The wait is over, the decompiler beta is live! Current customers can try it on dev, others can check out cloud.
Binary Ninja Deep Thoughts
1.3 Released
Thankfully the wait from 1.2 to 1.3 was much less than last time. Our goal is to aim for quarter releases as often as possible, and yet we still managed to pack in a large number of fixes and features into just a few months.
As always, another good reference for what has changed is our list of closed issues.
If you just want the highlights, here’s a short list of some of the most noticeable new features:
The rest of the updates are in the following sections:
Semi-Smart Structures
One of our favorite new features of 1.3 is our more intelligent structure creation. With the 2.0 release with decompiler looming, we want to really focus on improving the structure creation workflow and we’ve started the process in 1.3. You can check things out by trying the following new workflows:
  • Highlight the return value from common allocation routines like malloc, or VirtualAlloc in an IL view and press S. This will automatically create a structure of the appropriate size.
  • Select a read or write operation at an offset from a structure and press S to automatically create a structure member
  • Select multiple bytes in linear view and press 1, 2, 4, 8, d, a, o, -, s to quickly create or modify types and structures. This even works inside of existing structures with undefined sections.
Function Fingerprinting
While 1.2 brought a new type library (with even more libraries expected shortly), those are only applicable to situations where you have dynamically linked applications with external functions whose prototypes you’d like to apply. What about statically compiled binaries? The ability to create function fingerprints and apply them to a statically compiled binary is a critically important feature that is now shipping.
Function Fingerprinting Before/After - Figure 1
You can not only create your own libraries, but we’re also rolling out an extensive set of libraries you’ll be able to download on-demand in future updates. Access this new feature in: Tools/Run Analysis Module/Signature Matcher. Keep an eye on the blog for an upcoming entry dedicated to this feature.
  • Feature: Can rebase loaded Binary Views (available via File/Rebase or the Command-Palette if rebasing is possible for that file)
  • Feature: Rebase support for existing BNDBs (using open with options)
  • Feature: maxLookupTableSize setting configures maximum jump table size
  • Feature: Concatenation of simple ranges for dataflow analysis (accessible via .possible_values in ILs)
  • Feature: Added byte range inference on byte size loads for dataflow
  • Feature: Add support for constant propagated dispatch table analysis
  • Feature: Ability to modify/define jump tables by simply changing the type at the table location (use y on the base of the table to change the size and the jump table will automatically adjust)
  • Improved: Jump table solving and convergence
  • Improved: Now overriding call types per call-site (helpful for variadic functions–access via right-click Override Call Type...)
  • Improved: Reduced memory overhead, especially for large functions
  • Improved: Better __noreturn detection
  • Improved: Handling of demangled structures
  • Improved: Coerce DataSymbol to FunctionSymbol when it’s actually a function
  • Fixed: Stale basic block case label annotations
File Formats
  • Fixed: Duplicate external symbols in ELF files
  • Fixed: Relocation handling for files loaded with a custom image base
  • Fixed: Relocation handling for Mach-O symbol tables with a custom image base
  • Improved: Lifting of conditional set instructions on x86
  • Improved: Lifting for ARM64 conditional INC/INV/NEG/SET and LDA* instructions
  • Improved: Concrete flags for x86 neg and xor
  • Improved: Allow read only section semantics to be recognized in overlapping sections
  • Fixed: Tailcall translation for thumb2 architecture
  • Fixed: Lifting of x86 instructions with lock prefix


You need to reply or upgrade your account in order to see the Hidden content.

Similar threads