| License | MIT |
|---|---|
| Maintainer | hello@bloombit.dev |
| Stability | alpha |
| Safe Haskell | None |
| Language | Haskell2010 |
Binja.AnalysisContext
Description
Binja.AnalysisContext extracts and lifts low level types from binary ninja into Beluga's central
abstraction. This is the recommended interface for most users.
- Reasons not to use:
- Less data than AnalysisContext provides is required and have limited hardware.
- AnalysisContext is fixed to the SSA variant of Medium Level IL.
- Reasons to use:
- Extracts and lifts the common types required by most program analysis in a single call.
- Abstracts away many low level FFI calls and types.
- Creates a single type that can be queried in pure functions (no further IO calls required for most analysis). This lends itself to making things easier in creating parallel code.
Synopsis
- create :: String -> String -> IO AnalysisContext
- symbolAt :: AnalysisContext -> Word64 -> Maybe Symbol
- callers :: AnalysisContext -> FunctionContext -> Set Symbol
- extractCallDestSymbol :: AnalysisContext -> MediumLevelILSSAInstruction -> Maybe Symbol
- close :: AnalysisContext -> IO ()
Documentation
Arguments
| :: String | Filename to an executable or an existing binja database (bndb) |
| -> String | Options in json format |
| -> IO AnalysisContext |
Derive an AnalysisContext from a given filename and json-formatted binja options.
Warning: every function contains a MLIL SSA variant; otherwise this function will throw an exception.
Suggested minimum settings:
- Set analysis.mode.maxFunctionSize to 0 (disables max function size)
- Set analysis.mode.maxFunctionAnalysisTime to 0 (disables timeouts)
- Set analysis.mode` to intermediate to disable HLIL generation
symbolAt :: AnalysisContext -> Word64 -> Maybe Symbol Source #
Acquire the symbol at address if one exists.
callers :: AnalysisContext -> FunctionContext -> Set Symbol Source #
Given a function context iterate all instructions to:
- Find call instructions
- Resolve symbols which are called when possible via extractCallDestSymbol
Assumption: It is assumed the function context is present in the functions field of AnalysisContext.
extractCallDestSymbol :: AnalysisContext -> MediumLevelILSSAInstruction -> Maybe Symbol Source #
Given a call instruction attempt to recover the destination symbol (symbol that is called). There are many patterns that could occur. Currently only constant destinations are supported. In the future a cocktail of patterns will be supported. Further reading: A Cocktail Approach to Practical Call Graph Construction
close :: AnalysisContext -> IO () Source #
Must be called once finished with an AnalysisContext to avoid handle leak. Suggested pattern: Bracket Pattern