PluginCommand.register(
"Ethersplay-4byte\\update cashed function hashes",
"Re-do lookup of all hash signatures on 4byte.directory, which are stored in the local cache.",
update_cache_bn,
is_valid=is_valid_evm)
PluginCommand.register_for_address(
"Ethersplay-4byte\\Lookup 4byte hash",
"Perform lookup of one hash signature on 4byte.directory",
lookup_one_inst,
is_valid=is_valid_evm)
PluginCommand.register_for_function(
"Ethersplay-4byte\\Lookup 4byte hash for all PUSH4",
"Perform lookup of one hash signature on 4byte.directory",
lookup_all_push4,
is_valid=is_valid_evm)
PluginCommand.register_for_address(
"Ethersplay\\Lookup 4byte hash (4byte.directory)",
"Perform lookup of one hash signature on 4byte.directory",
lookup_one_inst,
is_valid=is_valid_evm)
PluginCommand.register_for_address("Ethersplay-contrib\\Dump CODECOPY to file",
"Dump the result of a codecopy to a file",
dump_codecopy_data,
is_valid=is_valid_evm)
PluginCommand.register_for_function(
import os
import json
from binaryninja import PluginCommand
import winapi
PluginCommand.register_for_function(
"WinAPI Annotator", "Annotate Windows API functions with arguments",
winapi.run_plugin)
if bb.start <= idx < bb.end)
return bb_cache[idx]
def run(func, il: MediumLevelILInstruction):
source_function = il.function.source_function
view = source_function.view
view.begin_undo_actions()
target = func(il)
view.commit_undo_actions()
if 'next' in source_function.session_data:
target_queue = source_function.session_data['next']
else:
target_queue = list()
if isinstance(target, int):
target_queue.append(target)
elif isinstance(target, list):
target_queue += target
source_function.session_data['next'] = target_queue
def run_unlock(view, function):
u = UnlockTaskThread(function, function.start)
u.start()
PluginCommand.register_for_function(
'Run unlock',
'Run unlock',
run_unlock,
is_valid=lambda v, f: 'obfuscated' in v.file.filename)
dot_count = 0
start = time.time()
while not u.finished:
time.sleep(1)
print(
f'[{timedelta(seconds=(time.time() - start))}] Running{"."*dot_count:<4s}\r',
end="",
)
dot_count = (dot_count + 1) % 4
u.join()
print(f"{view.functions}")
PluginCommand.register_for_function(
r"Unlock\Run unlock",
"Run unlock",
run_unlock,
is_valid=lambda v, f: "obfuscated" in v.file.filename,
)
def generate_graphs(view: BinaryView):
for func in view.functions:
bbs = {}
g = FlowGraph()
g.function = func
n = FlowGraphNode(g)
for bb in func.basic_blocks:
if bb.start not in bbs:
print(f"bbs[{bb.start:x}] = n")
bbs[bb.start] = n
else:
#!/usr/bin/env python
# author: carstein <*****@*****.**>
# Syscaller - decoreate syscall with arguments
from binaryninja import PluginCommand
from .modules import syscaller
# register plugin
PluginCommand.register_for_function(
"Syscaller\Decorate syscalls in current function",
"Annotate syscalls with arguments in current function",
syscaller.run_plugin_current)
PluginCommand.register(
"Syscaller\Decorate syscalls in all functions",
"Annotate syscalls with arguments in all defined functions",
syscaller.run_plugin_all)
PluginCommand.register(
"Ethersplay-4byte\\update cashed function hashes",
"Re-do lookup of all hash signatures on 4byte.directory, which are stored in the local cache.",
update_cache_bn,
is_valid=is_valid_evm)
PluginCommand.register_for_address(
"Ethersplay-4byte\\Lookup 4byte hash",
"Perform lookup of one hash signature on 4byte.directory",
lookup_one_inst,
is_valid=is_valid_evm)
PluginCommand.register_for_function(
"Ethersplay-4byte\\Lookup 4byte hash for all PUSH4",
"Perform lookup of one hash signature on 4byte.directory",
lookup_all_push4,
is_valid=is_valid_evm)
PluginCommand.register_for_address(
"Ethersplay\\Lookup 4byte hash (4byte.directory)",
"Perform lookup of one hash signature on 4byte.directory",
lookup_one_inst,
is_valid=is_valid_evm)
PluginCommand.register_for_address("Ethersplay-contrib\\Dump CODECOPY to file",
"Dump the result of a codecopy to a file",
dump_codecopy_data,
is_valid=is_valid_evm)
EVM.register()
def markModifiableCode(bv, func):
# Loop over all instructions in the function
for t in (t for bb in func.basic_blocks for t in bb.disassembly_text):
# Find our sub tokens
if not t.tokens[0].text.startswith('sub '):
continue
addr = t.tokens[2].value
# Check if the address is in a basic block
bbs = bv.get_basic_blocks_at(addr)
if len(bbs) == 0:
continue
# Check that this address really is an instruction
for tt in bbs[0].disassembly_text:
if addr - tt.address >= 3 or addr - tt.address < 0:
continue
# Highlight it and add comments
bbs[0].function.set_user_instr_highlight(
tt.address, HighlightStandardColor.RedHighlightColor)
bbs[0].function.set_comment_at(tt.address,
"Modified by 0x%x" % t.address)
func.set_comment_at(t.address,
"Modifies code at 0x%x" % tt.address)
break
PluginCommand.register_for_function('Subleq check modifiable code', 'subleq',
markModifiableCode)
#!/usr/bin/env python
# author: Michal Melewski <*****@*****.**>
# FSS similarity search plugin - version 1
from binaryninja import PluginCommand
import sys
sys.path.append('/home/thomasdullien/.binaryninja/plugins/fss')
from modules import main
plugin = main.Plugin()
# register plugin
PluginCommand.register_for_function(
"[FSS] Save hash",
"Add function to search index",
plugin.save_hash)
PluginCommand.register_for_function(
"[FSS] Save all hashes",
"Add all function to search index",
plugin.save_all_functions)
# register plugin
PluginCommand.register_for_function(
"[FSS] Search for similar functions",
"Run similarity search based on current function hash",
plugin.find_hash)
PluginCommand.register_for_function(
"[FSS] Find similar functions for ALL functions",
param_str: str = get_text_line_input("enter name of parameter",
"parameter name").decode('utf-8')
try:
param = next(p for p in self.func.parameter_vars if p.name == param_str)
parami: int = self.func.parameter_vars.vars.index(param)
except StopIteration:
log_error(f'arg {param_str} not found')
return
# for commercial users
with ThreadPoolExecutor(16) as t:
log_info(f'processing {len(self.func.callers)} callers')
# so i would filter for f.auto
# but the flag is extremely unreliable
for c in self.func.callers:
t.submit(rename_caller, self.func, c, parami)
log_info('renaming done')
def cancel(self): pass
def finish(self): pass
def rename(bv: BinaryView, func: Function):
task = RenameTask(func)
task.start()
PluginCommand.register_for_function(
"rename callers to arg",
"rename all callers of this function to the specified string argument",
rename)
from binaryninja import Architecture, PluginCommand, log
from obfu_hook import ObfuArchHook
from obfu_passes import fix_obfuscation
from obfu_utils import RunInBackground
def fix_obfuscation_command(view, func):
task = RunInBackground('Remove Obfuscation', fix_obfuscation, view, func)
task.start()
def load_arch_hook_command(view):
ObfuArchHook(view.arch).register()
log.log_info('Loaded ObfuArchHook for {0}'.format(view.arch.name))
PluginCommand.register_for_function(
'Fix Obfuscation', 'Fix certain obfuscation methods',
lambda view, func: fix_obfuscation_command(view, func),
lambda view, func: type(view.arch) == ObfuArchHook)
PluginCommand.register('Load ObfuArchHook', 'Loads ObfuArchHook',
lambda view: load_arch_hook_command(view),
lambda view: type(view.arch) != ObfuArchHook)
def run_plugin(bv, addr):
func_start = addr.start
#r2_path = '/home/username/bin/'
#os.environ["PATH"] += os.pathsep + r2_path
try:
r2 = r2pipe.open(bv.file.original_filename)
r2.cmd('aaa')
r2.cmd('s ' + str(func_start))
decompiled_func = r2.cmd('pdd')
if decompiled_func.startswith('Error: no data available'):
r2.cmd('af @ ' + str(func_start))
decompiled_func = r2.cmd('pdd')
show_output(bv, addr.symbol.name, decompiled_func)
r2.quit()
except Exception as err:
if str(err) == "ERROR: Cannot find radare2 in PATH":
print(
"Please add the location of your radare2 binary to your PATH variable"
)
else:
print(err)
PluginCommand.register_for_function("Decompile function",
"Decompile function using r2dec",
run_plugin)
from .display import display_all, display_highlight
from .sort import sort_score, sort_size, sort_callee
from .label import start_time_label, add_label, remove_label
# Register plugin options
PluginCommand.register(
"DeepReflect\\Display\\1. Show ALL Functions",
"Outputs all functions stored in database to BinaryNinja console",
display_all)
PluginCommand.register(
"DeepReflect\\Display\\2. Show Highlighted Functions",
"Outputs highlighted functions stored in database to BinaryNinja console",
display_highlight)
PluginCommand.register_for_function(
"DeepReflect\\Label\\1. Start Time Function Label",
"Add start time for this function", start_time_label)
PluginCommand.register_for_function(
"DeepReflect\\Label\\2. Add Function Label", "Add function's label",
add_label)
PluginCommand.register_for_function(
"DeepReflect\\Label\\3. Remove Function Label", "Remove function's label",
remove_label)
PluginCommand.register("DeepReflect\\Sort\\1. Sort Function Score",
"Sort highlighted functions by score", sort_score)
PluginCommand.register("DeepReflect\\Sort\\2. Sort Function Size",
"Sort highlighted functions by number of basic blocks",
sort_size)
PluginCommand.register("DeepReflect\\Sort\\3. Sort Function Callees",
"Sort highlighted functions by number of callees",
class CallgraphThread(BackgroundTaskThread):
def __init__(self, view, function, mode):
super().__init__('Computing callgraph from {} [{}]...'.format(
function.name, mode))
self.view = view
self.function = function
self.mode = mode
def run(self):
if self.mode == "reversed":
callgraph_reversed(self.view, self.function)
else:
callgraph(self.view, self.function)
def _wrapper(mode):
def f(view, function):
thread = CallgraphThread(view, function, mode)
thread.start()
return f
PluginCommand.register_for_function("BNCallGraph\\Compute callgraph", "",
_wrapper("normal"))
PluginCommand.register_for_function("BNCallGraph\\Compute reversed callgraph",
"", _wrapper("reversed"))
#!/usr/bin/env python # author: carstein <*****@*****.**> # 10k foot view on binary from binaryninja import PluginCommand from modules import function_report # register plugin PluginCommand.register_for_function( "[Keyhole] Function report", "Report about functions in binary", function_report.run_plugin)
#!/usr/bin/env python
# author: Michal Melewski <*****@*****.**>
# FSS similarity search plugin - version 1
from binaryninja import PluginCommand
from modules import main
plugin = main.Plugin()
# register plugin
PluginCommand.register_for_function("[FSS] Save hash",
"Add function to search index",
plugin.save_hash)
# register plugin
PluginCommand.register_for_function(
"[FSS] Search for similar functions",
"Run similarity search based on current function hash", plugin.find_hash)
notification = EditFunctionNotification(view, controller)
view.register_notification(notification)
UIAction.registerAction("Configure BinSync...")
UIActionHandler.globalActions().bindAction("Configure BinSync...",
UIAction(launch_binsync_configure))
Menu.mainMenu("Tools").addAction("Configure BinSync...", "BinSync")
open_control_panel_id = "BinSync: Open control panel"
UIAction.registerAction(open_control_panel_id)
UIActionHandler.globalActions().bindAction(open_control_panel_id,
UIAction(open_control_panel))
Menu.mainMenu("Tools").addAction(open_control_panel_id, "BinSync")
# register the control panel dock widget
dock_handler = DockHandler.getActiveDockHandler()
dock_handler.addDockWidget(
"BinSync: Control Panel",
lambda n, p, d: create_widget(ControlPanelDockWidget, n, p, d, controller),
Qt.RightDockWidgetArea, Qt.Vertical, True)
PluginCommand.register_for_function("Push function upwards",
"Push function upwards",
controller.push_function)
# TODO how can we avoid having users to click on this menu option?
PluginCommand.register("Start Sharing Patches", "Start Sharing Patches",
start_patch_monitor)
PluginCommand.register("Start Sharing Functions", "Start Sharing Functions",
start_function_monitor)
import os
import json
from binaryninja import PluginCommand
from .annotate import *
PluginCommand.register_for_function("Annotate",
"Annotate functions with arguments",
annotate.run_plugin)
bv = BinaryViewType["PE"].open(args.driver)
if not bv:
print("[-] Error loading file: {:s}".format(args.driver),
file=sys.stderr)
return 1
analysis = analyze.Analysis(bv)
analysis.label_driver_dispatch_routines()
if args.ioctls:
analysis.find_ioctls()
if __name__ == "__main__":
cmdline_main()
else:
PluginCommand.register(
"Label Driver Dispatch Routines",
"Label driver dispatch routines for IRPs and other callbacks",
action=label_driver_dispatch_routines)
#PluginCommand.register(
# "Label Callback Routines", "Label callback routines used in common kernel APIs",
# action=label_callback_routines)
PluginCommand.register(
"Find IOCTLs [global]",
"Find supported IOCTLs and generate CTL_CODE macros",
action=find_ioctls)
PluginCommand.register_for_function(
"Find IOCTLs [current function]",
"Find supported IOCTLs and generate CTL_CODE macros",
action=find_ioctls)
#!/usr/bin/env python
# author: carstein <*****@*****.**>
# Annotate function with prototype
import os
import json
from binaryninja import PluginCommand
from modules import annotate
# register plugin
PluginCommand.register_for_function(
"Annotate Functions", "Annotate standard libc functions with arguments",
annotate.run_plugin)
#!/usr/bin/env python
# author: carstein <*****@*****.**>
# Annotate syscalls with prototype
import os
import json
from binaryninja import PluginCommand
from modules import syscaller
# register plugin
PluginCommand.register_for_function("[sysc] Decorate syscalls",
"Annotate syscalls with arguments",
syscaller.run_plugin)
