-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy path__init__.py
58 lines (51 loc) · 1.84 KB
/
__init__.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
#
# Description:
# This is a Binary Ninja plugin that allows you to decompile all the codebase in
# HLIL, so that you can do interesting things at the source level.
#
# Author:
# Wei Chen (atxsinn3r)
# https://github.com/atxsinn3r/BinjaHLILDump
#
from binaryninja import *
import re
import platform
class HlilDump(BackgroundTaskThread):
def __init__(self, bv, dest):
BackgroundTaskThread.__init__(self, 'Dumping HLIL...', True)
self.bv = bv
self.dest = dest
def normalize_path(self, path):
if 'Windows' in platform.system():
# https://gist.github.com/doctaphred/d01d05291546186941e1b7ddc02034d3
return re.sub(r'[><:"/\\|\?\*]', '_', path)
else:
return re.sub(r'/', '_', path)
def run(self):
count = 1
print("Number of functions to decompile: %d" %(len(self.bv.functions)))
for function in self.bv.functions:
function_name = "sub_%x" %(function.start)
symbol = self.bv.get_symbol_at(function.start)
if hasattr(symbol, 'short_name'):
func_short_name = symbol.short_name
if len(self.dest) + len(func_short_name) <= 255:
function_name = func_short_name
print("Dumping function: %s" %(function_name))
self.progress = "Dumping HLIL: %d/%d" %(count, len(self.bv.functions))
source = '\n'.join(map(str, function.hlil.root.lines))
dest_name = os.path.join(self.dest, self.normalize_path(function_name))
f = open(dest_name, 'w')
f.write(source)
f.close()
count += 1
print('Done.')
def dump_hlil(bv, function):
dest = get_directory_name_input('Destination')
if dest == None:
print('No destination directory provided to save the decompiled source')
return
dest = str(dest.decode())
dump = HlilDump(bv, dest)
dump.start()
PluginCommand.register_for_address('HLIL Dump', 'Dumps HLIL for the whole code base', dump_hlil)