# License activation
bn-license -i license.dat
# Command line interface
binaryninja-cli --help
binaryninja-cli --version| Shortcut | Action | Description |
|---|---|---|
| G | Go to address | Jump to specific location |
| Esc | Back | Return to previous view |
| Tab | Toggle views | Switch between views |
| Space | Graph/Linear | Toggle graph/linear view |
| P | Functions | List all functions |
| / | Search | Global search |
| ; | Comment | Add comment at current address |
| Command | Purpose |
|---|---|
| Analysis | Start/stop analysis |
| Update Analysis | Refresh analysis |
| Run Plugin | Execute specific plugin |
| Load Symbols | Import symbol files |
-
Linear View
- Traditional disassembly view
- Sequential instruction display
-
Graph View
- Control flow visualization
- Basic block relationships
-
HLIL View
- High-level IL representation
- C-like decompilation
-
LLIL View
- Low-level IL representation
- Architecture-independent view
# Basic script structure
from binaryninja import *
def analyze_binary(bv):
# Get current function
current_function = bv.entry_function
# Iterate through functions
for function in bv.functions:
# Analysis code here
pass
# Load binary
bv = BinaryViewType.get_view_of_file("binary")
analyze_binary(bv)# Access LLIL
function.llil
# Common operations
LLIL_SET_REG
LLIL_LOAD
LLIL_STORE
LLIL_CALL
LLIL_RET# Access HLIL
function.hlil
# Common operations
HLIL_VAR_DECLARE
HLIL_VAR
HLIL_CALL
HLIL_WHILE
HLIL_IF# Create structure
struct = Structure()
struct.append(Type.int(), "field1")
struct.append(Type.pointer(Type.int()), "field2")
# Apply type
function.set_user_type(struct)from binaryninja import *
class ExamplePlugin(PluginCommand):
def __init__(self):
super(ExamplePlugin, self).__init__(
"Example Plugin",
"Plugin description"
)
def execute(self, bv):
# Plugin code here
pass| Operation | Command | Description |
|---|---|---|
| Modify Bytes | Write to offset | Change binary content |
| NOP Out | Convert to NOPs | Replace with NO-OP instructions |
| Add Section | Create section | Add new binary section |
| Save | Write modifications | Save changes to file |
# Get data flow graph
dfg = function.data_flow_graph
# Analyze variables
for var in function.vars:
# Variable analysis
uses = var.uses
definitions = var.definitions| Command | Purpose |
|---|---|
| Find References | Locate all xrefs |
| Code References | Find code usage |
| Data References | Find data usage |
| Feature | Description |
|---|---|
| Set Breakpoint | Create execution break |
| Step | Single instruction step |
| Run | Continue execution |
| Registers | View/modify registers |
# Get function info
start = function.start
end = function.end
size = function.total_bytes
name = function.name
# Basic blocks
for block in function.basic_blocks:
# Block analysis
pass# Search for pattern
pattern = "48 89 5C 24 ??"
results = bv.find_pattern(pattern)
# Search in function
function.find_pattern(pattern)-
Use Type Libraries
- Import standard headers
- Create custom types
- Apply types for better analysis
-
Leverage IL
- Use HLIL for logic understanding
- LLIL for detailed analysis
- MLIL for optimization
-
Custom Views
- Create task-specific views
- Customize existing views
- Use split view for comparison