Initial Files

AdamR05 · AdamR05 · commit 1360242679f4 · 2025-06-10T18:00:18.000+01:00
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,4 @@
+build
+/.vs
+binaryninjaapi
+.claude
diff --git a/.gitmodules b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "binaryninjaapi"]
+	path = binaryninjaapi
+	url = https://github.com/Vector35/binaryninja-api
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -0,0 +1,43 @@
+# MIT License
+# 
+# Copyright (c) 2015-2024 Vector 35 Inc
+# 
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+# 
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+
+cmake_minimum_required(VERSION 3.24)
+set(CMAKE_OSX_ARCHITECTURES "x86_64;arm64")
+project(NativePredicateSolver CXX)
+
+set(CMAKE_CXX_STANDARD 17)
+
+set(HEADLESS 1)
+find_path(
+        BN_API_PATH
+        NAMES binaryninjaapi.h mediumlevelilinstruction.h
+        # List of paths to search for the clone of the api
+        HINTS ../.. binaryninjaapi $ENV{BN_API_PATH}
+        REQUIRED
+)
+add_subdirectory(${BN_API_PATH} api)
+
+add_library(${PROJECT_NAME} SHARED library.cpp)
+
+target_link_libraries(${PROJECT_NAME} PUBLIC binaryninjaapi)
+
+bn_install_plugin(${PROJECT_NAME})
diff --git a/CMakeSettings.json b/CMakeSettings.json
@@ -0,0 +1,27 @@
+﻿{
+  "configurations": [
+    {
+      "name": "x64-Debug",
+      "generator": "Ninja",
+      "configurationType": "Debug",
+      "inheritEnvironments": [ "msvc_x64_x64" ],
+      "buildRoot": "${projectDir}\\out\\build\\${name}",
+      "installRoot": "${projectDir}\\out\\install\\${name}",
+      "cmakeCommandArgs": "",
+      "buildCommandArgs": "",
+      "ctestCommandArgs": ""
+    },
+    {
+      "name": "x64-Release",
+      "generator": "Ninja",
+      "configurationType": "Release",
+      "buildRoot": "${projectDir}\\out\\build\\${name}",
+      "installRoot": "${projectDir}\\out\\install\\${name}",
+      "cmakeCommandArgs": "",
+      "buildCommandArgs": "",
+      "ctestCommandArgs": "",
+      "inheritEnvironments": [ "msvc_x64_x64" ],
+      "variables": []
+    }
+  ]
+}
diff --git a/LICENSE b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Script-Ware Software
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/README.md b/README.md
@@ -0,0 +1,3 @@
+# native-predicate-solver
+
+Native opaque predicate cleaner plugin for Binary Ninja
diff --git a/binaryninjaapi b/binaryninjaapi
@@ -0,0 +1 @@
+Subproject commit 67ae186d19ef585d17ee5085340e66b5b35011fd
diff --git a/library.cpp b/library.cpp
@@ -0,0 +1,170 @@
+#include "library.h"
+
+using namespace BinaryNinja;
+
+extern "C"
+{
+    BN_DECLARE_CORE_ABI_VERSION
+
+    BINARYNINJAPLUGIN bool CorePluginInit()
+    {
+        PluginCommand::Register(
+            "Native Predicate Solver\\Patch Opaque Predicates (Current Function)",
+            "Patch opaque predicates in current function",
+            [](BinaryView* view) {
+                uint64_t addr = view->GetCurrentOffset();
+                auto functions = view->GetAnalysisFunctionsContainingAddress(addr);
+                if (functions.empty()) {
+                    LogWarn("No function at current address 0x%llx", addr);
+                    return;
+                }
+                
+                auto func = functions[0];
+                auto mlil = func->GetMediumLevelIL();
+                if (!mlil) {
+                    LogWarn("No MLIL available for function at 0x%llx", func->GetStart());
+                    return;
+                }
+                
+                auto arch = func->GetArchitecture();
+                if (!arch) {
+                    LogWarn("Failed to get architecture for function");
+                    return;
+                }
+                
+                std::string funcName = func->GetSymbol() ? func->GetSymbol()->GetShortName() : "sub_" + std::to_string(func->GetStart());
+                LogInfo("[+] Processing %s", funcName.c_str());
+                
+                int totalPatches = 0;
+                int pass = 1;
+                const int maxPasses = 10;
+                
+                while (pass <= maxPasses) {
+                    int patchCount = 0;
+                    size_t instructionCount = mlil->GetInstructionCount();
+                    
+                    for (size_t i = 0; i < instructionCount; ++i) {
+                        auto instr = mlil->GetInstruction(i);
+                        if (instr.operation != MLIL_IF)
+                            continue;
+                        
+                        auto val = mlil->GetExprValue(instr.GetConditionExpr());
+                        if (val.state == BNRegisterValueType::ConstantValue) {
+                            if (val.value == 0) {
+                                if (view->IsNeverBranchPatchAvailable(arch, instr.address)) {
+                                    view->ConvertToNop(arch, instr.address);
+                                    patchCount++;
+                                }
+                            } else {
+                                if (view->IsAlwaysBranchPatchAvailable(arch, instr.address)) {
+                                    view->AlwaysBranch(arch, instr.address);
+                                    patchCount++;
+                                }
+                            }
+                        }
+                    }
+                    
+                    totalPatches += patchCount;
+                    
+                    if (patchCount == 0)
+                        break;
+                    
+                    view->UpdateAnalysis();
+                    pass++;
+                }
+                
+                LogInfo("[+] Completed: %d patches applied to %s", totalPatches, funcName.c_str());
+            });
+
+        PluginCommand::Register(
+            "Native Predicate Solver\\Patch Opaque Predicates (All Functions)",
+            "Recursively patch opaque predicates in all functions until none remain",
+            [](BinaryView* view) {
+                LogInfo("[+] Starting recursive patching for entire binary");
+                
+                int globalPass = 1;
+                int totalGlobalPatches = 0;
+                
+                while (true) {
+                    auto functions = view->GetAnalysisFunctionList();
+                    int globalPatchCount = 0;
+                    size_t funcNum = 0;
+                    
+                    for (auto func : functions) {
+                        funcNum++;
+                        
+                        auto mlil = func->GetMediumLevelIL();
+                        if (!mlil || mlil->GetInstructionCount() == 0)
+                            continue;
+                        
+                        auto arch = func->GetArchitecture();
+                        if (!arch)
+                            continue;
+                        
+                        int funcPatches = 0;
+                        int pass = 1;
+                        
+                        while (pass <= 10) {
+                            int patchCount = 0;
+                            
+                            for (size_t i = 0; i < mlil->GetInstructionCount(); ++i) {
+                                auto instr = mlil->GetInstruction(i);
+                                if (instr.operation != MLIL_IF)
+                                    continue;
+                                
+                                auto val = mlil->GetExprValue(instr.GetConditionExpr());
+                                if (val.state == BNRegisterValueType::ConstantValue) {
+                                    if (val.value == 0) {
+                                        if (view->IsNeverBranchPatchAvailable(arch, instr.address)) {
+                                            view->ConvertToNop(arch, instr.address);
+                                            patchCount++;
+                                        }
+                                    } else {
+                                        if (view->IsAlwaysBranchPatchAvailable(arch, instr.address)) {
+                                            view->AlwaysBranch(arch, instr.address);
+                                            patchCount++;
+                                        }
+                                    }
+                                }
+                            }
+                            
+                            funcPatches += patchCount;
+                            
+                            if (patchCount == 0)
+                                break;
+                            
+                            view->UpdateAnalysis();
+                            pass++;
+                        }
+                        
+                        if (funcPatches > 0) {
+                            globalPatchCount += funcPatches;
+                        }
+                    }
+                    
+                    totalGlobalPatches += globalPatchCount;
+                    LogInfo("[+] Pass %d: %d patches applied", globalPass, globalPatchCount);
+                    
+                    if (globalPatchCount == 0)
+                        break;
+                    
+                    globalPass++;
+                    
+                    if (globalPass > 20) {
+                        LogWarn("[!] Maximum passes reached");
+                        break;
+                    }
+                    
+                    view->UpdateAnalysis();
+                }
+                
+                LogInfo("[+] Completed: %d total patches applied", totalGlobalPatches);
+            });
+
+        return true;
+    }
+
+    BINARYNINJAPLUGIN void CorePluginDependencies()
+    {
+    }
+}
diff --git a/library.h b/library.h
@@ -0,0 +1,32 @@
+// MIT License
+// 
+// Copyright (c) 2015-2024 Vector 35 Inc
+// 
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to deal
+// in the Software without restriction, including without limitation the rights
+// to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+// copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+// 
+// The above copyright notice and this permission notice shall be included in all
+// copies or substantial portions of the Software.
+// 
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+// OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+// SOFTWARE.
+
+#ifndef NATIVE_PREDICATE_SOLVER_LIBRARY_H
+#define NATIVE_PREDICATE_SOLVER_LIBRARY_H
+
+#include "binaryninjaapi.h"
+#include "mediumlevelilinstruction.h"
+#include <string>
+#include <exception>
+#include <fstream>
+#include <sstream>
+#endif //NATIVE_PREDICATE_SOLVER_LIBRARY_H

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +build
 +/.vs
 +binaryninjaapi
 +.claude
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+[submodule "binaryninjaapi"]`
	`2`	`+ path = binaryninjaapi`
	`3`	`+ url = https://github.com/Vector35/binaryninja-api`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+# native-predicate-solver`
	`2`	`+`
	`3`	`+Native opaque predicate cleaner plugin for Binary Ninja`