Skip to content

Latest commit

 

History

History
81 lines (60 loc) · 3.11 KB

README.md

File metadata and controls

81 lines (60 loc) · 3.11 KB
Raw

Apple Blocks Plugin

Author: Daniel Roethlisberger

Annotation of Apple libclosure blocks.

Description

Type annotation of stack and global blocks, block descriptors, variables closed over and related function signatures in Binary Ninja. Blocks are an implementation of closures often found in C, C++, ObjC and ObjC++ code for Apple platforms. Blocks are not the same as C++ lambdas.

Stack block before annotation:

Screenshot of stack block before annotation

Stack block after annotation:

Screenshot of stack block after annotation

Invoke function before annotation:

Screenshot of invoke function before annotation

Invoke function after annotation:

Screenshot of invoke function after annotation

Commands:

  • Annotate all blocks
  • Annotate all global blocks
  • Annotate all stack blocks
  • Annotate global block here
  • Annotate stack block here
  • Remove plugin comment here

Features:

  • Annotate global blocks
  • Annotate stack blocks
  • Annotate block imported variables for extended layout with compact or bytecode layout encodings
  • Annotate block descriptors
  • Annotate block invoke function type based on encoded block ObjC type signature
  • Annotate block copy and dispose functions
  • Annotate stack byrefs
  • Annotate stack byref fields for non-extended layout
  • Annotate stack byref fields for extended layout with compact or bytecode layout encodings
  • Define per-block named structs to allow for manual fixups
  • Define structs for fully manual annotation: Block_literal, Block_descriptor_1, Block_descriptor_2, Block_descriptor_3, Block_byref_1, Block_byref_2, Block_byref_3.
  • Relevant enums for completeness
  • Support for 64-bit architectures

Planned improvements, PRs welcome:

  • Find stack writes beyond end of struct but within size, between insn that set up structure and first reference of structure, and pick up as non-pointer imported fields
  • Automatically create structs for which internal type info is available, unless they can be pulled from some type archive
  • Allow re-annotating already annotated blocks, e.g. after partial failure or manual changes
  • Plugin command to annotate byrefs manually more conveniently than annotating the type
  • Annotate byref block keep and destroy functions

Less likely to get implemented, but PRs welcome:

  • Support for 32-bit architectures
  • Support older block layout from before the introduction of block descriptors
  • Discover and annotate block stack unwind handlers
  • Find and annotate byrefs passed as arguments

License

This plugin is released under an MIT license.