We take this binary:
and this source snippet:
to make this:
This serves just as a minimal proof of concept that one may be able to compile limited snippets of code, such as a single function, to BinaryNinja's HLIL for the purposes of matching it against HLIL generated from a compiled binary and propagating information from the source to the BNDB.
This example is only complete enough to compile hello world, and to copy comments from source to the BNDB.
Graph matching is also only complete enough to do basically just an exact match.
It's just a POC.
To run this:
- Have BinaryNinja installed (plus the headless API)
./test_matching_algo.py- Open
output.bndbin BinaryNinja and look at the main function - Say "oohh" and "aahh"
or
- Put this folder into your user plugins folder
- Open the example binary in Binary Ninja
- Copy the source for the main function from
example.c - Right Click->Plugins->Annotate Binary From Source
- Paste source, hit "ok"
- Say "oohh" and "aahh"
File list:
- gecil.py - This is the compiler
- gecil.lark - This is the EBNF/Lark grammar I'm using to parse C
- test_matching_algo.py - Is the exemplary graph-matching/artifact propagation "engine"
- hlil.py - Is a bunch of garbage you should ignore; HLIL in the BN API doesn't have the required APIs to "create" arbitrary instructions, so copy/pasted/fixed that up
- example.c - The file used for the test matching algo
- example - compiled with
gcc example.c -o example - requirements.txt - you need to have
lark-parserinstalled to run this demo/POC