|
1 | | -# native-predicate-solver |
| 1 | +# Native Predicate Solver |
| 2 | +Author: **ScriptWare Software** |
2 | 3 |
|
3 | | -Native opaque predicate cleaner plugin for Binary Ninja |
| 4 | +_Native C++ Binary Ninja plugin for removing opaque predicates_ |
| 5 | + |
| 6 | +## Description: |
| 7 | + |
| 8 | +This plugin removes conditional branches that always evaluate to the same value. Written in C++ for speed - faster than the [Python version](https://github.com/Vector35/OpaquePredicatePatcher/), especially on large binaries. Uses multiple threads to process functions in parallel, and will iteratively perform passes through functions to clean up newly uncovered opaque predicates. |
| 9 | + |
| 10 | +### Example |
| 11 | + |
| 12 | +Before: |
| 13 | + |
| 14 | + |
| 15 | +After: |
| 16 | + |
| 17 | + |
| 18 | +## Installation Instructions |
| 19 | + |
| 20 | +### Windows |
| 21 | + |
| 22 | +Copy to: `%APPDATA%\Binary Ninja\plugins\` |
| 23 | + |
| 24 | +### Linux |
| 25 | + |
| 26 | +Copy to: `~/.binaryninja/plugins/` |
| 27 | + |
| 28 | +### Darwin (macOS) |
| 29 | + |
| 30 | +Copy to: `~/Library/Application Support/Binary Ninja/plugins/` |
| 31 | + |
| 32 | +## Usage |
| 33 | + |
| 34 | +Click → `Plugins` → `Native Predicate Solver`: |
| 35 | +- `Patch Opaque Predicates (Current Function)` - Patches current function only |
| 36 | +- `Patch Opaque Predicates (All Functions)` - Patches entire binary |
| 37 | + |
| 38 | +## Settings |
| 39 | + |
| 40 | +Found in Binary Ninja Settings under "Native Predicate Solver": |
| 41 | + |
| 42 | +| Setting | Default | Description | |
| 43 | +|---------|---------|-------------| |
| 44 | +| Max passes per function | 10 | Times to re-analyse each function | |
| 45 | +| Max global passes | 20 | Times to re-analyse entire binary | |
| 46 | +| Thread count | 8 | Worker threads for parallel processing | |
| 47 | + |
| 48 | +## How It Works |
| 49 | + |
| 50 | +1. Scans MLIL for conditional branches |
| 51 | +2. Checks if conditions are constant (always true/false) |
| 52 | +3. Patches them: |
| 53 | + - Always false → NOP (removes branch) |
| 54 | + - Always true → Unconditional jump |
| 55 | +4. Repeats until no more predicates found |
| 56 | + |
| 57 | +## Minimum Version |
| 58 | + |
| 59 | +This plugin was developed via this version of Binary Ninja: |
| 60 | + |
| 61 | +* 5.0 |
| 62 | + |
| 63 | +## Required Dependencies |
| 64 | + |
| 65 | +The following dependencies are required for this plugin: |
| 66 | + |
| 67 | +* None (all dependencies are included in the Binary Ninja API) |
| 68 | + |
| 69 | +## License |
| 70 | + |
| 71 | +This plugin is released under a MIT license. |
| 72 | + |
| 73 | +## Metadata Version |
| 74 | + |
| 75 | +2 |
0 commit comments