workflow module¶

`binaryninja.workflow.Activity`([...])	`Activity`
`binaryninja.workflow.AnalysisContext`(handle)	The `AnalysisContext` object is used to represent the current state of analysis for a given function.
`binaryninja.workflow.Workflow`([name, ...])	`Workflow` A Binary Ninja Workflow is an abstraction of a computational binary analysis pipeline and it provides the extensibility mechanism needed for tailored binary analysis and decompilation.
`binaryninja.workflow.WorkflowMachine`([handle])
`binaryninja.workflow.WorkflowMachineCLI`(machine)

class Activity(configuration: str = '', handle: LP_BNActivity | None = None, action: Callable[[Any], None] | None = None)[source]¶

Bases: object

Activity

Parameters:

configuration (str) –
handle (LP_BNActivity | None) –
action (Callable[[Any], None] | None) –

property name: str¶: Activity name (read-only)

class AnalysisContext(handle: LP_BNAnalysisContext)[source]¶

Bases: object

The AnalysisContext object is used to represent the current state of analysis for a given function. It allows direct modification of IL and other analysis information.

Parameters:: handle (LP_BNAnalysisContext) –

inform(request: str) → bool[source]¶

Parameters:: request (str) –
Return type:: bool

property basic_blocks: BasicBlockList¶: function.BasicBlockList of BasicBlocks in the current function (writeable)

property function: Function¶: Function for the current AnalysisContext (read-only)

property hlil: HighLevelILFunction¶: HighLevelILFunction used to represent High Level IL (writeable)

property lifted_il: LowLevelILFunction¶: LowLevelILFunction used to represent lifted IL (writable)

property llil: LowLevelILFunction¶: LowLevelILFunction used to represent Low Level IL (writeable)

property mlil: MediumLevelILFunction¶: MediumLevelILFunction used to represent Medium Level IL (writeable)

class Workflow(name: str = '', handle: LP_BNWorkflow | None = None, query_registry: bool = True, function_handle: LP_BNFunction | None = None)[source]¶

Bases: object

Workflow A Binary Ninja Workflow is an abstraction of a computational binary analysis pipeline and it provides the extensibility mechanism needed for tailored binary analysis and decompilation. More specifically, a Workflow is a repository of activities along with a unique strategy to execute them. Binary Ninja provides two Workflows named core.module.defaultAnalysis and core.function.defaultAnalysis which expose the core analysis.

A Workflow starts in the unregistered state from either creating a new empty Workflow, or cloning an existing Workflow. While unregistered it’s possible to add and remove activities, as well as change the execution strategy. In order to use the Workflow on a binary it must be registered. Once registered the Workflow is immutable and available for use.

Currently, Workflows is disabled by default and can be enabled via Settings:

>>> Settings().set_bool('workflows.enable', True)

Retrieve the default Workflow by creating a Workflow object:

>>> Workflow()
<Workflow: core.module.defaultAnalysis>

Retrieve any registered Workflow by name:

>>> list(Workflow)
[<Workflow: core.function.defaultAnalysis>, <Workflow: core.module.defaultAnalysis>]
>>> Workflow('core.module.defaultAnalysis')
<Workflow: core.module.defaultAnalysis>
>>> Workflow('core.function.defaultAnalysis')
<Workflow: core.function.defaultAnalysis>

Create a new Workflow, show it in the UI, modify and then register it. Try it via Open with Options and selecting the new Workflow:

>>> pwf = Workflow().clone("PythonLogWarnWorkflow")
>>> pwf.show_topology()
>>> pwf.register_activity(Activity("PythonLogWarn", action=lambda analysis_context: log_warn("PythonLogWarn Called!")))
>>> pwf.insert("core.function.basicBlockAnalysis", ["PythonLogWarn"])
>>> pwf.register()

Note

Binary Ninja Workflows is currently under development and available as an early feature preview. For additional documentation see Help / User Guide / Developer Guide / Workflows

Parameters:

name (str) –
handle (LP_BNWorkflow) –
query_registry (bool) –
function_handle (LP_BNFunction) –

activity_roots(activity: Activity | str = '') → List[str][source]¶

activity_roots Retrieve the list of activity roots for the Workflow, or if specified just for the given activity.

Parameters:: activity (str) – if specified, return the roots for the activity
Returns:: list of root activity names
Return type:: list[str]

assign_subactivities(activity: Activity, activities: List[str]) → bool[source]¶

assign_subactivities Assign the list of activities as the new set of children for the specified activity.

Parameters:

activity (str) – the Activity node to assign children
activities (list[str]) – the list of Activities to assign

Returns:

True on success, False otherwise

Return type:

bool

clear() → bool[source]¶

clear Remove all Activity nodes from this Workflow.

Returns:: True on success, False otherwise
Return type:: bool

clone(name: str, activity: Activity | str = '') → Workflow[source]¶

clone Clone a new Workflow, copying all Activities and the execution strategy.

Parameters:

name (str) – the name for the new Workflow
activity (str) – if specified, perform the clone operation using activity as the root

Returns:

a new Workflow

Return type:

Workflow

configuration(activity: Activity | str = '') → str[source]¶

configuration Retrieve the configuration as an adjacency list in JSON for the Workflow, or if specified just for the given activity.

Parameters:: activity (ActivityType) – if specified, return the configuration for the activity
Returns:: an adjacency list representation of the configuration in JSON
Return type:: str

contains(activity: Activity | str) → bool[source]¶

contains Determine if an Activity exists in this Workflow.

Parameters:: activity (ActivityType) – the Activity name
Returns:: True if the Activity exists, False otherwise
Return type:: bool

get_activity(activity: Activity | str) → Activity | None[source]¶

get_activity Retrieve the Activity object for the specified activity.

Parameters:: activity (str) – the Activity name
Returns:: the Activity object
Return type:: Activity

graph(activity: Activity | str = '', sequential: bool = False, show: bool = True) → FlowGraph | None[source]¶

graph Generate a FlowGraph object for the current Workflow and optionally show it in the UI.

Parameters:

activity (str) – if specified, generate the Flowgraph using activity as the root
sequential (bool) – whether to generate a Composite or Sequential style graph
show (bool) – whether to show the graph in the UI or not

Returns:

FlowGraph object on success, None on failure

Return type:

FlowGraph

insert(activity: Activity | str, activities: List[str]) → bool[source]¶

insert Insert the list of activities before the specified activity and at the same level.

Parameters:

activity (str) – the Activity node for which to insert activities before
activities (list[str]) – the list of Activities to insert

Returns:

True on success, False otherwise

Return type:

bool

register(configuration: str = '') → bool[source]¶

register Register this Workflow, making it immutable and available for use.

Parameters:: configuration (str) – a JSON representation of the workflow configuration
Returns:: True on Success, False otherwise
Return type:: bool

register_activity(activity: Activity, subactivities: List[Activity | str] = []) → Activity | None[source]¶

register_activity Register an Activity with this Workflow.

Parameters:

activity (Activity) – the Activity to register
subactivities (list[str]) – the list of Activities to assign

Returns:

True on Success, False otherwise

Return type:

Activity

remove(activity: Activity | str) → bool[source]¶

remove Remove the specified activity.

Parameters:: activity (str) – the Activity to remove
Returns:: True on success, False otherwise
Return type:: bool

replace(activity: Activity | str, new_activity: List[str]) → bool[source]¶

replace Replace the specified activity.

Parameters:

activity (str) – the Activity to replace
new_activity (list[str]) – the replacement Activity

Returns:

True on success, False otherwise

Return type:

bool

show_metrics() → None[source]¶

show_metrics Not yet implemented.

Return type:: None

show_topology() → None[source]¶

show_topology Show the Workflow topology in the UI.

Return type:: None

show_trace() → None[source]¶

show_trace Not yet implemented.

Return type:: None

subactivities(activity: Activity | str = '', immediate: bool = True) → List[str][source]¶

subactivities Retrieve the list of all activities, or optionally a filtered list.

Parameters:

activity (str) – if specified, return the direct children and optionally the descendants of the activity (includes activity)
immediate (bool) – whether to include only direct children of activity or all descendants

Returns:

list of activity names

Return type:

list[str]

property machine¶

property name: str¶

property registered: bool¶

registered Whether this Workflow is registered or not. A Workflow becomes immutable once it is registered.

Type:: bool

class WorkflowMachine(handle: LP_BNFunction | None = None)[source]¶

Bases: object

Parameters:: handle (LP_BNFunction) –

abort()[source]¶

breakpoint_delete(activities)[source]¶

breakpoint_query()[source]¶

breakpoint_set(activities)[source]¶

cli()[source]¶

configure(advanced: bool = True, incremental: bool = False)[source]¶

Parameters:

advanced (bool) –
incremental (bool) –

disable()[source]¶

dump()[source]¶

enable()[source]¶

halt()[source]¶

log(enable: bool = True, is_global: bool = False)[source]¶

Parameters:

enable (bool) –
is_global (bool) –

metrics(enable: bool = True, is_global: bool = False)[source]¶

Parameters:

enable (bool) –
is_global (bool) –

override_clear(activity)[source]¶

override_query()[source]¶

override_set(activity, enable)[source]¶

request(request)[source]¶

reset()[source]¶

resume()[source]¶

run()[source]¶

status()[source]¶

step()[source]¶

class WorkflowMachineCLI(machine: WorkflowMachine)[source]¶

Bases: Cmd

Parameters:: machine (WorkflowMachine) –

do_abort(line)[source]¶: Abort the workflow machine.

do_breakpoint(line)[source]¶: Handle breakpoint commands.

do_configure(line)[source]¶: Configure the workflow machine.

do_disable(line)[source]¶: Disable the workflow machine.

do_dump(line)[source]¶: Dump metrics from the workflow system.

do_enable(line)[source]¶: Enable the workflow machine.

do_halt(line)[source]¶: Halt the workflow machine.

do_log(line)[source]¶: Control workflow logging.

do_metrics(line)[source]¶: Control workflow metrics collection.

do_override(line)[source]¶: Handle override commands.

do_quit(line)[source]¶: Exit the WorkflowMachine CLI.

do_reset(line)[source]¶: Reset the workflow machine.

do_resume(line)[source]¶: Continue/Resume execution of a workflow.

do_run(line)[source]¶: Run the workflow machine and generate a default configuration if the workflow is not configured.

do_status(line)[source]¶: Retrieve the current machine status.

do_step(line)[source]¶: Step to the next activity in the workflow machine.

help(arg)[source]¶

precmd(line)[source]¶: Hook method executed just before the command line is interpreted, but after the input prompt is generated and issued.

aliases = {'a': 'abort', 'b': 'breakpoint', 'c': 'resume', 'd': 'dump', 'h': 'halt', 'l': 'log', 'm': 'metrics', 'o': 'override', 'q': 'quit', 'r': 'run', 's': 'step'}¶

intro = "Welcome to the Workflow Orchestrator. Type 'help' to list available commands."¶

prompt = '(dechora) '¶