-
Notifications
You must be signed in to change notification settings - Fork 3
/
__init__.py
80 lines (61 loc) · 2.22 KB
/
__init__.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
"""omfg yes finally i bothered fixing this
Notes:
- The integer size for both tables and headers are the same between 32 and
64-bit, with the exception of certain pointers in the import directory
itself
- Something's weird with the way the raw binaryview works on 64-bit, so
prefer the PE view whenever
- Apparently a binary can export the same function under the same name but
different ordinals. We'll fix this by naming exports as follows:
- export_name
- export_name#2
- export_name#3
- etc...
Todo:
- Proper handling of users loading EAT-less binaries using the load command
- Should I just ignore it? Add it but never look up the BV?
- Use StructuredDataView to get some of the stuff?
https://api.binary.ninja/binaryninja.binaryview.StructuredDataView.html
- Symbol syncing
- Automatically register new views
- Use DB symbol names for exports and imports, especially when using symbol
syncing
- Looks like imports with jump stubs doesn't get their types set correctly?
"""
from binaryninja.plugin import PluginCommand
from binaryninja import log_info
from . import pe_parsing, reports, sync
files = {}
def bv_is_pe(bv):
return bv.view_type == "PE"
def all_bvs(func):
def wrapper(bv):
bvs = files.values()
# bvs = set([bv] + bvs)
func(bvs)
return wrapper
def register_file(bv):
# name = os.path.basename(bv.file.filename).split(".")[0]
name = pe_parsing.get_eat_name(bv)
files[name.lower()] = bv
log_info("Registered PE binary view %r" % name.lower())
PluginCommand.register(
"PE\\Load binary",
"Load the current binary into the PE binary registry",
register_file, is_valid=bv_is_pe
)
PluginCommand.register(
"PE\\Resolve imports",
"Resolve import names and load types",
sync.resolve_imports, is_valid=bv_is_pe
)
PluginCommand.register(
"PE\\Debug\\PE tables",
"Show the IAT and EAT as seen by PE Utils",
reports.generate_table_graph, is_valid=bv_is_pe
)
PluginCommand.register(
"PE\\Debug\\Binary relationship graph",
"Show a relationship graph for the currently loaded BVs",
all_bvs(reports.generate_relation_graph), is_valid=bv_is_pe
)