Base address detection widget in Triage view

Initial implementation of base address detection UI widget in triage
summary

Author: zznop

basedetection.cpp

@@ -0,0 +1,77 @@
+// Copyright (c) 2015-2024 Vector 35 Inc
+//
+// Permission is hereby granted, free of charge, to any person obtaining a copy
+// of this software and associated documentation files (the "Software"), to
+// deal in the Software without restriction, including without limitation the
+// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+// sell copies of the Software, and to permit persons to whom the Software is
+// furnished to do so, subject to the following conditions:
+//
+// The above copyright notice and this permission notice shall be included in
+// all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+// IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+// AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+// LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+// FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+// IN THE SOFTWARE.
+
+#include "binaryninjaapi.h"
+
+using namespace BinaryNinja;
+using namespace std;
+
+
+BaseAddressDetection::BaseAddressDetection(Ref<BinaryView> bv)
+{
+    m_object = BNCreateBaseAddressDetection(bv->GetObject());
+}
+
+
+BaseAddressDetection::~BaseAddressDetection()
+{
+    BNFreeBaseAddressDetection(m_object);
+}
+
+
+bool BaseAddressDetection::DetectBaseAddress(BaseAddressDetectionSettings& settings)
+{
+    BNBaseAddressDetectionSettings bnSettings = {
+        settings.Architecture.c_str(),
+        settings.Analysis.c_str(),
+        settings.MinStrlen,
+        settings.Alignment,
+        settings.LowerBoundary,
+        settings.UpperBoundary,
+        settings.POIAnalysis,
+        settings.MaxPointersPerCluster,
+    };
+
+    return BNDetectBaseAddress(m_object, bnSettings);
+}
+
+
+void BaseAddressDetection::Abort()
+{
+    return BNAbortBaseAddressDetection(m_object);
+}
+
+
+bool BaseAddressDetection::IsAborted()
+{
+    return BNIsBaseAddressDetectionAborted(m_object);
+}
+
+
+std::set<std::pair<size_t, uint64_t>> BaseAddressDetection::GetScores(BaseAddressDetectionConfidence* confidence)
+{
+    std::set<std::pair<size_t, uint64_t>> result;
+    BNBaseAddressDetectionScore scores[10];
+    size_t numCandidates = BNGetBaseAddressDetectionScores(m_object, scores, 10,
+        (BNBaseAddressDetectionConfidence *)confidence);
+    for (size_t i = 0; i < numCandidates; i++)
+        result.insert(std::make_pair(scores[i].Score, scores[i].BaseAddress));
+    return result;
+}

basedetection.h

@@ -17378,6 +17378,61 @@ namespace BinaryNinja {
 			const std::function<void(Symbol*, Type*)>& add);
 		void Process();
 	};
+
+	struct BaseAddressDetectionSettings
+	{
+		std::string Architecture;
+		std::string Analysis;
+		uint32_t MinStrlen;
+		uint32_t Alignment;
+		uint64_t LowerBoundary;
+		uint64_t UpperBoundary;
+		BNBaseAddressDetectionPOISetting POIAnalysis;
+		uint32_t MaxPointersPerCluster;
+	};
+
+	enum BaseAddressDetectionConfidence
+	{
+		NoConfidence = 0,
+		LowConfidence = 1,
+		HighConfidence = 2,
+	};
+
+	/*!
+		\ingroup baseaddressdetection
+	*/
+	class BaseAddressDetection
+	{
+		BNBaseAddressDetection* m_object;
+
+	public:
+		BaseAddressDetection(Ref<BinaryView> view);
+		~BaseAddressDetection();
+
+		/*! Analyze program, identify pointers and points-of-interest, and detect candidate base addresses
+
+			\param settings Base address detection settings
+			\return true on success, false otherwise
+		 */
+		bool DetectBaseAddress(BaseAddressDetectionSettings& settings);
+
+		/*! Get the top 10 candidate base addresses and thier scores
+
+			\param confidence Confidence level that the top base address candidate is correct
+			\return Set of pairs containing candidate base addresses and their scores
+		 */
+		std::set<std::pair<size_t, uint64_t>> GetScores(BaseAddressDetectionConfidence* confidence);
+
+		/*! Abort base address detection
+		 */
+		void Abort();
+
+		/*! Determine if base address detection is aborted
+
+			\return true if aborted by user, false otherwise
+		 */
+		bool IsAborted();
+	};
 }  // namespace BinaryNinja
 
 

binaryninjaapi.h

@@ -279,6 +279,7 @@ extern "C"
 	typedef struct BNExternalLibrary BNExternalLibrary;
 	typedef struct BNExternalLocation BNExternalLocation;
 	typedef struct BNProjectFolder BNProjectFolder;
+	typedef struct BNBaseAddressDetection BNBaseAddressDetection;
 
 	//! Console log levels
 	typedef enum BNLogLevel
@@ -3157,6 +3158,63 @@ extern "C"
 		ConflictSyncStatus
 	} BNSyncStatus;
 
+	typedef enum BNBaseAddressDetectionPOISetting
+	{
+		POI_ANALYSIS_STRINGS_ONLY,
+		POI_ANALYSIS_FUNCTIONS_ONLY,
+		POI_ANALYSIS_ALL,
+	} BNBaseAddressDetectionPOISetting;
+
+	typedef enum BNBaseAddressDetectionPOIType
+	{
+		POI_STRING,
+		POI_FUNCTION,
+		POI_DATA_VARIABLE,
+		POI_FILE_START,
+		POI_FILE_END,
+	} BNBaseAddressDetectionPOIType;
+
+	typedef enum BNBaseAddressDetectionConfidence
+	{
+		CONFIDENCE_UNASSIGNED,
+		CONFIDENCE_LOW,
+		CONFIDENCE_HIGH,
+	} BNBaseAddressDetectionConfidence;
+
+	typedef struct BNBaseAddressDetectionSettings
+	{
+		const char* Architecture;
+		const char* Analysis;
+		uint32_t MinStrlen;
+		uint32_t Alignment;
+		uint64_t LowerBoundary;
+		uint64_t UpperBoundary;
+		BNBaseAddressDetectionPOISetting POIAnalysis;
+		uint32_t MaxPointersPerCluster;
+	} BNBaseAddressDetectionSettings;
+
+	typedef struct BNBaseAddressDetectionReason
+	{
+		uint64_t Pointer;
+		uint64_t POIOffset;
+		BNBaseAddressDetectionPOIType BaseAddressDetectionPOIType;
+	} BNBaseAddressDetectionReason;
+
+	typedef struct BNBaseAddressDetectionScore
+	{
+		size_t Score;
+		uint64_t BaseAddress;
+	} BNBaseAddressDetectionScore;
+
+	typedef struct BNBaseAddressDetectionResults
+	{
+		BNBaseAddressDetectionConfidence Confidence;
+		BNBaseAddressDetectionScore** Scores;
+		BNBaseAddressDetectionReason** Reasons;
+		char* ErrorStr;
+		uint64_t LastTestedBaseAddress;
+	} BNBaseAddressDetectionResults;
+
 	BINARYNINJACOREAPI char* BNAllocString(const char* contents);
 	BINARYNINJACOREAPI void BNFreeString(char* str);
 	BINARYNINJACOREAPI char** BNAllocStringList(const char** contents, size_t size);
@@ -6988,6 +7046,14 @@ extern "C"
 	BINARYNINJACOREAPI bool BNBinaryViewPullTypeArchiveTypes(BNBinaryView* view, const char* archiveId, const char* const* archiveTypeIds, size_t archiveTypeIdCount, char*** updatedArchiveTypeIds, char*** updatedAnalysisTypeIds,  size_t* updatedTypeCount);
 	BINARYNINJACOREAPI bool BNBinaryViewPushTypeArchiveTypes(BNBinaryView* view, const char* archiveId, const char* const* typeIds, size_t typeIdCount, char*** updatedAnalysisTypeIds, char*** updatedArchiveTypeIds,  size_t* updatedTypeCount);
 
+	// Base Address Detection
+	BINARYNINJACOREAPI BNBaseAddressDetection* BNCreateBaseAddressDetection(BNBinaryView *view);
+	BINARYNINJACOREAPI bool BNDetectBaseAddress(BNBaseAddressDetection* bad, BNBaseAddressDetectionSettings& settings);
+	BINARYNINJACOREAPI size_t BNGetBaseAddressDetectionScores(BNBaseAddressDetection* bad,
+		BNBaseAddressDetectionScore* scores, size_t count, BNBaseAddressDetectionConfidence* confidence);
+	BINARYNINJACOREAPI void BNAbortBaseAddressDetection(BNBaseAddressDetection* bad);
+	BINARYNINJACOREAPI bool BNIsBaseAddressDetectionAborted(BNBaseAddressDetection* bad);
+	BINARYNINJACOREAPI void BNFreeBaseAddressDetection(BNBaseAddressDetection* bad);
 #ifdef __cplusplus
 }
 #endif