diff --git a/docs/dev/annotation.md b/docs/dev/annotation.md index 24ff6de01b..98f065e952 100644 --- a/docs/dev/annotation.md +++ b/docs/dev/annotation.md @@ -51,7 +51,7 @@ The tags API has been reworked in 3.4 to be easier to use and understand. ### TagTypes -A [TagType](https://api.binary.ninja/binaryninja.binaryview-module.html#binaryninja.binaryview.TagType) is the object that represents the "type" of tag something is. By default, a binary view starts off with several tag types, include "Bugs," "Crashes," "Important," and so on. +A [TagType](https://api.binary.ninja/binaryninja.binaryview-module.html#binaryninja.binaryview.TagType) is the object that represents the "type" of tag something is. By default, a binary view starts off with several tag types, including "Bugs," "Crashes," "Important," and so on. Before you can create a tag of a type that's not already in the BinaryView, you need to create the tag type. @@ -481,7 +481,7 @@ current_function.parameter_vars[0].type = Type.pointer(bv.arch, Type.char()) >>> bv.get_data_var_at(here).type = Type.char() ``` -#### Applying a type where non exists yet +#### Applying a type where none exists yet In some instances you may need to first create a `DataVariable` before you can set the type at a given location: diff --git a/docs/dev/batch.md b/docs/dev/batch.md index 6377210597..f983a72623 100644 --- a/docs/dev/batch.md +++ b/docs/dev/batch.md @@ -130,7 +130,7 @@ If using a floating license, you can use the [example code](https://api.binary.n ### In-Memory License -For many applications it might be helpful to avoid having a license file on disk. Whether because the environment will be used to analyze malware, or because a docker image might be saved somewhere that the license file needs to be kept secret. (Note: this does not obfuscate the serial number as it can be extracted from memory or even via the API -- an informed attacker can still leak it and network isolation is recommended for analzying malicious applications) +For many applications it might be helpful to avoid having a license file on disk. Whether because the environment will be used to analyze malware, or because a docker image might be saved somewhere that the license file needs to be kept secret. (Note: this does not obfuscate the serial number as it can be extracted from memory or even via the API -- an informed attacker can still leak it and network isolation is recommended for analyzing malicious applications) To use this API, copy the contents of your license file into a string and pass it as an argument to [`core_set_license`](https://api.binary.ninja/#binaryninja.core_set_license) diff --git a/docs/dev/bnil-overview.md b/docs/dev/bnil-overview.md index 3903519f7d..df0447ea9f 100644 --- a/docs/dev/bnil-overview.md +++ b/docs/dev/bnil-overview.md @@ -97,7 +97,7 @@ It represents the lower 32-bits of variable `rax_2`, sign-extended into a 64-bit ## Using the API with ILs -When you want to use the API to access BNIL instructions, here are a few tips that will help you with the task. First, if you want to learn what properties different instructions have, instead of manually using `dir()` or looking in the documentation ([1](https://docs.binary.ninja/dev/bnil-llil.html#the-instructions), [2](https://docs.binary.ninja/dev/bnil-mlil.html#the-instruction-set)) lists is to use the [BNIL Graph](https://github.com/Vector35/community-plugins#:~:text=BNIL%20Instruction%20Graph) plugin. Another very useful plugin is the [IL Hierarch](https://github.com/Vector35/community-plugins#:~:text=into%20Binary%20Ninja.-,ilhierarchy,-Fabian%20Freyer) plugin. This plugin is extremely useful for showing the _structure_ of IL instructions relative to one another. You can use several APIs ([1](https://api.binary.ninja/binaryninja.lowlevelil-module.html#binaryninja.lowlevelil.LowLevelILInstruction.show_llil_hierarchy), [2](https://api.binary.ninja/binaryninja.mediumlevelil-module.html#binaryninja.mediumlevelil.MediumLevelILInstruction.show_mlil_hierarchy), [3](https://api.binary.ninja/binaryninja.highlevelil-module.html#binaryninja.highlevelil.HighLevelILInstruction.show_hlil_hierarchy)) to see this overall structure, but the IL Hierarchy plugin lets you select a single IL instruction and see visually which categories of IL instructions it is in. +When you want to use the API to access BNIL instructions, here are a few tips that will help you with the task. First, if you want to learn what properties different instructions have, instead of manually using `dir()` or looking in the documentation ([1](https://docs.binary.ninja/dev/bnil-llil.html#the-instructions), [2](https://docs.binary.ninja/dev/bnil-mlil.html#the-instruction-set)) lists is to use the [BNIL Graph](https://github.com/Vector35/community-plugins#:~:text=BNIL%20Instruction%20Graph) plugin. Another very useful plugin is the [IL Hierarchy](https://github.com/Vector35/community-plugins#:~:text=into%20Binary%20Ninja.-,ilhierarchy,-Fabian%20Freyer) plugin. This plugin is extremely useful for showing the _structure_ of IL instructions relative to one another. You can use several APIs ([1](https://api.binary.ninja/binaryninja.lowlevelil-module.html#binaryninja.lowlevelil.LowLevelILInstruction.show_llil_hierarchy), [2](https://api.binary.ninja/binaryninja.mediumlevelil-module.html#binaryninja.mediumlevelil.MediumLevelILInstruction.show_mlil_hierarchy), [3](https://api.binary.ninja/binaryninja.highlevelil-module.html#binaryninja.highlevelil.HighLevelILInstruction.show_hlil_hierarchy)) to see this overall structure, but the IL Hierarchy plugin lets you select a single IL instruction and see visually which categories of IL instructions it is in. ![LLIL Hierarchy](../img/llil-hierarchy.png) diff --git a/docs/dev/concepts.md b/docs/dev/concepts.md index 8e70dba72c..14756160ab 100644 --- a/docs/dev/concepts.md +++ b/docs/dev/concepts.md @@ -147,13 +147,13 @@ Generally speaking, scripts should operate on ILs. The available information far ### Instruction Index vs Expression Index -It is easy to confuse ExpressionIndex and InstructionIndex properties in the API. While they [are both integers](https://github.com/Vector35/binaryninja-api/blob/dev/python/highlevelil.py#L49-L50) they mean different things and it's important to keep them straight. The Instruction Index is a unique index for that given IL level for that given function. However, because BNIL is [tree-based](bnil-overview.md), when there are nested expresses the expression index may be needed. These indexes are also unique per-function and per-IL level, but they are _distinct_ from instruction indexes even though they may occasionally be similar since they each start at 0 for a given function! +It is easy to confuse ExpressionIndex and InstructionIndex properties in the API. While they [are both integers](https://github.com/Vector35/binaryninja-api/blob/dev/python/highlevelil.py#L49-L50), they mean different things and it's important to keep them straight. The Instruction Index is a unique index for that given IL level for that given function. However, because BNIL is [tree-based](bnil-overview.md), when there are nested expressions the expression index may be needed. These indexes are also unique per-function and per-IL level, but they are _distinct_ from instruction indexes even though they may occasionally be similar since they each start at 0 for a given function! ### Static Single Assignment Basics Our [BNIL Overview](bnil-overview.md) mentions Static Single Assignment (SSA) without explaining what it is. You can of course always check out [Wikipedia](https://en.wikipedia.org/wiki/Static_single-assignment_form), but here's a quick summary of what it is, why we expose multiple SSA forms of our ILs and how you can use it to improve your plugin writing with BNIL. -At it's simplest, SSA forms of an Intermediate Language or Intermediate Representation are those in which variables are read only. They can be set when created, but not modified. Instead of modifying them, when you make a change, a new "version" of the variable is created denoting that the value has changed in some way. While this certainly makes the form less readable to humans, this means it's actually really easy to walk back and see how a variable has been modified by simply looking at the definition site for a given variable or all possible versions before it. Any time the variable is modified, a new version of that variable will be created (you'll see `#` followed by a number indicating that this is a new version). +At its simplest, SSA forms of an Intermediate Language or Intermediate Representation are those in which variables are read only. They can be set when created, but not modified. Instead of modifying them, when you make a change, a new "version" of the variable is created denoting that the value has changed in some way. While this certainly makes the form less readable to humans, this means it's actually really easy to walk back and see how a variable has been modified by simply looking at the definition site for a given variable or all possible versions before it. Any time the variable is modified, a new version of that variable will be created (you'll see `#` followed by a number indicating that this is a new version). But what if the code takes multiple paths and could have different values depending on the path that was taken? SSA forms use a `Φ` (pronounced either as "fee" or "fi" like "fly" depending on which mathematician or Greek speaker you ask!) function to solve this ambiguity. All a `Φ` function does is aggregate different versions of a variable when entering a basic block with multiple paths. So a basic block with two incoming edges where `eax` is modified might have something like: `eax#3 = Φ(eax#1, eax#2)` denoting that the new version of the variable could have come from either of those sources. diff --git a/docs/dev/cookbook.md b/docs/dev/cookbook.md index e4740a1e3a..f9aee0051d 100644 --- a/docs/dev/cookbook.md +++ b/docs/dev/cookbook.md @@ -195,7 +195,7 @@ As defined by having the highest sum of incoming and outgoing calls. Adjust acco ```python max(bv.functions, key=lambda x: len(x.callers + x.callees)) ``` -j + ### Accessing cross references This recipe is useful for iterating over all of the HLIL cross-references of a given interesting function: diff --git a/docs/dev/documentation.md b/docs/dev/documentation.md index bc0a445ed8..741298844d 100644 --- a/docs/dev/documentation.md +++ b/docs/dev/documentation.md @@ -23,7 +23,7 @@ To contribute to the Binary Ninja documentation, first sign the [contribution li echo API documentation available in build/html ## Changing -Changing documentation for the API itself is fairly straight forward. Use [doxygen style comment blocks](https://www.doxygen.nl/manual/docblocks.html) in C++ and C, and [restructured text blocks](https://sphinx-tutorial.readthedocs.io/step-1/) for python for the source. The user documentation is located in the `api/docs/` folder and the API documentation is generated from the config in the `api/api-docs` folder. +Changing documentation for the API itself is fairly straightforward. Use [doxygen style comment blocks](https://www.doxygen.nl/manual/docblocks.html) in C++ and C, and [restructured text blocks](https://sphinx-tutorial.readthedocs.io/step-1/) for python for the source. The user documentation is located in the `api/docs/` folder and the API documentation is generated from the config in the `api/api-docs` folder. ???+ Info "Tip" When updating user documentation, the `properdocs serve` feature is particularly helpful. diff --git a/docs/getting-started.md b/docs/getting-started.md index 6e0c8601b2..77fcc774ac 100644 --- a/docs/getting-started.md +++ b/docs/getting-started.md @@ -10,7 +10,7 @@ The download links you receive after purchasing expire after 72 hours but as lon ### Linux -Because Linux install locations can vary widely, we do not assume that Binary Ninja has been installed in any particular folder on Linux. Instead, first unzip the installation zip wherever you wish to install Binary Ninja. Next, for paid versions, run `./binaryninja/scripts/linux-setup.sh`. This sets up file associations, icons, and adds Binary Ninja's Python library to your Python path. Adding the library to your path is most helpful for headless functionality in the Commercial and Ultimate editions, but even on the Non-Commercial edition it can help your IDE find the api sources to make plugin development easier. Run the script with `-h` to see customization options. +Because Linux install locations can vary widely, we do not assume that Binary Ninja has been installed in any particular folder on Linux. Instead, first unzip the installation zip wherever you wish to install Binary Ninja. Next, for paid versions, run `./binaryninja/scripts/linux-setup.sh`. This sets up file associations, icons, and adds Binary Ninja's Python library to your Python path. Adding the library to your path is most helpful for headless functionality in the Commercial and Ultimate editions, but even on the Non-Commercial edition it can help your IDE find the API sources to make plugin development easier. Run the script with `-h` to see customization options. ### macOS diff --git a/docs/guide/enterprise/index.md b/docs/guide/enterprise/index.md index 4f2e8bc23b..f93f2ae594 100644 --- a/docs/guide/enterprise/index.md +++ b/docs/guide/enterprise/index.md @@ -104,13 +104,14 @@ Permissions can be set on *users* or *groups* of users. Available permissions ar * **Admin**: Lets the user or group modify the project permissions, in addition to edit permissions #### Server Area -Across the of the Remote Dialog are five buttons: +Across the top of the Remote Dialog are five buttons: * **Refresh**: Refreshes the projects and files shown from the currently active server. * **Connect**/**Disconnect**: Connects to (or disconnect from) an Enterprise server. If connecting, it will show the "Connect to Remote" window (see below). * **Manage Users...**: Opens a dialog that allows adding, editing, and removing users from the current server. (Only available to server administrators.) * **Manage Groups...**: Opens a dialog that allows adding, editing, and removing groups from the current server. (Only available to server administrators.) * **Actions**: Opens a context menu with the following options: + * **Create Project...**: Opens a dialog box for creating a new project. * **Import Local Project...**: Opens a file picker to select a local project to upload in its entirety. * **Edit Properties...**: Opens a dialog box for editing the current project's name and description. diff --git a/docs/guide/index.md b/docs/guide/index.md index ad5549081d..a4002a4ea0 100644 --- a/docs/guide/index.md +++ b/docs/guide/index.md @@ -1,6 +1,6 @@ # User Guide -Welcome to the Binary Ninja User Guide. You'll notice two menus here. On the right is the table of contents for this main page of the user manual. On the left are links to larger topics that have their own pages, including: +Welcome to the Binary Ninja User Guide! You'll notice two menus here. On the right is the table of contents for this main page of the user manual. On the left are links to larger topics that have their own pages, including: ## Directories @@ -40,9 +40,9 @@ The contents of the user folder includes: The following files and folders may be created in the user folder but are not created by default without some additional action: - `keybindings.json`: Custom key bindings (see [key bindings](#custom-hotkeys)) -- `startup.py`: Default python commands run once the UI is loaded in the context of the scripting console +- `startup.py`: Default Python commands run once the UI is loaded in the context of the scripting console - `signatures/`: Any user-created signatures can be stored in platform-specific sub-folders in this location -- `pythonVER/`: Any pip dependencies from plugin manager plugins are installed to the appropriate python version subfolder such as `python310`, or `python311` +- `pythonVER/`: Any pip dependencies from plugin manager plugins are installed to the appropriate Python version subfolder such as `python310`, or `python311` - `symbols/`: Used to store automatically downloaded PDBs - `update/`: Used to store update caches for pending updates - `snippets/`: Used to store snippets created using the official Snippet plugin @@ -232,7 +232,7 @@ Recent files can be opened on double click. They can also be navigated using the The Recent files list can be cleared via using the Command Palette (`[CTRL] + P`) action `Clear All Recent Files`. -Hotkeys (macOS: `[CMD] + 0` - `[CMD] + 9`, Windows/Linux: `[CTRL] + 0` - `[CTRL + 9]`) can also be used to quickly open a file. The hotkey for a given entry will be shown on the right. +Hotkeys (macOS: `[CMD] + 0` - `[CMD] + 9`, Windows/Linux: `[CTRL] + 0` - `[CTRL] + 9`) can also be used to quickly open a file. The hotkey for a given entry will be shown on the right. ### Plugins @@ -312,9 +312,9 @@ Switching views happens multiple ways. In some instances, it is automatic, such ![the sidebar ><](../img/sidebars.png "The Sidebar"){ width = "800" } -Once you have a file open, the sidebar lets you quickly access the most common features as sidebar panels and keeps them available while you work. These panels can be moved both upper left (1) and upper right (2) as well as to the bottom left (3), bottom right (4), and along the bottom left (5) and bottom right (5) in the middle. +Once you have a file open, the sidebar lets you quickly access the most common features as sidebar panels and keeps them available while you work. These panels can be moved to the upper-left (1), upper-right (2), lower-left (3), lower-right (4), bottom-left (5), and bottom-right (6) panel regions. - - 1-2: This section is where the majority of the primarily vertical panels reside. You can only have on larger item here at a time visible. The default behavior is for a click on another panel icon to hide the previous panel. However, this default can be overridden by using `[SHIFT]` click. If overridden, both the old panel and the new panel will be visible. + - 1-2: This section is where the majority of the primarily vertical panels reside. You can only have one larger item here at a time visible. The default behavior is for a click on another panel icon to hide the previous panel. However, this default can be overridden by using `[SHIFT]` click. If overridden, both the old panel and the new panel will be visible. - 3-4: This section is primarily for smaller panels where you may wish to toggle multiple on or off. Clicking a panel here will toggle its visibility without impacting other panels. Note that despite 4 not having any items in it by default, when you drag a panel icon to this region, you'll see the separator that separates 1/2 from 3/4 appear. - 5-6: Primarily for horizontal content, the bottom-most panel icon regions behave much like sections 1-2 except they are applied to two regions in the bottom of the window. Clicking a different icon in this region will switch to that panel, or hide that panel entirely if it is already selected. @@ -343,7 +343,7 @@ The Symbol List shows the following columns by default: Additionally, the following columns are hidden by default and can be enabled by right-clicking the header: -- `Total Bytes`: tn the case of functions, the sum of size of basic blocks +- `Total Bytes`: in the case of functions, the sum of size of basic blocks These columns can be re-arranged, hidden, and used for sorting. @@ -487,7 +487,7 @@ The following are only available when the cross-references pane is in focus: The Console panel by default only contains a single Python scripting console, however it is possible to create additional consoles using the `Create Python Console` command palette item. -For many more details about using the python console, see below in the [Python console documentation](#script-python-console). +For many more details about using the Python console, see below in the [Python console documentation](#script-python-console). ### Variables @@ -536,7 +536,7 @@ The search types are available from a drop-down next to the text input field and - Advanced Binary Search: A new search type using the [bv.search](https://api.binary.ninja/binaryninja.binaryview-module.html#binaryninja.binaryview.BinaryView.search) syntax (supporting regular expressions and wildcard hex strings) - Escaped: Escaped strings such as `OneString\x09\Tabsx09Another` - - Hex: All values much be valid hex characters such as `ebfffc390` and the bytes will only be searched for in this particular order + - Hex: All values must be valid hex characters such as `ebfffc390` and the bytes will only be searched for in this particular order - Raw: A simple string search that matches the exact string as specified - Text: Searches the decompilation or whatever view is currently selected for disassembly, BNIL, or Pseudo C - Constant: Useful for searching for a constant where the byte ordering is handled for you, such as `0x01020304` @@ -729,10 +729,10 @@ The Triage Summary view is intended to give a quick overview of a file. There is files for triage (`File/Open for Triage`) so a high level overview can be viewed before deciding whether to trigger a full analysis. If a file is opened in this way, a button at the bottom appears titled, "Start Full Analysis". -Triage Summary was originally a [python +Triage Summary was originally a [Python plugin](https://github.com/Vector35/binaryninja-api/tree/dev/python/examples/triage) implemented as a proof-of-concept for extending the UI. The functionality was so useful it was re-written in C++ and integrated into the official UI, -however the python plugin contains a feature that the C++ one does not: the ability to resolve some dynamic imports. To +however the Python plugin contains a feature that the C++ one does not: the ability to resolve some dynamic imports. To use this version, copy the folder linked above into your [plugins folder](#user-folder) and disable the built-in C++ UI using the [`corePlugins.triage`](settings.md#corePlugins.triage) setting. @@ -744,14 +744,14 @@ entropy map to navigate to that location in your default view. ### 2. File Info -File Info: The file info section contains some summary information for the file, each result can be clicked to copy +The file info section contains some summary information for the file, each result can be clicked to copy it into your clipboard. ### 3. Headers This section appears only in `BinaryView`s and the exact information depends on the view itself. PE headers are the most detailed and include such items as checksums, characteristics, and compiler strings. Addresses that -existing in the virtual memory space of the file can be clicked to navigate to that location. +exist in the virtual memory space of the file can be clicked to navigate to that location. ### 4. Base Address Detection (BASE) @@ -763,7 +763,7 @@ summary when the file doesn't specify a load address such as a raw or mapped fil switching the view in the upper-left from the `BinaryView` name to `raw` will force the BASE UI to show up in the Triage Summary. -See our recent [blog +See our [blog post](https://binary.ninja/2024/05/21/automatically-identifying-base-addresses.html) for more information on how BASE works. The following settings describe the advanced settings and how they influence the process. @@ -855,7 +855,7 @@ This section contains a list of conditionally-shown tags offering information ab - **Analysis timed out**: Analysis for this function was skipped because it exceeded the maximum allowed time ([`analysis.limits.maxFunctionAnalysisTime`](settings.md#analysis.limits.maxFunctionAnalysisTime)) - **Analysis was skipped (too many updates)**: Analysis was skipped for this function because it caused too many updates ([`analysis.limits.maxFunctionUpdateCount`](settings.md#analysis.limits.maxFunctionUpdateCount)) - **Analysis suppressed**: Analysis was suppressed for this function because analysis of auto-discovered functions was disabled ([`analysis.suppressNewAutoFunctionAnalysis`](settings.md#analysis.suppressNewAutoFunctionAnalysis)) - - **Basic analysis only**: This function only received basis analysis ([`analysis.mode`](settings.md#analysis.mode) was 'basic') + - **Basic analysis only**: This function only received basic analysis ([`analysis.mode`](settings.md#analysis.mode) was 'basic') - **Intermediate analysis only**: This function only received intermediate analysis ([`analysis.mode`](settings.md#analysis.mode) was 'intermediate') - **Unresolved stack usage**: The function has unresolved stack usage - **GP = 0xABCD1234**: The global pointer value is 0xABCD1234 @@ -882,20 +882,24 @@ Pure functions are assumed to have no side effects and may be inlined if their r ### 8. Inline During Analysis -When Inline During Analysis is checked, it causes the function to be [inlined](https://api.binary.ninja/binaryninja.function-module.html#binaryninja.function.Function.inline_during_analysis) during analysis. +When Inline During Analysis is checked, it causes the function to be [inlined](https://api.binary.ninja/binaryninja.function-module.html#binaryninja.function.Function.inline_during_analysis) during analysis. The three options control whether instruction addresses are preserved per function or per call site. -### 9. Clobbered Registers +### 9. Signature Table -This section contains the list of registers that this function clobbers; individual registers can be checked or unchecked. +This section contains the function's return value and parameters as an editable table with columns for index, type, name, source, and location. -### 10. Return Registers +### 10. Clobbered Registers -Return registers shows the list of registers that this function returns data in; individual registers can be checked or unchecked. +This section contains the list of registers that this function clobbers; individual registers can be checked or unchecked. ### 11. Register Stack Adjustments This element is a table containing a row for each register stack (e.g. x87) in the architecture, with the ability to adjust how many registers are removed from each stack when the function returns. +### 12. Function Workflow + +This dropdown selects the [function-level workflow](https://docs.binary.ninja/dev/workflows.html#workflow) which is used to analyze this function. + ## High Level IL ![HLIL Scoping Options >](../img/hlil-scope.png "HLIL Scoping Options"){ width="400" } @@ -1038,7 +1042,7 @@ To trigger the console, either use ``, or use the `View`/`Python Conso When both the Script Console and the Log view are open, the title of both acts as a tab that can be dragged to either a tabbed view showing only one at a time (the default) or a split view showing both. Currently, the console and log views are part of a "Global Area", meaning they are always visible in the same position when switching between open binary tabs in the same window. This means they can only dock with each other, and not with the sidebar or the main pane view area. It is possible to open additional scripting consoles via the `Create Python Console` action in the [command palette](#command-palette), and these new consoles will appear as additional tabs in the topmost, leftmost tab in the global area. Note that `` will always focus the original main scripting console, and while any of the other created consoles can be closed (using the button that will appear when hovering over the right edge of its tab), the original one cannot be closed. -Multi-line input is possible just by doing what you'd normally do in python. If you leave a trailing `:` at the end of a line, the box will automatically turn into a multi-line edit box, complete with a command-history. To submit that multi-line input, use `-`. You can also force multi-line input with `-`. +Multi-line input is possible just by doing what you'd normally do in Python. If you leave a trailing `:` at the end of a line, the box will automatically turn into a multi-line edit box, complete with a command-history. To submit that multi-line input, use `-`. You can also force multi-line input with `-`. The scripting console is not a full IDE, but it has several convenience features that make it more pleasant to use: @@ -1047,15 +1051,15 @@ The scripting console is not a full IDE, but it has several convenience features - `` and `` can be used to view the command-history ???+ Tip "Tip" - All scripting consoles share a single python instance. This is an intentional design choice and has the following benefits: you can create variables in one tab/window and then access it in another. The downside is that if you run a long-running script for example, the console will still be blocked in other tabs and windows. This is a known trade-off and not expected to change. + All scripting consoles share a single Python instance. This is an intentional design choice and has the following benefits: you can create variables in one tab/window and then access it in another. The downside is that if you run a long-running script for example, the console will still be blocked in other tabs and windows. This is a known trade-off and not expected to change. ### Magic Console Variables -The interactive python prompt also has several built-in "magic" functions and variables. Some are read-only, and some are writable to provide convenient interactivity between the UI and console: +The interactive Python prompt also has several built-in "magic" functions and variables. Some are read-only, and some are writable to provide convenient interactivity between the UI and console: - `here` / `current_address`: address of the current selection. It's settable too and will navigate the UI if changed - `current_selection`: a tuple of the start and end addresses of the current selection. It's settable and will change the current selection -- `current_raw_offset`: the file offset that corresponds the current address. It's settable and will navigate to the corresponding file offset +- `current_raw_offset`: the file offset that corresponds to the current address. It's settable and will navigate to the corresponding file offset - `bv` / `current_view` / : the current [`BinaryView`](https://api.binary.ninja/binaryninja.binaryview-module.html#binaryninja.binaryview.BinaryView) - `current_function`: the current [`Function`](https://api.binary.ninja/binaryninja.function-module.html#binaryninja.function.Function) - `current_basic_block`: the current [`BasicBlock`](https://api.binary.ninja/binaryninja.basicblock-module.html#binaryninja.basicblock.BasicBlock) @@ -1085,9 +1089,9 @@ The interactive python prompt also has several built-in "magic" functions and va ### startup.py -The python interpreter can be customized to run scripts on startup using `startup.py` in your user folder. Simply enter commands into that file, and they will be executed every time Binary Ninja starts. By default, it comes with an import helper: +The Python interpreter can be customized to run scripts on startup using `startup.py` in your user folder. Simply enter commands into that file, and they will be executed every time Binary Ninja starts. By default, it comes with an import helper: - # Commands in this file will be run in the interactive python console on startup + # Commands in this file will be run in the interactive Python console on startup from binaryninja import * From here, you can add any custom functions or objects you want to be available in the console. If you want to restore the original copy of `startup.py` at any time, simply delete the file and restart Binary Ninja. A fresh copy of the above will be generated. @@ -1097,7 +1101,7 @@ From here, you can add any custom functions or objects you want to be available ???+ Danger "Warning" When you run commands in the scripting console, the UI will automatically update analysis. This is because quite often when you make a change in the console you expect it to be immediately reflected in the UI. The same is not true when running a script where you must trigger `bv.update_analysis_and_wait()` or `current_function.reanalyze()` to experience the same behavior. -The "Run Script..." option in the File Menu allows loading a python script from your filesystem and executing it +The "Run Script..." option in the File Menu allows loading a Python script from your filesystem and executing it within the console. It can also be run via the Command Palette or bound to a key. The script will have access to the same variables the Python console does, including the built-in special functions and @@ -1121,7 +1125,7 @@ Plugins can be installed by one of two methods. First, they can be installed via ![plugin manager](../img/plugin-manager.png "Plugin Manager"){ width="1000" } -Second, they can be manually installed by adding the plugin (either a `.py` file or a folder implementing a python module with a `__init__.py` file) to the appropriate path: +Second, they can be manually installed by adding the plugin (either a `.py` file or a folder implementing a Python module with a `__init__.py` file) to the appropriate path: - macOS: `~/Library/Application Support/Binary Ninja/plugins/` - Linux: `~/.binaryninja/plugins/` diff --git a/docs/guide/kernelcache.md b/docs/guide/kernelcache.md index 80423d7d92..96a5276984 100644 --- a/docs/guide/kernelcache.md +++ b/docs/guide/kernelcache.md @@ -1,7 +1,7 @@ # Kernel Cache Kernel Cache support in Binary Ninja provides you with tools to selectively load specific images, search for -specific symbols, and follow analysis references between any images loaded from an `kernelcache` in one view. +specific symbols, and follow analysis references between any images loaded from a `kernelcache` in one view. Our support for `kernelcache` is largely open source. The supporting code can be found in our public API repository [here](https://github.com/Vector35/binaryninja-api/tree/dev/view/kernelcache). Instructions for setting up your development environment and building plugins like this yourself can be found in our [Developer Guide](../dev/plugins.md#writing-native-plugins). Contributions are welcome! diff --git a/docs/guide/migration/ghidra/index.md b/docs/guide/migration/ghidra/index.md index 3e02ffc59c..752612c834 100644 --- a/docs/guide/migration/ghidra/index.md +++ b/docs/guide/migration/ghidra/index.md @@ -79,11 +79,11 @@ Binary Ninja's layout is also a bit different from what you're used to in Ghidra ![xref icon >](../../../img/xref-icon.png "Xref Icon") -The default behavior of cross-references to open in a tabbed reference UI element simila to how ghidra does it, however the `X` hotkey is used by default (and can be changed in the [keybindings UI](index.md#custom-hotkeys)). +The default behavior of cross-references to open in a tabbed reference UI element similar to how ghidra does it, however the `X` hotkey is used by default (and can be changed in the [keybindings UI](index.md#custom-hotkeys)). ### Theme -This doesn't exactly have to do with your layout, but it go a long way towards making the interface feel a bit more familiar. We have an expansive list of [community themes](https://github.com/Vector35/community-themes), and [a guide](../../../dev/themes.md) and a [blog post](https://binary.ninja/2021/07/08/creating-great-themes.html) on how to make your own. The built-in "Classic" theme should feel nostalgic, but if you're looking for a light theme that's slightly easier on the eyes, try out Summer or Solarized Light. +This doesn't exactly have to do with your layout, but it goes a long way towards making the interface feel a bit more familiar. We have an expansive list of [community themes](https://github.com/Vector35/community-themes), and [a guide](../../../dev/themes.md) and a [blog post](https://binary.ninja/2021/07/08/creating-great-themes.html) on how to make your own. The built-in "Classic" theme should feel nostalgic, but if you're looking for a light theme that's slightly easier on the eyes, try out Summer or Solarized Light. ### Feature Map diff --git a/docs/guide/migration/index.md b/docs/guide/migration/index.md index 032193886e..a01d99a2bd 100644 --- a/docs/guide/migration/index.md +++ b/docs/guide/migration/index.md @@ -1,10 +1,10 @@ # Migrating from Other Tools -Thank you for trying Binary Ninja! We know that it can be a bit different from what you're used to, so this page dedicated to getting you oriented in your new favorite decompiler! +Thank you for trying Binary Ninja! We know that it can be a bit different from what you're used to, so this page is dedicated to getting you oriented in your new favorite decompiler! If you haven't already installed Binary Ninja, you can follow our [installation guide](../../getting-started.md#installing-binary-ninja). -And be sure to check out some of our additional resource below before you click away! +And be sure to check out some of our additional resources below before you click away! We have quick start guides for the following: diff --git a/docs/guide/migration/migrationguideida.md b/docs/guide/migration/migrationguideida.md index 083d545ee1..684e73cbc3 100644 --- a/docs/guide/migration/migrationguideida.md +++ b/docs/guide/migration/migrationguideida.md @@ -49,7 +49,7 @@ Some major exceptions are: ![xref icon >](../../img/xref-icon.png "Xref Icon") -The hotkey for Cross-References in Binary Ninja will match your IDA muscle-memory, however the look is simlar to Ghidra with a pinned UI element containing tabs for references. To get the full IDA experience, change the [`ui.defaultXrefInterface`](../settings.md#ui.defaultXrefInterface) setting to `dialog`. +The hotkey for Cross-References in Binary Ninja will match your IDA muscle-memory, however the look is similar to Ghidra with a pinned UI element containing tabs for references. To get the full IDA experience, change the [`ui.defaultXrefInterface`](../settings.md#ui.defaultXrefInterface) setting to `dialog`. ![xref icon >](../../img/xref-setting.png "Xref Icon") diff --git a/docs/guide/plugins.md b/docs/guide/plugins.md index a064f9679c..824e41ec8b 100644 --- a/docs/guide/plugins.md +++ b/docs/guide/plugins.md @@ -36,7 +36,7 @@ In addition to finding plugins by name or description content, the search box in - `@installed` to only show installed plugins - `@enabled` to only show enabled plugins - - `@disabled` to show plugins that are installed but not enabled) + - `@disabled` to show plugins that are installed but not enabled - `@update_available` to show plugins that have updates to install - `@failed_to_load` to show plugins that failed to load diff --git a/docs/guide/types/attributes.md b/docs/guide/types/attributes.md index c2f01992fb..34aa122159 100644 --- a/docs/guide/types/attributes.md +++ b/docs/guide/types/attributes.md @@ -72,7 +72,7 @@ struct Foo }; ``` -## Structures with Base Classes and Inheritence +## Structures with Base Classes and Inheritance See [Working with C++ Types and Virtual Function Tables](cpp.md). diff --git a/docs/guide/types/index.md b/docs/guide/types/index.md index 375533af8b..ce4328fe25 100644 --- a/docs/guide/types/index.md +++ b/docs/guide/types/index.md @@ -1,6 +1,6 @@ # Working with Types, Structures, and Symbols -There's so many things to learn about working with Types in Binary Ninja that we've organized it into several sections! +There are so many things to learn about working with Types in Binary Ninja that we've organized it into several sections! - [Basic Type Editing](basictypes.md): Brief overview of the basics - [Working with Types](type.md): Interacting with types in disassembly and decompilation diff --git a/docs/guide/types/type.md b/docs/guide/types/type.md index 9b0306b442..bfaeab0730 100644 --- a/docs/guide/types/type.md +++ b/docs/guide/types/type.md @@ -88,7 +88,7 @@ Here's a more detailed explanation about the various workflows: 1. In linear/graph view, if the selection is a variable that is not a structure, a dialog pops up and asks you to create a structure. You can specify the structure's name and size. There is also a checkbox that asks you whether the variable's type should be the structure itself or a pointer to the structure. 2. In linear/graph view, if the selection is a variable that is not a structure, and it happens to be the result of a memory allocation routine, e.g., `malloc`, a new structure will be created and its size is automatically determined (if possible). The variable's type will be a pointer to the structure. -3. In linear/graph/types view, If you select a variable whose type is a structure, or a pointer to a structure, BN will try to create all structure field at any offset that has been accessed in the code. +3. In linear/graph/types view, If you select a variable whose type is a structure, or a pointer to a structure, BN will try to create all structure fields at any offset that has been accessed in the code. 4. In linear/graph/types view, If you select a StructOffsetToken, BN will try to create a structure member at the current offset. The automatic member creation mentioned in #3 and #4 takes into consideration both incoming and outgoing type information for the accessed offsets and selects the most confident one as the type for the offset. diff --git a/docs/img/efp-dialog-diagram.png b/docs/img/efp-dialog-diagram.png index ebd8a96b36..cd7a5e3d34 100644 Binary files a/docs/img/efp-dialog-diagram.png and b/docs/img/efp-dialog-diagram.png differ