Alexander Hanel alexander-hanel

Binary Ninja Python API Cheat Sheet

This is a work in progress by someone who is learning about Binary Ninja.

References

Metadata Details

Get database name

Program Analysis

Status: in progress

Logic

Intro to Formal Logic — Peter smith
Intermediate Logic - David Bostock
Natural Logic — Neil Tennant
A mathematical intro to logic — Herber Enderton
Logic and Structure — Dirk van Dalen

Originally created on 2016-11-06

The Fundamentals of Sharing for Malware Analyst

In most organizations malware analysts are tasked to produce a deliverable derived from static or dynamic analysis. The deliverable could be to extract indicators, understand functionality, write a report or something similar. During this process the analyst will create a number of files and artifacts. These files could be IDBs, memory dumps, yara signature, decoder scripts, pcaps, notes, etc. Once the task has been completed the analyst submits their deliverable and then moves on. In many organizations the files and artifacts are not stored in a way that are accessible to others, which is a shame. Having the data and analysis accessible to others has many positive benefits.

Promotes sharing of processes and knowledge between analyst.
Removes duplication of labor by allowing analyst to build off of previous research and analysis.
Intellectual property and artifacts are not lost when an analyst leaves the organiz

Prevent distractions within slack by making the sidebar black.

Slack > Settings > Themes > Create a Custom Theme > "Copy and paste these values to share your custom theme with others"

Cut and paste the following values

#000000,#000000,#000000,#000000,#000000,#000000,#000000,#000000,#000000,#000000

Warmup Routine

This is my current warmup routine. I have been doing variations of it for over 10 years. I usually row or jump rope for 5 minutes and then do the warmup which typically takes about 10 minutes. Once warmed-up I start with squats and then I do a combination of overhead press, bent-over row, bench-press or deadlifts.

Upper Back and Spine Foam Rolling

Source: Becoming a Supple Leopard 2nd Edition: The Ultimate Guide to Resolving Pain, Preventing Injury, and Optimizing Athletic Performance
Note: No timelimit

Side-plank Foam Foller IT-Bands

Source: Combination of Supple Leopard, Limber 11 (link) and McGill 3
Note: No timelimit, focus on areas that trigger pain

	import idautils
	import subprocess
	import os

	GOBIN = r"C:\Program Files\Go\bin"


	def extract_name(func_name):
	sp = func_name.split(".")
	# if the start of a function is not upper case it is not exportable

	import idautils
	import subprocess
	import os
	import re
	import json
	import sys

	GOBIN = r"C:\Program Files\Go"

	from binaryninja import lowlevelil

	DEBUG = False

	def get_rc4_xor_instru(instr):
	if not instr:
	return False
	if DEBUG:
	print(hex(instr.address), instr)
	for oper in instr.operands:

	import re
	from anytree import Node, RenderTree, find

	"""
	Author: Alexander Hanel
	Description: POC for displaying function names as a folder-like structure. Relies on function names being labled with a pdb.
	Version: 0.5 - 2023/04/10
	Execution: open script in IDA, run export_layout() to save to file or export_layout() to print to command line
	TODO:
	- review how mangled names are used in IDA. I'm seeing some strange results.

	import ctypes

	class BYTE2UUID(ctypes.Structure):
	"""
	Variant 2 UUIDs
	https://en.wikipedia.org/wiki/Universally_unique_identifier#Encoding
	"""
	_fields_ = [
	("time_low", ctypes.c_uint), ("time_mid", ctypes.c_ushort), ("time_hi_and_version", ctypes.c_ushort),
	("clock_seq_hi_and_res", ctypes.c_char * 2), ("node", ctypes.c_char * 6)