType',
offset: int) -> List['_types.TypeReferenceSource']:
"""
``get_type_refs_for_type`` returns a list of TypeReferenceSource objects (xrefs or cross-references) that reference the provided type field.
:param QualifiedName name: name of type to query for references
:param int offset: offset of the field, relative to the type
:return: List of references for the given type
:rtype: list(TypeReferenceSource)
:Example:
>>> bv.get_type_refs_for_type_field('A', 0x8)
['<type D, offset 0x8, direct>', '<type C, offset 0x10, indirect>']
>>>
"""
count = ctypes.c_ulonglong(0)
_name = _types.QualifiedName(name)._to_core_struct()
refs = core.BNGetTypeReferencesForTypeField(self.handle, _name, offset, count)
assert refs is not None, "core.BNGetTypeReferencesForTypeField returned None"
result = []
try:
for i in range(0, count.value):
type_field = _types.TypeReferenceSource(
_types.QualifiedName._from_core_struct(refs[i].name), refs[i].offset, refs[i].type
)
result.append(type_field)
return result
finally:
core.BNFreeTypeReferences(refs, count.value)
[docs] def get_code_refs_for_type_from(
self, addr: int, func: Optional['_function.Function'] = None,
arch: Optional['architecture.Architecture'] = None, length: Optional[int] = None
) -> List['_types.TypeReferenceSource']:
"""
``get_code_refs_for_type_from`` returns a list of types referenced by code in the function ``func``,
of the architecture ``arch``, and at the address ``addr``. If no function is specified, references from
all functions and containing the address will be returned. If no architecture is specified, the
architecture of the function will be used.
:param int addr: virtual address to query for references
:param int length: optional length of query
:return: list of references
:rtype: list(TypeReferenceSource)
"""
result = []
funcs = self.get_functions_containing(addr) if func is None else [func]
if not funcs:
return []
for src_func in funcs:
src_arch = src_func.arch if arch is None else arch
assert src_arch is not None
ref_src = core.BNReferenceSource(src_func.handle, src_arch.handle, addr)
count = ctypes.c_ulonglong(0)
if length is None:
refs = core.BNGetCodeReferencesForTypeFrom(self.handle, ref_src, count)
assert refs is not None, "core.BNGetCodeReferencesForTypeFrom returned None"
else:
refs = core.BNGetCodeReferencesForTypeFromInRange(self.handle, ref_src, length, count)
assert refs is not None, "core.BNGetCodeReferencesForTypeFromInRange returned None"
try:
for i in range(0, count.value):
type_field = _types.TypeReferenceSource(
_types.QualifiedName._from_core_struct(refs[i].name), refs[i].offset, refs[i].type
)
result.append(type_field)
finally:
core.BNFreeTypeReferences(refs, count.value)
return result
[docs] def get_code_refs_for_type_fields_from(
self, addr: int, func: Optional['_function.Function'] = None,
arch: Optional['architecture.Architecture'] = None, length: Optional[int] = None
) -> List['_types.TypeReferenceSource']:
"""
``get_code_refs_for_type_fields_from`` returns a list of type fields referenced by code in the function ``func``,
of the architecture ``arch``, and at the address ``addr``. If no function is specified, references from
all functions and containing the address will be returned. If no architecture is specified, the
architecture of the function will be used.
:param int addr: virtual address to query for references
:param int length: optional length of query
:return: list of references
:rtype: list(TypeReferenceSource)
"""
result = []
funcs = self.get_functions_containing(addr) if func is None else [func]
if not funcs:
return []
for src_func in funcs:
src_arch = src_func.arch if arch is None else arch
assert src_arch is not None
ref_src = core.BNReferenceSource(src_func.handle, src_arch.handle, addr)
count = ctypes.c_ulonglong(0)
if length is None:
refs = core.BNGetCodeReferencesForTypeFieldsFrom(self.handle, ref_src, count)
assert refs is not None, "core.BNGetCodeReferencesForTypeFieldsFrom returned None"
else:
refs = core.BNGetCodeReferencesForTypeFieldsFromInRange(self.handle, ref_src, length, count)
assert refs is not None, "core.BNGetCodeReferencesForTypeFieldsFromInRange returned None"
try:
for i in range(0, count.value):
type_field = _types.TypeReferenceSource(
_types.QualifiedName._from_core_struct(refs[i].name), refs[i].offset, refs[i].type
)
result.append(type_field)
finally:
core.BNFreeTypeReferences(refs, count.value)
return result
[docs] def add_user_data_ref(self, from_addr: int, to_addr: int) -> None:
"""
``add_user_data_ref`` adds a user-specified data cross-reference (xref) from the address ``from_addr`` to the address ``to_addr``.
If the reference already exists, no action is performed. To remove the reference, use :py:func:`remove_user_data_ref`.
:param int from_addr: the reference's source virtual address.
:param int to_addr: the reference's destination virtual address.
:rtype: None
"""
core.BNAddUserDataReference(self.handle, from_addr, to_addr)
[docs] def remove_user_data_ref(self, from_addr: int, to_addr: int) -> None:
"""
``remove_user_data_ref`` removes a user-specified data cross-reference (xref) from the address ``from_addr`` to the address ``to_addr``.
This function will only remove user-specified references, not ones generated during autoanalysis.
If the reference does not exist, no action is performed.
:param int from_addr: the reference's source virtual address.
:param int to_addr: the reference's destination virtual address.
:rtype: None
"""
core.BNRemoveUserDataReference(self.handle, from_addr, to_addr)
[docs] def get_all_fields_referenced(self, name: '_types.QualifiedNameType') -> List[int]:
"""
``get_all_fields_referenced`` returns a list of offsets in the QualifiedName
specified by name, which are referenced by code.
:param QualifiedName name: name of type to query for references
:return: List of offsets
:rtype: list(integer)
:Example:
>>> bv.get_all_fields_referenced('A')
[0, 8, 16, 24, 32, 40]
>>>
"""
count = ctypes.c_ulonglong(0)
_name = _types.QualifiedName(name)._to_core_struct()
refs = core.BNGetAllFieldsReferenced(self.handle, _name, count)
assert refs is not None, "core.BNGetAllFieldsReferenced returned None"
result = []
try:
for i in range(0, count.value):
result.append(refs[i])
return result
finally:
core.BNFreeDataReferences(refs)
[docs] def get_all_sizes_referenced(self, name: '_types.QualifiedNameType') -> Mapping[int, List[int]]:
"""
``get_all_sizes_referenced`` returns a map from field offset to a list of sizes of
the accesses to it.
:param QualifiedName name: name of type to query for references
:return: A map from field offset to the size of the code accesses to it
:rtype: map
:Example:
>>> bv.get_all_sizes_referenced('B')
{0: [1, 8], 8: [8], 16: [1, 8]}
>>>
"""
count = ctypes.c_ulonglong(0)
_name = _types.QualifiedName(name)._to_core_struct()
refs = core.BNGetAllSizesReferenced(self.handle, _name, count)
assert refs is not None, "core.BNGetAllSizesReferenced returned None"
result: Mapping[int, List[int]] = {}
try:
for i in range(0, count.value):
result[refs[i].offset] = []
for j in range(0, refs[i].count):
result[refs[i].offset].append(refs[i].sizes[j])
return result
finally:
core.BNFreeTypeFieldReferenceSizeInfo(refs, count.value)
[docs] def get_all_types_referenced(self, name: '_types.QualifiedNameType') -> Mapping[int, List['_types.Type']]:
"""
``get_all_types_referenced`` returns a map from field offset to a list of incoming types written to the specified type.
:param QualifiedName name: name of type to query for references
:return: A map from field offset to a list of incoming types written to it
:rtype: map
:Example:
>>> bv.get_all_types_referenced('B')
{0: [<type: char, 0% confidence>], 8: [<type: int64_t, 0% confidence>],
16: [<type: char, 0% confidence>, <type: bool>]}
>>>
"""
count = ctypes.c_ulonglong(0)
_name = _types.QualifiedName(name)._to_core_struct()
refs = core.BNGetAllTypesReferenced(self.handle, _name, count)
assert refs is not None, "core.BNGetAllTypesReferenced returned None"
result: Mapping[int, List['_types.Type']] = {}
try:
for i in range(0, count.value):
result[refs[i].offset] = []
for j in range(0, refs[i].count):
typeObj = _types.Type.create(
core.BNNewTypeReference(refs[i].types[j].type), self.platform, refs[i].types[j].confidence
)
result[refs[i].offset].append(typeObj)
return result
finally:
core.BNFreeTypeFieldReferenceTypeInfo(refs, count.value)
[docs] def get_sizes_referenced(self, name: '_types.QualifiedNameType', offset: int) -> List[int]:
"""
``get_sizes_referenced`` returns a list of access sizes to the specified type.
:param QualifiedName name: name of type to query for references
:param int offset: offset of the field
:return: a list of sizes of the accesses to it.
:rtype: list
:Example:
>>> bv.get_sizes_referenced('B', 16)
[1, 8]
>>>
"""
count = ctypes.c_ulonglong(0)
_name = _types.QualifiedName(name)._to_core_struct()
refs = core.BNGetSizesReferenced(self.handle, _name, offset, count)
assert refs is not None, "core.BNGetSizesReferenced returned None"
result = []
try:
for i in range(0, count.value):
result.append(refs[i])
return result
finally:
core.BNFreeTypeFieldReferenceSizes(refs, count.value)
[docs] def get_types_referenced(self, name: '_types.QualifiedName', offset: int) -> List['_types.Type']:
"""
``get_types_referenced`` returns a list of types related to the type field access.
:param QualifiedName name: name of type to query for references
:param int offset: offset of the field
:return: a list of types related to the type field access.
:rtype: list
:Example:
>>> bv.get_types_referenced('B', 0x10)
[<type: bool>, <type: char, 0% confidence>]
>>>
"""
count = ctypes.c_ulonglong(0)
_name = _types.QualifiedName(name)._to_core_struct()
refs = core.BNGetTypesReferenced(self.handle, _name, offset, count)
assert refs is not None, "core.BNGetTypesReferenced returned None"
try:
result = []
for i in range(0, count.value):
typeObj = _types.Type.create(core.BNNewTypeReference(refs[i].type), confidence=refs[i].confidence)
result.append(typeObj)
return result
finally:
core.BNFreeTypeFieldReferenceTypes(refs, count.value)
[docs] def create_structure_from_offset_access(self, name: '_types.QualifiedName') -> '_types.StructureType':
newMemberAdded = ctypes.c_bool(False)
_name = _types.QualifiedName(name)._to_core_struct()
struct = core.BNCreateStructureFromOffsetAccess(self.handle, _name, newMemberAdded)
if struct is None:
raise Exception("BNCreateStructureFromOffsetAccess failed to create struct from offsets")
return _types.StructureType.from_core_struct(struct)
[docs] def create_structure_member_from_access(self, name: '_types.QualifiedName', offset: int) -> '_types.Type':
_name = _types.QualifiedName(name)._to_core_struct()
result = core.BNCreateStructureMemberFromAccess(self.handle, _name, offset)
if not result.type:
raise Exception("BNCreateStructureMemberFromAccess failed to create struct member offsets")
return _types.Type.create(result.type, confidence=result.confidence)
[docs] def add_expression_parser_magic_value(self, name: str, value: int) -> None:
"""
Add a magic value to the expression parser.
If the magic value already exists, its value gets updated.
The magic value can be used in the expression by a `$` followed by its name, e.g., `$foobar`.
It is optional to include the `$` when calling this function, i.e., calling with `foobar` and `$foobar`
has the same effect.
:param str name: name for the magic value to add or update
:param int value: value for the magic value
:return:
"""
core.BNAddExpressionParserMagicValue(self.handle, name, value)
[docs] def remove_expression_parser_magic_value(self, name: str) -> None:
"""
Remove a magic value from the expression parser.
If the magic value gets referenced after removal, an error will occur during the parsing.
:param str name: name for the magic value to remove
:return:
"""
core.BNRemoveExpressionParserMagicValue(self.handle, name)
[docs] def add_expression_parser_magic_values(self, names: List[str], values: List[int]) -> None:
"""
Add a list of magic value to the expression parser.
The list `names` and `values` must have the same size. The ith name in the `names` will correspond to
the ith value in the `values`.
If a magic value already exists, its value gets updated.
The magic value can be used in the expression by a `$` followed by its name, e.g., `$foobar`.
It is optional to include the `$` when calling this function, i.e., calling with `foobar` and `$foobar`
has the same effect.
:param list(str) names: names for the magic values to add or update
:param list(int) values: value for the magic values
:return:
"""
if len(names) == 0 or len(values) == 0 or (not len(names) == len(values)):
return
names_buf = (ctypes.c_char_p * len(names))()
for i in range(0, len(names)):
names_buf[i] = names[i].encode('charmap')
values_buf = (ctypes.c_ulonglong * len(values))()
for i in range(0, len(values)):
values_buf[i] = values[i]
core.BNAddExpressionParserMagicValues(self.handle, names_buf, values_buf, len(names))
[docs] def remove_expression_parser_magic_values(self, names: List[str]) -> None:
"""
Remove a list of magic value from the expression parser
If any of the magic values gets referenced after removal, an error will occur during the parsing.
:param list(str) names: names for the magic value to remove
:return:
"""
if len(names) == 0:
return
names_buf = (ctypes.c_char_p * len(names))()
for i in range(0, len(names)):
names_buf[i] = names[i].encode('charmap')
core.BNRemoveExpressionParserMagicValues(self.handle, names_buf, len(names))
[docs] def get_expression_parser_magic_value(self, name: str) -> Optional[int]:
"""
Get the value of an expression parser magic value
If the queried magic value exists, the function returns true and the magic value is returned in `value`.
If the queried magic value does not exist, the function returns None.
:param name: name for the magic value to query
:return:
"""
result = ctypes.c_ulonglong()
if not core.BNGetExpressionParserMagicValue(self.handle, name, result):
return None
return result.value
[docs] def get_callers(self, addr: int) -> Generator[ReferenceSource, None, None]:
"""
``get_callers`` returns a list of ReferenceSource objects (xrefs or cross-references) that call the provided virtual address.
In this case, tail calls, jumps, and ordinary calls are considered.
:param int addr: virtual address of callee to query for callers
:return: List of References that call the given virtual address
:rtype: list(ReferenceSource)
:Example:
>>> bv.get_callers(here)
[<ref: [email protected]>]
>>>
"""
count = ctypes.c_ulonglong(0)
refs = core.BNGetCallers(self.handle, addr, count)
assert refs is not None, "core.BNGetCallers returned None"
try:
for i in range(0, count.value):
yield ReferenceSource._from_core_struct(self, refs[i])
finally:
core.BNFreeCodeReferences(refs, count.value)
[docs] def get_callees(self, addr: int, func: Optional['_function.Function'] = None,
arch: Optional['architecture.Architecture'] = None) -> List[int]:
"""
``get_callees`` returns a list of virtual addresses called by the call site in the function ``func``,
of the architecture ``arch``, and at the address ``addr``. If no function is specified, call sites from
all functions and containing the address will be considered. If no architecture is specified, the
architecture of the function will be used.
:param int addr: virtual address of the call site to query for callees
:param Function func: (optional) the function that the call site belongs to
:param Architecture func: (optional) the architecture of the call site
:return: list of integers
:rtype: list(integer)
"""
result = []
funcs = self.get_functions_containing(addr) if func is None else [func]
if not funcs:
return []
for src_func in funcs:
src_arch = src_func.arch if arch is None else arch
assert src_arch is not None
ref_src = core.BNReferenceSource(src_func.handle, src_arch.handle, addr)
count = ctypes.c_ulonglong(0)
refs = core.BNGetCallees(self.handle, ref_src, count)
assert refs is not None, "core.BNGetCallees returned None"
try:
for i in range(0, count.value):
result.append(refs[i])
finally:
core.BNFreeAddressList(refs)
return result
[docs] def get_symbol_at(self, addr: int, namespace: '_types.NameSpaceType' = None) -> Optional['_types.CoreSymbol']:
"""
``get_symbol_at`` returns the Symbol at the provided virtual address.
:param addr: virtual address to query for symbol
:param namespace: (optional) the namespace of the symbols to retrieve
:return: CoreSymbol for the given virtual address
:rtype: CoreSymbol
:Example:
>>> bv.get_symbol_at(bv.entry_point)
<FunctionSymbol: "_start" @ 0x100001174>
>>>
"""
_namespace = _types.NameSpace.get_core_struct(namespace)
sym = core.BNGetSymbolByAddress(self.handle, addr, _namespace)
if sym is None:
return None
return _types.CoreSymbol(sym)
[docs] def get_symbols_by_raw_name(self, name: str, namespace: '_types.NameSpaceType' = None) -> List['_types.CoreSymbol']:
_namespace = _types.NameSpace.get_core_struct(namespace)
count = ctypes.c_ulonglong(0)
syms = core.BNGetSymbolsByRawName(self.handle, name, count, _namespace)
assert syms is not None, "core.BNGetSymbolsByRawName returned None"
result = []
try:
for i in range(0, count.value):
handle = core.BNNewSymbolReference(syms[i])
assert handle is not None, "core.BNNewSymbolReference returned None"
result.append(_types.CoreSymbol(handle))
return result
finally:
core.BNFreeSymbolList(syms, count.value)
[docs] def get_symbol_by_raw_name(self, name: str,
namespace: '_types.NameSpaceType' = None) -> Optional['_types.CoreSymbol']:
"""
``get_symbol_by_raw_name`` retrieves a Symbol object for the given raw (mangled) name.
:param name: raw (mangled) name of Symbol to be retrieved
:param namespace: (optional) the namespace to search for the given symbol
:return: CoreSymbol object corresponding to the provided raw name
:rtype: CoreSymbol
:Example:
>>> bv.get_symbol_by_raw_name('[email protected]@@[email protected]@W421@@Z')
<FunctionSymbol: "public: static enum Foobar::foo __cdecl Foobar::testf(enum Foobar::foo)" @ 0x10001100>
>>>
"""
_namespace = _types.NameSpace.get_core_struct(namespace)
sym = core.BNGetSymbolByRawName(self.handle, name, _namespace)
if sym is None:
return None
return _types.CoreSymbol(sym)
[docs] def get_symbols_by_name(
self, name: str, namespace: '_types.NameSpaceType' = None, ordered_filter: Optional[List[SymbolType]] = None
) -> List['_types.CoreSymbol']:
"""
``get_symbols_by_name`` retrieves a list of Symbol objects for the given symbol name and ordered filter
:param name: name of Symbol object to be retrieved
:param namespace: (optional) the namespace to search for the given symbol
:param namespace: (optional) the namespace to search for the given symbol
:param ordered_filter: (optional) an ordered filter based on SymbolType
:return: Symbol object corresponding to the provided name
:rtype: Symbol
:Example:
>>> bv.get_symbols_by_name('[email protected]@@[email protected]@W421@@Z')
[<FunctionSymbol: "public: static enum Foobar::foo __cdecl Foobar::testf(enum Foobar::foo)" @ 0x10001100>]
>>>
"""
if ordered_filter is None:
ordered_filter = [
SymbolType.FunctionSymbol, SymbolType.ImportedFunctionSymbol, SymbolType.LibraryFunctionSymbol,
SymbolType.DataSymbol, SymbolType.ImportedDataSymbol, SymbolType.ImportAddressSymbol,
SymbolType.ExternalSymbol
]
_namespace = _types.NameSpace.get_core_struct(namespace)
count = ctypes.c_ulonglong(0)
syms = core.BNGetSymbolsByName(self.handle, name, count, _namespace)
assert syms is not None, "core.BNGetSymbolsByName returned None"
result = []
try:
for i in range(0, count.value):
handle = core.BNNewSymbolReference(syms[i])
assert handle is not None, "core.BNNewSymbolReference returned None"
result.append(_types.CoreSymbol(handle))
result = sorted(
filter(lambda sym: sym.type in ordered_filter, result), key=lambda sym: ordered_filter.index(sym.type)
)
return result
finally:
core.BNFreeSymbolList(syms, count.value)
[docs] def get_symbols(
self, start: Optional[int] = None, length: Optional[int] = None, namespace: '_types.NameSpaceType' = None
) -> List['_types.CoreSymbol']:
"""
``get_symbols`` retrieves the list of all Symbol objects in the optionally provided range.
:param start: optional start virtual address
:param length: optional length
:return: list of all Symbol objects, or those Symbol objects in the range of ``start``-``start+length``
:rtype: list(Symbol)
:Example:
>>> bv.get_symbols(0x1000200c, 1)
[<ImportAddressSymbol: "KERNEL32!IsProcessorFeaturePresent" @ 0x1000200c>]
>>>
"""
count = ctypes.c_ulonglong(0)
_namespace = _types.NameSpace.get_core_struct(namespace)
if start is None:
syms = core.BNGetSymbols(self.handle, count, _namespace)
assert syms is not None, "core.BNGetSymbols returned None"
else:
if length is None:
length = 1
syms = core.BNGetSymbolsInRange(self.handle, start, length, count, namespace)
assert syms is not None, "core.BNGetSymbolsInRange returned None"
result = []
try:
for i in range(0, count.value):
sym_handle = core.BNNewSymbolReference(syms[i])
assert sym_handle is not None, "core.BNNewSymbolReference returned None"
result.append(_types.CoreSymbol(sym_handle))
return result
finally:
core.BNFreeSymbolList(syms, count.value)
[docs] def get_symbols_of_type(
self, sym_type: SymbolType, start: Optional[int] = None, length: Optional[int] = None,
namespace: '_types.NameSpaceType' = None
) -> List['_types.CoreSymbol']:
"""
``get_symbols_of_type`` retrieves a list of all :py:class:`~binaryninja.types.Symbol` objects of the provided symbol type in the optionally
provided range.
:param sym_type: A Symbol type: :py:class:`~binaryninja.enums.SymbolType`
:param start: optional start virtual address
:param length: optional length
:return: list of all :py:class:`~binaryninja.types.Symbol` objects of type ``sym_type``, or those :py:class:`~binaryninja.types.Symbol` objects in the range of ``start``-``start+length``
:rtype: list(CoreSymbol)
:Example:
>>> bv.get_symbols_of_type(SymbolType.ImportAddressSymbol, 0x10002028, 1)
[<ImportAddressSymbol: "KERNEL32!GetCurrentThreadId" @ 0x10002028>]
>>>
"""
if isinstance(sym_type, str):
sym_type = SymbolType[sym_type]
_namespace = _types.NameSpace.get_core_struct(namespace)
count = ctypes.c_ulonglong(0)
if start is None:
syms = core.BNGetSymbolsOfType(self.handle, sym_type, count, _namespace)
assert syms is not None, "core.BNGetSymbolsOfType returned None"
else:
if length is None:
raise Exception("Length must be provided if start is present")
syms = core.BNGetSymbolsOfTypeInRange(self.handle, sym_type, start, length, count, _namespace)
assert syms is not None, "core.BNGetSymbolsOfTypeInRange returned None"
result = []
try:
for i in range(0, count.value):
sym_handle = core.BNNewSymbolReference(syms[i])
assert sym_handle is not None, "core.BNNewSymbolReference returned None"
result.append(_types.CoreSymbol(sym_handle))
return result
finally:
core.BNFreeSymbolList(syms, count.value)
[docs] def define_auto_symbol(self, sym: '_types.CoreSymbol') -> None:
"""
``define_auto_symbol`` adds a symbol to the internal list of automatically discovered Symbol objects in a given
namespace.
.. warning:: If multiple symbols for the same address are defined, only the most recent symbol will ever be used.
:param sym: the symbol to define
:rtype: None
"""
core.BNDefineAutoSymbol(self.handle, sym.handle)
[docs] def define_auto_symbol_and_var_or_function(
self, sym: '_types.CoreSymbol', type: '_types.Type', plat: Optional['_platform.Platform'] = None
) -> Optional['_types.CoreSymbol']:
"""
``define_auto_symbol_and_var_or_function`` Defines an "Auto" symbol, and a Variable/Function alongside it.
.. warning:: If multiple symbols for the same address are defined, only the most recent symbol will ever be used.
:param sym: Symbol to define
:param type: Type for the function/variable being defined (can be None)
:param plat: Platform (optional)
:rtype: Optional[CoreSymbol]
"""
if plat is None:
if self.platform is None:
raise Exception("Attempting to call define_auto_symbol_and_var_or_function without Platform specified")
plat = self.platform
elif not isinstance(plat, _platform.Platform):
raise ValueError("Provided platform is not of type `Platform`")
if isinstance(type, _types.Type):
type = type.handle
elif type is not None:
raise ValueError("Provided type is not of type `binaryninja.Type`")
_sym = core.BNDefineAutoSymbolAndVariableOrFunction(self.handle, plat.handle, sym.handle, type)
if _sym is None:
return None
return _types.CoreSymbol(_sym)
[docs] def undefine_auto_symbol(self, sym: '_types.CoreSymbol') -> None:
"""
``undefine_auto_symbol`` removes a symbol from the internal list of automatically discovered Symbol objects.
:param Symbol sym: the symbol to undefine
:rtype: None
"""
core.BNUndefineAutoSymbol(self.handle, sym.handle)
[docs] def define_user_symbol(self, sym: '_types.CoreSymbol') -> None:
"""
``define_user_symbol`` adds a symbol to the internal list of user added Symbol objects.
.. warning:: If multiple symbols for the same address are defined, only the most recent symbol will ever be used.
:param Symbol sym: the symbol to define
:rtype: None
"""
core.BNDefineUserSymbol(self.handle, sym.handle)
[docs] def undefine_user_symbol(self, sym: '_types.CoreSymbol') -> None:
"""
``undefine_user_symbol`` removes a symbol from the internal list of user added Symbol objects.
:param sym: the symbol to undefine
:rtype: None
"""
core.BNUndefineUserSymbol(self.handle, sym.handle)
[docs] def define_imported_function(
self, import_addr_sym: '_types.CoreSymbol', func: '_function.Function', type: Optional['_types.Type'] = None
) -> None:
"""
``define_imported_function`` defines an imported Function ``func`` with a ImportedFunctionSymbol type.
:param import_addr_sym: A Symbol object with type ImportedFunctionSymbol
:param func: A Function object to define as an imported function
:param type: Optional type for the function
:rtype: None
"""
core.BNDefineImportedFunction(
self.handle, import_addr_sym.handle, func.handle, None if type is None else type.handle
)
[docs] def bulk_modify_symbols(self):
"""
``bulk_modify_symbols`` returns a context manager that improves performance when adding or
removing a large number of symbols. Symbols added within the Python `with` keyword will
defer processing until the end of the block. Many symbol getter APIs will return stale
results inside the `with` block, so this function should only be used when symbol
queries are not needed at the same time as the modifications.
"""
class BulkModify:
def __init__(self, view: 'BinaryView'):
self._view = view
def __enter__(self):
core.BNBeginBulkModifySymbols(self._view.handle)
def __exit__(self, type, value, traceback):
core.BNEndBulkModifySymbols(self._view.handle)
return BulkModify(self)
[docs] def create_tag_type(self, name: str, icon: str) -> 'TagType':
"""
``create_tag_type`` creates a new :py:class:`TagType` and adds it to the view
:param str name: The name for the tag
:param str icon: The icon (recommended 1 emoji or 2 chars) for the tag
:return: The created tag type
:rtype: TagType
:Example:
>>> bv.create_tag_type("Crabby Functions", "🦀")
>>>
"""
tag_handle = core.BNCreateTagType(self.handle)
assert tag_handle is not None, "core.BNCreateTagType returned None"
tag_type = TagType(tag_handle)
tag_type.name = name
tag_type.icon = icon
core.BNAddTagType(self.handle, tag_type.handle)
return tag_type
[docs] def remove_tag_type(self, tag_type: str):
"""
``remove_tag_type`` removes a :py:class:`TagType` and all tags that use it
:param str tag_type: The name of the tag type to remove
:rtype: None
"""
tag_type = self.get_tag_type(tag_type)
if tag_type is not None:
core.BNRemoveTagType(self.handle, tag_type.handle)
@property
def tag_types(self) -> Mapping[str, Union['TagType', List['TagType']]]:
"""
``tag_types`` gets a dictionary of all Tag Types present for the view,
structured as {Tag Type Name => Tag Type}.
.. warning:: This method inconsistently returns a list of :py:class:`TagType` objects or a single \
:py:class:`TagType` this behavior will change in future revisions
:rtype: dict of (str, TagType)
"""
count = ctypes.c_ulonglong(0)
types = core.BNGetTagTypes(self.handle, count)
assert types is not None, "core.BNGetTagTypes returned None"
result: Mapping[str, Union['TagType', List['TagType']]] = {}
try:
for i in range(0, count.value):
tag_handle = core.BNNewTagTypeReference(types[i])
assert tag_handle is not None, "core.BNNewTagTypeReference returned None"
tag = TagType(tag_handle)
if tag.name in result:
cur_item = result[tag.name]
if isinstance(cur_item, list):
cur_item.append(tag)
result[tag.name] = cur_item
else:
result[tag.name] = [cur_item, tag]
else:
result[tag.name] = tag
return result
finally:
core.BNFreeTagTypeList(types, count.value)
[docs] def get_tag_type(self, name: str) -> Optional['TagType']:
"""
Get a tag type by its name.
:param name: Name of the tag type
:return: The relevant tag type, if it exists
:rtype: TagType
"""
if isinstance(name, TagType):
log_warn("Accessing tag types by type is deprecated. Please use the name instead.")
return name
else:
tag_type = core.BNGetTagType(self.handle, name)
if tag_type is not None:
return TagType(tag_type)
else:
log_error(f"Tag type `{name}` does not exist!")
return None
[docs] def add_tag(self, addr: int, tag_type_name: str, data: str, user: bool = True):
"""
``add_tag`` creates and adds a :py:class:`Tag` object at a data address.
This API is appropriate for generic data tags. For functions,
consider using :py:func:`~binaryninja.function.Function.add_tag`.
:param int addr: address at which to add the tag
:param str tag_type_name: The name of the tag type for this Tag
:param str data: additional data for the Tag
:param bool user: Whether or not a user tag
:Example:
>>> bv.add_tag(here, "Crashes", "Null pointer dereference")
>>>
"""
tag_type = self.get_tag_type(tag_type_name)
if tag_type is None:
return
tag_handle = core.BNCreateTag(tag_type.handle, data)
assert tag_handle is not None, "core.BNCreateTag returned None"
tag = Tag(tag_handle)
core.BNAddTag(self.handle, tag.handle, user)
core.BNAddUserDataTag(self.handle, addr, tag.handle)
[docs] @deprecation.deprecated(deprecated_in="3.4.4146", details='Use get_tag_type instead')
def get_tag_type_by_name(self, name: str) -> Optional['TagType']:
tag_type = core.BNGetTagType(self.handle, name)
if tag_type is None:
return None
return TagType(tag_type)
[docs] @deprecation.deprecated(deprecated_in="3.4.4146", details='Use get_tag_type instead')
def get_tag_type_by_id(self, id: str) -> Optional['TagType']:
tag_type = core.BNGetTagTypeById(self.handle, id)
if tag_type is None:
return None
return TagType(tag_type)
[docs] @deprecation.deprecated(deprecated_in="3.4.4146", details='Use add_tag instead')
def create_user_tag(self, type: 'TagType', data: str) -> 'Tag':
return self.create_tag(type, data, True)
[docs] @deprecation.deprecated(deprecated_in="3.4.4146", details='Use add_tag instead')
def create_auto_tag(self, type: 'TagType', data: str) -> 'Tag':
return self.create_tag(type, data, False)
[docs] @deprecation.deprecated(deprecated_in="3.4.4146", details='Use add_tag instead')
def create_tag(self, tag_type: 'TagType', data: str, user: bool = True) -> 'Tag':
if not isinstance(tag_type, TagType):
raise ValueError(f"type is not a TagType instead got {type(tag_type)} : {repr(tag_type)}")
tag_handle = core.BNCreateTag(tag_type.handle, data)
assert tag_handle is not None, "core.BNCreateTag returned None"
tag = Tag(tag_handle)
core.BNAddTag(self.handle, tag.handle, user)
return tag
[docs] @deprecation.deprecated(deprecated_in="3.4.4146")
def get_tag(self, id: str) -> Optional['Tag']:
tag = core.BNGetTag(self.handle, id)
if tag is None:
return None
return Tag(tag)
@property
def tags(self) -> List[Tuple[int, 'Tag']]:
"""
``tags`` gets a list of all data :py:class:`Tag` objects in the view.
Tags are returned as a list of (address, :py:class:`Tag`) pairs.
:type: list(int, Tag)
"""
return self.get_tags()
@property
@deprecation.deprecated(deprecated_in="3.4.4146", details='Use tags instead')
def data_tags(self) -> List[Tuple[int, 'Tag']]:
return self.tags
@property
@deprecation.deprecated(deprecated_in="3.4.4146", details='Use get_tags instead')
def auto_data_tags(self) -> List[Tuple[int, 'Tag']]:
count = ctypes.c_ulonglong()
tags = core.BNGetAutoDataTagReferences(self.handle, count)
assert tags is not None, "core.BNGetAutoDataTagReferences return None"
result = []
try:
for i in range(0, count.value):
handle = tags[i].tag
assert handle is not None, "BNGetAutoDataTagReferences returned handle set to None"
tag_ref = core.BNNewTagReference(handle)
assert tag_ref is not None, "BNNewTagReference returned None"
tag = Tag(tag_ref)
result.append((tags[i].addr, tag))
return result
finally:
core.BNFreeTagReferences(tags, count.value)
@property
@deprecation.deprecated(deprecated_in="3.4.4146", details='Use get_tags instead')
def user_data_tags(self) -> List[Tuple[int, 'Tag']]:
count = ctypes.c_ulonglong()
refs = core.BNGetUserDataTagReferences(self.handle, count)
assert refs is not None, "core.BNGetUserDataTagReferences returned None"
result = []
try:
for i in range(0, count.value):
tag_handle = refs[i].tag
assert tag_handle is not None, "BNGetUserDataTagReferences returned tag with handle set to None"
tag_ref = core.BNNewTagReference(tag_handle)
assert tag_ref is not None, "BNNewTagReference returned None"
tag = Tag(tag_ref)
result.append((refs[i].addr, tag))
return result
finally:
core.BNFreeTagReferences(refs, count.value)
[docs] @deprecation.deprecated(deprecated_in="3.4.4146", details='Use add_tag instead')
def add_user_data_tag(self, addr: int, tag: 'Tag'):
core.BNAddUserDataTag(self.handle, addr, tag.handle)
[docs] @deprecation.deprecated(deprecated_in="3.4.4146", details='Use add_tag instead')
def create_user_data_tag(self, addr: int, type: 'TagType', data: str, unique: bool = False) -> 'Tag':
if unique:
tags = self.get_data_tags_at(addr)
for tag in tags:
if tag.type == type and tag.data == data:
return tag
tag = self.create_tag(type, data, True)
core.BNAddUserDataTag(self.handle, addr, tag.handle)
return tag
[docs] def remove_user_data_tag(self, addr: int, tag: Tag):
"""
``remove_user_data_tag`` removes a :py:class:`Tag` object at a data address.
Since this removes a user tag, it will be added to the current undo buffer.
:param int addr: address at which to remove the tag
:param Tag tag: :py:class:`Tag` object to be removed
:rtype: None
"""
core.BNRemoveUserDataTag(self.handle, addr, tag.handle)
[docs] @deprecation.deprecated(deprecated_in="3.4.4146", details='use add_tag instead')
def add_auto_data_tag(self, addr: int, tag: 'Tag'):
core.BNAddAutoDataTag(self.handle, addr, tag.handle)
[docs] @deprecation.deprecated(deprecated_in="3.4.4146", details='use add_tag instead')
def create_auto_data_tag(self, addr: int, type: 'TagType', data: str, unique: bool = False) -> 'Tag':
if unique:
tags = self.get_data_tags_at(addr)
for tag in tags:
if tag.type == type and tag.data == data:
return tag
tag = self.create_tag(type, data, False)
core.BNAddAutoDataTag(self.handle, addr, tag.handle)
return tag
[docs] def remove_auto_data_tag(self, addr: int, tag: 'Tag'):
"""
``remove_auto_data_tag`` removes a Tag object at a data address.
:param int addr: address at which to remove the tag
:param Tag tag: Tag object to be removed
:rtype: None
"""
core.BNRemoveAutoDataTag(self.handle, addr, tag.handle)
[docs] def can_assemble(self, arch: Optional['architecture.Architecture'] = None) -> bool:
"""
``can_assemble`` queries the architecture plugin to determine if the architecture can assemble instructions.
:return: True if the architecture can assemble, False otherwise
:rtype: bool
:Example:
>>> bv.can_assemble()
True
>>>
"""
if arch is None:
if self.arch is None:
raise Exception("Attempting to call can_assemble without an Architecture specified")
arch = self.arch
return core.BNCanAssemble(self.handle, arch.handle)
[docs] def is_never_branch_patch_available(self, addr: int, arch: Optional['architecture.Architecture'] = None) -> bool:
"""
``is_never_branch_patch_available`` queries the architecture plugin to determine if the instruction at the
instruction at ``addr`` can be made to **never branch**. The actual logic of which is implemented in the
``perform_is_never_branch_patch_available`` in the corresponding architecture.
:param int addr: the virtual address of the instruction to be patched
:param Architecture arch: (optional) the architecture of the instructions if different from the default
:return: True if the instruction can be patched, False otherwise
:rtype: bool
:Example:
>>> bv.get_disassembly(0x100012ed)
'test eax, eax'
>>> bv.is_never_branch_patch_available(0x100012ed)
False
>>> bv.get_disassembly(0x100012ef)
'jg 0x100012f5'
>>> bv.is_never_branch_patch_available(0x100012ef)
True
>>>
"""
if arch is None:
if self.arch is None:
raise Exception("Attempting to call can_assemble without an Architecture specified")
arch = self.arch
return core.BNIsNeverBranchPatchAvailable(self.handle, arch.handle, addr)
[docs] def is_always_branch_patch_available(self, addr: int, arch: Optional['architecture.Architecture'] = None) -> bool:
"""
``is_always_branch_patch_available`` queries the architecture plugin to determine if the
instruction at ``addr`` can be made to **always branch**. The actual logic of which is implemented in the
``perform_is_always_branch_patch_available`` in the corresponding architecture.
:param int addr: the virtual address of the instruction to be patched
:param Architecture arch: (optional) the architecture for the current view
:return: True if the instruction can be patched, False otherwise
:rtype: bool
:Example:
>>> bv.get_disassembly(0x100012ed)
'test eax, eax'
>>> bv.is_always_branch_patch_available(0x100012ed)
False
>>> bv.get_disassembly(0x100012ef)
'jg 0x100012f5'
>>> bv.is_always_branch_patch_available(0x100012ef)
True
>>>
"""
if arch is None:
if self.arch is None:
raise Exception("Attempting to call can_assemble without an Architecture specified")
arch = self.arch
return core.BNIsAlwaysBranchPatchAvailable(self.handle, arch.handle, addr)
[docs] def is_invert_branch_patch_available(self, addr: int, arch: Optional['architecture.Architecture'] = None) -> bool:
"""
``is_invert_branch_patch_available`` queries the architecture plugin to determine if the instruction at ``addr``
is a branch that can be inverted. The actual logic of which is implemented in the
``perform_is_invert_branch_patch_available`` in the corresponding architecture.
:param int addr: the virtual address of the instruction to be patched
:param Architecture arch: (optional) the architecture of the instructions if different from the default
:return: True if the instruction can be patched, False otherwise
:rtype: bool
:Example:
>>> bv.get_disassembly(0x100012ed)
'test eax, eax'
>>> bv.is_invert_branch_patch_available(0x100012ed)
False
>>> bv.get_disassembly(0x100012ef)
'jg 0x100012f5'
>>> bv.is_invert_branch_patch_available(0x100012ef)
True
>>>
"""
if arch is None:
if self.arch is None:
raise Exception("Attempting to call can_assemble without an Architecture specified")
arch = self.arch
return core.BNIsInvertBranchPatchAvailable(self.handle, arch.handle, addr)
[docs] def is_skip_and_return_zero_patch_available(
self, addr: int, arch: Optional['architecture.Architecture'] = None
) -> bool:
"""
``is_skip_and_return_zero_patch_available`` queries the architecture plugin to determine if the
instruction at ``addr`` is similar to an x86 "call" instruction which can be made to return zero. The actual
logic of which is implemented in the ``perform_is_skip_and_return_zero_patch_available`` in the corresponding
architecture.
:param int addr: the virtual address of the instruction to be patched
:param Architecture arch: (optional) the architecture of the instructions if different from the default
:return: True if the instruction can be patched, False otherwise
:rtype: bool
:Example:
>>> bv.get_disassembly(0x100012f6)
'mov dword [0x10003020], eax'
>>> bv.is_skip_and_return_zero_patch_available(0x100012f6)
False
>>> bv.get_disassembly(0x100012fb)
'call 0x10001629'
>>> bv.is_skip_and_return_zero_patch_available(0x100012fb)
True
>>>
"""
if arch is None:
if self.arch is None:
raise Exception("Attempting to call can_assemble without an Architecture specified")
arch = self.arch
return core.BNIsSkipAndReturnZeroPatchAvailable(self.handle, arch.handle, addr)
[docs] def is_skip_and_return_value_patch_available(
self, addr: int, arch: Optional['architecture.Architecture'] = None
) -> bool:
"""
``is_skip_and_return_value_patch_available`` queries the architecture plugin to determine if the
instruction at ``addr`` is similar to an x86 "call" instruction which can be made to return a value. The actual
logic of which is implemented in the ``perform_is_skip_and_return_value_patch_available`` in the corresponding
architecture.
:param int addr: the virtual address of the instruction to be patched
:param Architecture arch: (optional) the architecture of the instructions if different from the default
:return: True if the instruction can be patched, False otherwise
:rtype: bool
:Example:
>>> bv.get_disassembly(0x100012f6)
'mov dword [0x10003020], eax'
>>> bv.is_skip_and_return_value_patch_available(0x100012f6)
False
>>> bv.get_disassembly(0x100012fb)
'call 0x10001629'
>>> bv.is_skip_and_return_value_patch_available(0x100012fb)
True
>>>
"""
if arch is None:
if self.arch is None:
raise Exception("Attempting to call can_assemble without an Architecture specified")
arch = self.arch
return core.BNIsSkipAndReturnValuePatchAvailable(self.handle, arch.handle, addr)
[docs] def convert_to_nop(self, addr: int, arch: Optional['architecture.Architecture'] = None) -> bool:
"""
``convert_to_nop`` converts the instruction at virtual address ``addr`` to a nop of the provided architecture.
.. note:: This API performs a binary patch, analysis may need to be updated afterward. Additionally the binary \
file must be saved in order to preserve the changes made.
:param int addr: virtual address of the instruction to convert to nops
:param Architecture arch: (optional) the architecture of the instructions if different from the default
:return: True on success, False on failure.
:rtype: bool
:Example:
>>> bv.get_disassembly(0x100012fb)
'call 0x10001629'
>>> bv.convert_to_nop(0x100012fb)
True
>>> #The above 'call' instruction is 5 bytes, a nop in x86 is 1 byte,
>>> # thus 5 nops are used:
>>> bv.get_disassembly(0x100012fb)
'nop'
>>> bv.get_disassembly(0x100012fb + 1)
'nop'
>>> bv.get_disassembly(0x100012fb + 2)
'nop'
>>> bv.get_disassembly(0x100012fb + 3)
'nop'
>>> bv.get_disassembly(0x100012fb + 4)
'nop'
>>> bv.get_disassembly(0x100012fb + 5)
'mov byte [ebp-0x1c], al'
"""
if arch is None:
if self.arch is None:
raise Exception("Attempting to call can_assemble without an Architecture specified")
arch = self.arch
return core.BNConvertToNop(self.handle, arch.handle, addr)
[docs] def always_branch(self, addr: int, arch: Optional['architecture.Architecture'] = None) -> bool:
"""
``always_branch`` convert the instruction of architecture ``arch`` at the virtual address ``addr`` to an
unconditional branch.
.. note:: This API performs a binary patch, analysis may need to be updated afterward. Additionally the binary \
file must be saved in order to preserve the changes made.
:param int addr: virtual address of the instruction to be modified
:param Architecture arch: (optional) the architecture of the instructions if different from the default
:return: True on success, False on failure.
:rtype: bool
:Example:
>>> bv.get_disassembly(0x100012ef)
'jg 0x100012f5'
>>> bv.always_branch(0x100012ef)
True
>>> bv.get_disassembly(0x100012ef)
'jmp 0x100012f5'
>>>
"""
if arch is None:
if self.arch is None:
raise Exception("Attempting to call can_assemble without an Architecture specified")
arch = self.arch
return core.BNAlwaysBranch(self.handle, arch.handle, addr)
[docs] def never_branch(self, addr: int, arch: Optional['architecture.Architecture'] = None) -> bool:
"""
``never_branch`` convert the branch instruction of architecture ``arch`` at the virtual address ``addr`` to
a fall through.
.. note:: This API performs a binary patch, analysis may need to be updated afterward. Additionally the binary\
file must be saved in order to preserve the changes made.
:param int addr: virtual address of the instruction to be modified
:param Architecture arch: (optional) the architecture of the instructions if different from the default
:return: True on success, False on failure.
:rtype: bool
:Example:
>>> bv.get_disassembly(0x1000130e)
'jne 0x10001317'
>>> bv.never_branch(0x1000130e)
True
>>> bv.get_disassembly(0x1000130e)
'nop'
>>>
"""
if arch is None:
if self.arch is None:
raise Exception("Attempting to call can_assemble without an Architecture specified")
arch = self.arch
return core.BNConvertToNop(self.handle, arch.handle, addr)
[docs] def invert_branch(self, addr: int, arch: Optional['architecture.Architecture'] = None) -> bool:
"""
``invert_branch`` convert the branch instruction of architecture ``arch`` at the virtual address ``addr`` to the
inverse branch.
.. note:: This API performs a binary patch, analysis may need to be updated afterward. Additionally the binary \
file must be saved in order to preserve the changes made.
:param int addr: virtual address of the instruction to be modified
:param Architecture arch: (optional) the architecture of the instructions if different from the default
:return: True on success, False on failure.
:rtype: bool
:Example:
>>> bv.get_disassembly(0x1000130e)
'je 0x10001317'
>>> bv.invert_branch(0x1000130e)
True
>>>
>>> bv.get_disassembly(0x1000130e)
'jne 0x10001317'
>>>
"""
if arch is None:
if self.arch is None:
raise Exception("Attempting to call can_assemble without an Architecture specified")
arch = self.arch
return core.BNInvertBranch(self.handle, arch.handle, addr)
[docs] def skip_and_return_value(self, addr: int, value: int, arch: Optional['architecture.Architecture'] = None) -> bool:
"""
``skip_and_return_value`` convert the ``call`` instruction of architecture ``arch`` at the virtual address
``addr`` to the equivalent of returning a value.
:param int addr: virtual address of the instruction to be modified
:param int value: value to make the instruction *return*
:param Architecture arch: (optional) the architecture of the instructions if different from the default
:return: True on success, False on failure.
:rtype: bool
:Example:
>>> bv.get_disassembly(0x1000132a)
'call 0x1000134a'
>>> bv.skip_and_return_value(0x1000132a, 42)
True
>>> #The return value from x86 functions is stored in eax thus:
>>> bv.get_disassembly(0x1000132a)
'mov eax, 0x2a'
>>>
"""
if arch is None:
if self.arch is None:
raise Exception("Attempting to call can_assemble without an Architecture specified")
arch = self.arch
return core.BNSkipAndReturnValue(self.handle, arch.handle, addr, value)
[docs] def get_instruction_length(self, addr: int, arch: Optional['architecture.Architecture'] = None) -> int:
"""
``get_instruction_length`` returns the number of bytes in the instruction of Architecture ``arch`` at the virtual
address ``addr``
:param int addr: virtual address of the instruction query
:param Architecture arch: (optional) the architecture of the instructions if different from the default
:return: Number of bytes in instruction
:rtype: int
:Example:
>>> bv.get_disassembly(0x100012f1)
'xor eax, eax'
>>> bv.get_instruction_length(0x100012f1)
2L
>>>
"""
if arch is None:
if self.arch is None:
raise Exception("Attempting to call can_assemble without an Architecture specified")
arch = self.arch
return core.BNGetInstructionLength(self.handle, arch.handle, addr)
[docs] def notify_data_written(self, offset: int, length: int) -> None:
core.BNNotifyDataWritten(self.handle, offset, length)
[docs] def notify_data_inserted(self, offset: int, length: int) -> None:
core.BNNotifyDataInserted(self.handle, offset, length)
[docs] def notify_data_removed(self, offset: int, length: int) -> None:
core.BNNotifyDataRemoved(self.handle, offset, length)
[docs] def get_component(self, guid: str) -> Optional[component.Component]:
"""
Lookup a Component by its Guid
:param guid: Guid of the component to look up
:return: The Component with that Guid
"""
bn_component = core.BNGetComponentByGuid(self.handle, guid)
if bn_component is None:
return None
return component.Component(bn_component)
[docs] def get_component_by_path(self, path: str) -> Optional[component.Component]:
"""
Lookup a Component by its pathname
:note: This is a convenience method, and for performance-sensitive lookups, GetComponentByGuid is very highly recommended.
Lookups are done based on the .display_name of the Component.
All lookups are absolute from the root component, and are case-sensitive. Pathnames are delimited with "/"
:param path: Pathname of the desired Component
:return: The Component at that pathname
:Example:
>>> c = bv.create_component(name="MyComponent")
>>> c2 = bv.create_component(name="MySubComponent", parent=c)
>>> bv.get_component_by_path("/MyComponent/MySubComponent") == c2
True
>>> c3 = bv.create_component(name="MySubComponent", parent=c)
>>> c3
<Component "MySubComponent (1)" "(20712aff...")>
>>> bv.get_component_by_path("/MyComponent/MySubComponent (1)") == c3
True
"""
if not isinstance(path, str):
raise TypeError("Pathname must be a string")
bn_component = core.BNGetComponentByPath(self.handle, path)
if bn_component is None:
return None
return component.Component(bn_component)
@property
def root_component(self) -> component.Component:
"""
The root component for the BinaryView (read-only)
This Component cannot be removed, and houses all unparented Components.
:return: The root component
"""
return component.Component(core.BNGetRootComponent(self.handle))
[docs] def create_component(self, name: Optional[str] = None, parent: Union[component.Component, str, None] = None) -> component.Component:
"""
Create a new component with an optional name and parent.
The `parent` argument can be either a Component or the Guid of a component that the created component will be
added as a child of
:param name: Optional name to create the component with
:param parent: Optional parent to which the component will be added
:return: The created component
"""
if parent:
if isinstance(parent, component.Component):
if name:
return component.Component(core.BNCreateComponentWithParentAndName(self.handle, parent.guid, name))
else:
return component.Component(core.BNCreateComponentWithParent(self.handle, parent.guid))
elif isinstance(parent, str):
if name:
return component.Component(core.BNCreateComponentWithParentAndName(self.handle, parent, name))
else:
return component.Component(core.BNCreateComponentWithParent(self.handle, parent))
else:
raise TypeError("parent can only be a Component object or string GUID representing one")
else:
if name:
return component.Component(core.BNCreateComponentWithName(self.handle, name))
else:
return component.Component(core.BNCreateComponent(self.handle))
[docs] def remove_component(self, _component: Union[component.Component, str]) -> bool:
"""
Remove a component from the tree entirely.
:param _component: Component to remove
:return: Whether the removal was successful
"""
if isinstance(_component, component.Component):
return core.BNRemoveComponent(self.handle, _component.handle)
elif isinstance(_component, str):
return core.BNRemoveComponentByGuid(self.handle, _component)
raise TypeError("Removal is only supported with a Component or string representing its Guid")
[docs] def get_function_parent_components(self, function: 'function.Function') -> List['component.Component']:
_components = []
count = ctypes.c_ulonglong(0)
bn_components = core.BNGetFunctionParentComponents(self.handle, function.handle, count)
try:
for i in range(count.value):
_components.append(component.Component(core.BNNewComponentReference(bn_components[i])))
finally:
core.BNFreeComponents(bn_components, count.value)
return _components
[docs] def get_data_variable_parent_components(self, data_variable: 'DataVariable') -> List['component.Component']:
_components = []
count = ctypes.c_ulonglong(0)
bn_components = core.BNGetDataVariableParentComponents(self.handle, data_variable.address, count)
try:
for i in range(count.value):
_components.append(component.Component(core.BNNewComponentReference(bn_components[i])))
finally:
core.BNFreeComponents(bn_components, count.value)
return _components
[docs] def get_strings(self, start: Optional[int] = None, length: Optional[int] = None) -> List['StringReference']:
"""
``get_strings`` returns a list of strings defined in the binary in the optional virtual address range:
``start-(start+length)``
Note that this API will only return strings that have been identified by the string-analysis and thus governed by the minimum and maximum length settings and unrelated to the type system.
:param int start: optional virtual address to start the string list from, defaults to start of the binary
:param int length: optional length range to return strings from, defaults to length of the binary
:return: a list of all strings or a list of strings defined between ``start`` and ``start+length``
:rtype: list(StringReference)
:Example:
>>> bv.get_strings(0x1000004d, 1)
[<AsciiString: 0x1000004d, len 0x2c>]
>>>
"""
count = ctypes.c_ulonglong(0)
if start is None:
strings = core.BNGetStrings(self.handle, count)
assert strings is not None, "core.BNGetStrings returned None"
else:
if length is None:
length = self.end - start
strings = core.BNGetStringsInRange(self.handle, start, length, count)
assert strings is not None, "core.BNGetStringsInRange returned None"
result = []
try:
for i in range(0, count.value):
result.append(StringReference(self, StringType(strings[i].type), strings[i].start, strings[i].length))
return result
finally:
core.BNFreeStringReferenceList(strings)
[docs] def get_string_at(self, addr: int, partial: bool = False) -> Optional['StringReference']:
"""
``get_string_at`` returns the string that falls on given virtual address.
.. note:: This returns discovered strings and is therefore governed by `analysis.limits.minStringLength` and other settings. For an alternative API that simply returns any potential c-string at a given location, use :py:func:`get_ascii_string_at`.
:param int addr: virtual address to get the string from
:param bool partial: whether to return a partial string reference or not
:return: returns the StringReference at the given virtual address, otherwise None.
:rtype: StringReference
:Example:
>>> bv.get_string_at(0x40302f)
<StringType.AsciiString: 0x403028, len 0x12>
"""
str_ref = core.BNStringReference()
if not core.BNGetStringAtAddress(self.handle, addr, str_ref):
return None
if partial and (addr != str_ref.start) and (str_ref.type != StringType.AsciiString):
partial = False
log_warn("Partial string not supported at {}".format(hex(addr)))
start = addr if partial else str_ref.start
length = str_ref.length - (addr - str_ref.start) if partial else str_ref.length
return StringReference(self, StringType(str_ref.type), start, length)
[docs] def get_ascii_string_at(self, addr: int, min_length: int = 4, max_length: Optional[int] = None,
require_cstring: bool = True) -> Optional['StringReference']:
"""
``get_ascii_string_at`` returns an ascii string found at ``addr``.
.. note:: This returns an ascii string irrespective of whether the core analysis identified a string at that location. For an alternative API that uses existing identified strings, use :py:func:`get_string_at`.
:param int addr: virtual address to start the string
:param int min_length: minimum length to define a string
:param int max_length: max length string to return
:param bool require_cstring: only return 0x0-terminated strings
:return: the string found at ``addr`` or None if a string does not exist
:rtype: StringReference or None
:Example:
>>> s1 = bv.get_ascii_string_at(0x70d0)
>>> s1
<AsciiString: 0x70d0, len 0xb>
>>> s1.value
'AWAVAUATUSH'
>>> s2 = bv.get_ascii_string_at(0x70d1)
>>> s2
<AsciiString: 0x70d1, len 0xa>
>>> s2.value
'WAVAUATUSH'
"""
if not isinstance(addr, int):
raise ValueError("Input address (" + str(addr) + ") is not a number.")
if addr < self.start or addr >= self.end:
return None
br = BinaryReader(self)
br.seek(addr)
length = 0
c = br.read8()
while c is not None and c > 0 and c <= 0x7f:
if length == max_length:
break
length += 1
c = br.read8()
if length < min_length:
return None
if require_cstring and c != 0:
return None
return StringReference(self, StringType.AsciiString, addr, length)
[docs] def add_analysis_completion_event(self, callback: Callable[[], None]) -> 'AnalysisCompletionEvent':
"""
``add_analysis_completion_event`` sets up a call back function to be called when analysis has been completed.
This is helpful when using :py:func:`update_analysis` which does not wait for analysis completion before returning.
The callee of this function is not responsible for maintaining the lifetime of the returned AnalysisCompletionEvent object.
.. note:: The lock held by the callback thread on the BinaryView instance ensures that other BinaryView actions can be safely performed in the callback thread.
.. warning:: The built-in python console automatically updates analysis after every command is run, which means this call back may not behave as expected if entered interactively.
:param callback callback: A function to be called with no parameters when analysis has completed.
:return: An initialized AnalysisCompletionEvent object
:rtype: AnalysisCompletionEvent
:Example:
>>> def completionEvent():
... print("done")
...
>>> bv.add_analysis_completion_event(completionEvent)
<binaryninja.AnalysisCompletionEvent object at 0x10a2c9f10>
>>> bv.update_analysis()
done
>>>
"""
return AnalysisCompletionEvent(self, callback)
[docs] def get_next_function_start_after(self, addr: int) -> int:
"""
``get_next_function_start_after`` returns the virtual address of the Function that occurs after the virtual address
``addr``
:param int addr: the virtual address to start looking from.
:return: the virtual address of the next Function
:rtype: int
:Example:
>>> bv.get_next_function_start_after(bv.entry_point)
268441061L
>>> hex(bv.get_next_function_start_after(bv.entry_point))
'0x100015e5L'
>>> hex(bv.get_next_function_start_after(0x100015e5))
'0x10001629L'
>>> hex(bv.get_next_function_start_after(0x10001629))
'0x1000165eL'
>>>
"""
return core.BNGetNextFunctionStartAfterAddress(self.handle, addr)
[docs] def get_next_basic_block_start_after(self, addr: int) -> int:
"""
``get_next_basic_block_start_after`` returns the virtual address of the BasicBlock that occurs after the virtual
address ``addr``
:param int addr: the virtual address to start looking from.
:return: the virtual address of the next BasicBlock
:rtype: int
:Example:
>>> hex(bv.get_next_basic_block_start_after(bv.entry_point))
'0x100014a8L'
>>> hex(bv.get_next_basic_block_start_after(0x100014a8))
'0x100014adL'
>>>
"""
return core.BNGetNextBasicBlockStartAfterAddress(self.handle, addr)
[docs] def get_next_data_after(self, addr: int) -> int:
"""
``get_next_data_after`` retrieves the virtual address of the next non-code byte.
:param int addr: the virtual address to start looking from.
:return: the virtual address of the next data byte which is data, not code
:rtype: int
:Example:
>>> hex(bv.get_next_data_after(0x10000000))
'0x10000001L'
"""
return core.BNGetNextDataAfterAddress(self.handle, addr)
[docs] def get_next_data_var_after(self, addr: int) -> Optional['DataVariable']:
"""
``get_next_data_var_after`` retrieves the next :py:class:`DataVariable`, or None.
:param int addr: the virtual address to start looking from.
:return: the next :py:class:`DataVariable`
:rtype: DataVariable
:Example:
>>> bv.get_next_data_var_after(0x10000000)
<var 0x1000003c: int32_t>
>>>
"""
while True:
next_data_var_start = core.BNGetNextDataVariableStartAfterAddress(self.handle, addr)
if next_data_var_start == self.end:
return None
var = core.BNDataVariable()
if not core.BNGetDataVariableAtAddress(self.handle, next_data_var_start, var):
return None
if var.address < next_data_var_start:
addr = var.address + core.BNGetTypeWidth(var.type)
continue
break
result = DataVariable.from_core_struct(var, self)
core.BNFreeDataVariable(var)
return result
[docs] def get_next_data_var_start_after(self, addr: int) -> int:
"""
``get_next_data_var_start_after`` retrieves the next virtual address of the next :py:class:`DataVariable`
:param int addr: the virtual address to start looking from.
:return: the virtual address of the next :py:class:`DataVariable`
:rtype: int
:Example:
>>> hex(bv.get_next_data_var_start_after(0x10000000))
'0x1000003cL'
>>> bv.get_data_var_at(0x1000003c)
<var 0x1000003c: int32_t>
>>>
"""
return core.BNGetNextDataVariableStartAfterAddress(self.handle, addr)
[docs] def get_previous_function_start_before(self, addr: int) -> int:
"""
``get_previous_function_start_before`` returns the virtual address of the Function that occurs prior to the
virtual address provided
:param int addr: the virtual address to start looking from.
:return: the virtual address of the previous Function
:rtype: int
:Example:
>>> hex(bv.entry_point)
'0x1000149fL'
>>> hex(bv.get_next_function_start_after(bv.entry_point))
'0x100015e5L'
>>> hex(bv.get_previous_function_start_before(0x100015e5))
'0x1000149fL'
>>>
"""
return core.BNGetPreviousFunctionStartBeforeAddress(self.handle, addr)
[docs] def get_previous_basic_block_start_before(self, addr: int) -> int:
"""
``get_previous_basic_block_start_before`` returns the virtual address of the BasicBlock that occurs prior to the
provided virtual address
:param int addr: the virtual address to start looking from.
:return: the virtual address of the previous BasicBlock
:rtype: int
:Example:
>>> hex(bv.entry_point)
'0x1000149fL'
>>> hex(bv.get_next_basic_block_start_after(bv.entry_point))
'0x100014a8L'
>>> hex(bv.get_previous_basic_block_start_before(0x100014a8))
'0x1000149fL'
>>>
"""
return core.BNGetPreviousBasicBlockStartBeforeAddress(self.handle, addr)
[docs] def get_previous_basic_block_end_before(self, addr: int) -> int:
"""
``get_previous_basic_block_end_before``
:param int addr: the virtual address to start looking from.
:return: the virtual address of the previous BasicBlock end
:rtype: int
:Example:
>>> hex(bv.entry_point)
'0x1000149fL'
>>> hex(bv.get_next_basic_block_start_after(bv.entry_point))
'0x100014a8L'
>>> hex(bv.get_previous_basic_block_end_before(0x100014a8))
'0x100014a8L'
"""
return core.BNGetPreviousBasicBlockEndBeforeAddress(self.handle, addr)
[docs] def get_previous_data_before(self