stringrecognizer module

Class

Description

binaryninja.stringrecognizer.CoreStringRecognizer

class StringRecognizer recognizes custom strings found in high level expressions.

binaryninja.stringrecognizer.CustomStringType

Represents a custom string type. String types contain the name of the string type and the prefix…

binaryninja.stringrecognizer.StringRecognizer

class StringRecognizer recognizes custom strings found in high level expressions.

CoreStringRecognizer

class CoreStringRecognizer[source]

Bases: StringRecognizer

__init__(handle: BNStringRecognizer)[source]
Parameters:

handle (BNStringRecognizer) –

is_valid_for_type(func: HighLevelILFunction, type: Type) bool[source]

Determines if the string recognizer should be called for the given expression type. It is optional to override this method. If the method isn’t overridden, all expression types are passed to the string recognizer.

Parameters:

  • func (HighLevelILFunction) – HighLevelILFunction representing the high level function to be queried

  • type (Type) – Type of the expression

Returns:

True if the expression should be passed to the string recognizer, False otherwise

Return type:

bool

recognize_constant(instr: HighLevelILInstruction, type: Type, val: int) DerivedString | None[source]

Can be overridden to recognize strings for a constant that is not a pointer. The expression type and value of the expression are given. If no string is found for this expression, this method should return None.

If a string is found, return a DerivedString with the string information.

Parameters:
Returns:

Optional DerivedString for any string that is found.

Return type:

DerivedString | None

recognize_constant_pointer(instr: HighLevelILInstruction, type: Type, val: int) DerivedString | None[source]

Can be overridden to recognize strings for a constant pointer. The expression type and value of the expression are given. If no string is found for this expression, this method should return None.

If a string is found, return a DerivedString with the string information.

Parameters:
Returns:

Optional DerivedString for any string that is found.

Return type:

DerivedString | None

recognize_extern_pointer(instr: HighLevelILInstruction, type: Type, val: int, offset: int) DerivedString | None[source]

Can be overridden to recognize strings for an external symbol. The expression type and value of the expression are given. If no string is found for this expression, this method should return None.

If a string is found, return a DerivedString with the string information.

Parameters:

  • instr (HighLevelILInstruction) – High level expression

  • type (Type) – Type of the expression

  • val (int) – Value of the expression

  • offset (int) – Offset into the external symbol

Returns:

Optional DerivedString for any string that is found.

Return type:

DerivedString | None

recognize_import(instr: HighLevelILInstruction, type: Type, val: int) DerivedString | None[source]

Can be overridden to recognize strings for an imported symbol. The expression type and value of the expression are given. If no string is found for this expression, this method should return None.

If a string is found, return a DerivedString with the string information.

Parameters:
Returns:

Optional DerivedString for any string that is found.

Return type:

DerivedString | None

CustomStringType

class CustomStringType[source]

Bases: object

Represents a custom string type. String types contain the name of the string type and the prefix and postfix used to render them in code.

__init__(handle)[source]
static register(name: str, string_prefix='', string_postfix='') CustomStringType[source]

Registers a new custom string type. This can be used when creating new DerivedString objects.

Parameters:

name (str) –

Return type:

CustomStringType

property name: str

Name of the custom string type.

property string_postfix: str

Postfix added after the closing quote in a custom string.

property string_prefix: str

Prefix added before the opening quote in a custom string.

StringRecognizer

class StringRecognizer[source]

Bases: object

class StringRecognizer recognizes custom strings found in high level expressions.

The recognize_constant, recognize_constant_pointer, recognize_extern_pointer, and recognize_import methods will be called for the respective expression types. These methods can return a DerivedString containing the string information if a custom string is found for the expression. The is_valid_for_type method can be optionally overridden to call the recognizer methods only when the expression type matches a custom filter.

__init__(handle=None)[source]
is_valid_for_type(func: HighLevelILFunction, type: Type) bool[source]

Determines if the string recognizer should be called for the given expression type. It is optional to override this method. If the method isn’t overridden, all expression types are passed to the string recognizer.

Parameters:

  • func (HighLevelILFunction) – HighLevelILFunction representing the high level function to be queried

  • type (Type) – Type of the expression

Returns:

True if the expression should be passed to the string recognizer, False otherwise

Return type:

bool

recognize_constant(instr: HighLevelILInstruction, type: Type, val: int) DerivedString | None[source]

Can be overridden to recognize strings for a constant that is not a pointer. The expression type and value of the expression are given. If no string is found for this expression, this method should return None.

If a string is found, return a DerivedString with the string information.

Parameters:
Returns:

Optional DerivedString for any string that is found.

Return type:

DerivedString | None

recognize_constant_pointer(instr: HighLevelILInstruction, type: Type, val: int) DerivedString | None[source]

Can be overridden to recognize strings for a constant pointer. The expression type and value of the expression are given. If no string is found for this expression, this method should return None.

If a string is found, return a DerivedString with the string information.

Parameters:
Returns:

Optional DerivedString for any string that is found.

Return type:

DerivedString | None

recognize_extern_pointer(instr: HighLevelILInstruction, type: Type, val: int, offset: int) DerivedString | None[source]

Can be overridden to recognize strings for an external symbol. The expression type and value of the expression are given. If no string is found for this expression, this method should return None.

If a string is found, return a DerivedString with the string information.

Parameters:

  • instr (HighLevelILInstruction) – High level expression

  • type (Type) – Type of the expression

  • val (int) – Value of the expression

  • offset (int) – Offset into the external symbol

Returns:

Optional DerivedString for any string that is found.

Return type:

DerivedString | None

recognize_import(instr: HighLevelILInstruction, type: Type, val: int) DerivedString | None[source]

Can be overridden to recognize strings for an imported symbol. The expression type and value of the expression are given. If no string is found for this expression, this method should return None.

If a string is found, return a DerivedString with the string information.

Parameters:
Returns:

Optional DerivedString for any string that is found.

Return type:

DerivedString | None

register()[source]

Registers the string recognizer.

property name: str
recognizer_name = None