-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathplugin.json
22 lines (22 loc) · 3.31 KB
/
plugin.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
{
"pluginmetadataversion" : 2,
"name": "wakare-ui",
"type": ["ui", "binaryview"],
"api": ["python3"],
"description": "Loads execution traces from sqlite databases generated by Wakare",
"longdescription": '# wakare-ui\nwakare-ui is a binary ninja plugin providing tools to use the trace databases generated by wakare-converter. You can find the plugin in "Tools/Wakare" within binja.\n\n- Wakare project: https://github.com/lse/wakare\n\n## Installation\nEnable the plugin in the Binary Ninja plugin manager\n\n## Features\n- Basic block listing\n- Basic block coloration\n- Basic block diffing (Difference / Intersection)\n- Branch target resolution (right click on calls/jumps)\n- Supports PIE executables/traces\n\n## Requirements\n- python 3\n- Binary ninja version > 1.11689 (needs UI plugin support)\n- Linux x86_64 -- technically the plugin can be installed\n\n## Screenshot\n\n\n## Example usage\nSometimes when reverse engineering we can encounter C++ libraries making use of virtual calls. This can be troublesome as this resolution happens at runtime and statically all we have is an indirect call. Fortunately using an execution trace we can recover these indirect calls easily. We can take as an example the following code (borrowed from the blog post here: https://blog.trailofbits.com/2017/02/13/devirtualizing-c-with-binary-ninja/).\n\n```cpp\n// Simple virtual function example, based on http://www.cplusplus.com/doc/tutorial/polymorphism/\n// compiled with:\n// x86_64 -> g++ virtual-test.cpp -o virtual-test\n// arm -> arm-linux-gnueabi-g++ virtual-test.cpp -o virtual-test-arm\n#include <iostream>\nusing namespace std;\n\nclass Polygon {\n protected:\n int width, height;\n public:\n void set_values (int a, int b)\n { width=a; height=b; }\n virtual int area ()\n { return 0; }\n virtual int sides ()\n { return 0; }\n};\n\nclass Rectangle: public Polygon {\n public:\n int area ()\n { return width * height; }\n int sides ()\n { return 4; }\n};\n\nclass Triangle: public Polygon {\n public:\n int area ()\n { return (width * height / 2); }\n int sides ()\n { return 3; }\n};\n\nvoid printArea(Polygon* poly)\n{\n cout << poly->area() << endl;\n}\n\nvoid printSides(Polygon* poly)\n{\n cout << poly->sides() << endl;\n}\n\nint main () {\n Rectangle rect;\n Triangle trgl;\n Polygon poly;\n Polygon * ppoly1 = ▭\n Polygon * ppoly2 = &trgl;\n Polygon * ppoly3 = &poly;\n ppoly1->set_values(4,5);\n ppoly2->set_values(4,5);\n ppoly3->set_values(4,5);\n printArea(ppoly1);\n printSides(ppoly1);\n printArea(ppoly2);\n printArea(ppoly3);\n return 0;\n}\n```\n\nIf we load a trace database and try to get the xref from an indirect virtual call we get this:\n',
"license": {
"name": "Full Copyright",
"text": "Copyright (c) 2019 Sideway."
},
"platforms" : ["Linux"],
"installinstructions" : {
"Linux" : "Install the [Wakare](https://github.com/lse/wakare) to generate trace databases.",
},
"dependencies": {
"other": ["This is a UI for [Wakare](https://github.com/lse/wakare) databases."]
},
"version": "0.1",
"author": "Sideway",
"minimumbinaryninjaversion": 1689
}