tsunekoh kohnakagawa

Binary Ninja Python API Cheat Sheet

This is a work in progress by someone who is learning about Binary Ninja.

References

Metadata Details

Get database name

シンボルファイルのダウンロードはもう無くなったそうです。デバッガに付属の symchk.exe でダウンロードします。

以下は Visual Studio 2019 のデフォルトのキャッシュディレクトリにシンボルファイルをダウンロードする例：

symchk /r C:\Windows\SysWOW64 /s SRV*%TEMP%\SymbolCache*https://msdl.microsoft.com/download/symbols
symchk /r C:\Windows\System32 /s SRV*%TEMP%\SymbolCache*https://msdl.microsoft.com/download/symbols

ちょっと罠なのは：

Visual Studio の最新をインストールしていると SDK の最新が入った状態になるけれど symchk が無いみたい

Foreward

This document was originally written several years ago. At the time I was working as an execution core verification engineer at Arm. The following points are coloured heavily by working in and around the execution cores of various processors. Apply a pinch of salt; points contain varying degrees of opinion.

It is still my opinion that RISC-V could be much better designed; though I will also say that if I was building a 32 or 64-bit CPU today I'd likely implement the architecture to benefit from the existing tooling.

Mostly based upon the RISC-V ISA spec v2.0. Some updates have been made for v2.2

Original Foreword: Some Opinion

The RISC-V ISA has pursued minimalism to a fault. There is a large emphasis on minimizing instruction count, normalizing encoding, etc. This pursuit of minimalism has resulted in false orthogonalities (such as reusing the same instruction for branches, calls and returns) and a requirement for superfluous instructions which impacts code density both in terms of size and

非破壊 TypeSctript

mizchi / TypeScript Meetup 2

About

mizchi / 竹馬光太郎
フロントエンドと Node.js

Alphanumeric shellcode on RISC-V

Although common on x86, it was initially believed that it was not possible to make alphanumeric shellcode for ARM. Later it turned out it was.

Similar to that, I wondered if it was possible to make alphanumeric shell-code for RISC-V.

(Basic shellcode in RISC-V Linux provides a good introduction to shellcode for RISC-V, including how to avoid NUL bytes.)

First, I enumerated all the possible instructions that could be formed from these characters with a little Rust program and generated some statistics.

	Original by LinuS Henze for iOS16: https://gist.github.com/LinusHenze/4cd5d7ef057a144cda7234e2c247c056

	Following his format I updated it for macOS Sonoma (14) and I guess it's the same for iOS17, but didn't cross check.

	Constraint Categories:
	Category 0:
	Self Constraint: N/A
	Parent Constraint: N/A

	Category 1:

	/*
	Compile:

	gcc -framework Foundation -framework AppKit screenshot.m -o screenshot
	*/

	#import <Foundation/Foundation.h>
	#import <AppKit/AppKit.h>

	int main(void) {

	# IDA (disassembler) and Hex-Rays (decompiler) plugin for Apple AMX
	#
	# WIP research. (This was edited to add more info after someone posted it to
	# Hacker News. Click "Revisions" to see full changes.)
	#
	# Copyright (c) 2020 dougallj


	# Based on Python port of VMX intrinsics plugin:
	# Copyright (c) 2019 w4kfu - Synacktiv

	#include <stdio.h>
	#include <stdlib.h>
	#include <libproc.h>
	#include <mach/mach.h>

	bool
	has_modifications(struct task_extmod_info *info)
	{
	if ((info->extmod_statistics.thread_creation_count > 0) \|\|
	(info->extmod_statistics.thread_set_state_count > 0)) {

	from binaryninja import *

	log_to_stderr(1)

	def get_syscall_no(zwf):
	for b in zwf.basic_blocks:
	for i in b.get_disassembly_text():
	if str(i).startswith("syscall"):
	eax = zwf.get_reg_value_at(i.address, "eax")
	if eax.type == RegisterValueType.ConstantValue: