Created
February 4, 2020 20:28
-
-
Save defunctio/54aa2b02e3c100fb4fa030b81be2c373 to your computer and use it in GitHub Desktop.
simple example of BN functionrecognizer
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from binaryninja.functionrecognizer import FunctionRecognizer | |
| from binaryninja.enums import MediumLevelILOperation, BranchType | |
| from binaryninja.log import log | |
| class CheckArgRec(FunctionRecognizer): | |
| def recognize_medium_level_il(self, data, func, il): | |
| for edge in il.basic_blocks[0].outgoing_edges: | |
| if edge.type == BranchType.FalseBranch: | |
| for i in edge.target: | |
| if i.operation == MediumLevelILOperation.MLIL_CALL: | |
| if len(i.operands) == 3 and len(i.operands[2]) == 2 and i.operands[2][1].value == 0x2f: | |
| il.source_function.name = 'validate_args' | |
| return True | |
| return False | |
| CheckArgRec().register_global() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment