Native binaryninja support based on rust API

weggli-rs / weggli

weggli is a fast and robust semantic search tool for C and C++ codebases. It is designed to help security researchers identify interesting functionality in large codebases.

Apache License 2.0

2.34k stars 130 forks source link

Native binaryninja support based on rust API #37

Open fabianfreyer opened 2 years ago

fabianfreyer commented 2 years ago

This is some rudimentary binaryninja support based on the stuff in https://github.com/Vector35/binaryninja-api/pull/2890.

For now this is mostly a proof-of-concept, and there are a lot of performance improvements that can (and should) be made. It's not yet ready for merging because:

~~it depends on the changes in https://github.com/Vector35/binaryninja-api/pull/2890 which are unlikely to land without some changes to them~~
the binaryninja rust API isn't stable
it could use some prioritization based on identifiers in the query like in @mmaekr's binaryninja script ( #1 / #32 )
~~line numbers are off, and could probably use replacement with function addresses.~~

This is what it looks like, for now:

felixwilhelm commented 2 years ago

Thanks for the PR. This looks like a fun feature, I wasn't aware that binaryninja has a working rust API. A couple of stupid questions (related to this PR and #32):

Could we extend this to support binary ninja databases? I guess most users would like to run this against a db of some bigger target that they are currently reversing?
Is it possible to a write Rust plugin equivalent to #32 and skip the whole Python interface?
With this and #32 weggli would have two different integrations with binja. Maybe it would make more sense to turn this PR into a standalone CLI tool that dumps the decompiled code on the filesystem? That would also enable the use of other tools like joern, semgrep or ripgrep.

fabianfreyer commented 2 years ago

yes. In fact, the current API should support this already (although it seems to not work for some reason)
yes, this was next on my todo list. In fact I'd like to even add some pane similar to the functions list where you can type a query in a pane and have clickable references in a list update when you press enter. Problem is that the rust API isn't stable and still pretty new, and a lot is missing from it still, so I had to add some of the missing functionality in https://github.com/Vector35/binaryninja-api/pull/2890
yes, see https://github.com/Vector35/binaryninja-api/pull/2890/commits/ae8f69683e1d2fd35f8f1e4f49933fd24f64035d. That should probably do it.

fabianfreyer commented 2 years ago

Now that https://github.com/Vector35/binaryninja-api/pull/2890 landed, I guess it mostly is a question of whether this is mergeable given that the rust bindings aren't considered stable yet.

There are probably some performance improvements that could be made, but that could be a future iteration.

fabianfreyer commented 2 years ago

@felixwilhelm regarding question 1) above:

Could we extend this to support binary ninja databases? I guess most users would like to run this against a db of some bigger target that they are currently reversing?

My previous comment "although it seems to not work for some reason" doesn't apply anymore. This has been fixed by https://github.com/Vector35/binaryninja-api/pull/3029.

Opening a BNDB now works.

fabianfreyer commented 2 years ago

Rebased this on current main.