Example platform plugin that fixes fentry calls in Binja

Related tags

Miscellaneousbinja-fentry
Overview

Example Binja Platform Plugin

This is an example Binja platform plugin which fixes up linux kernel module calls to __fentry__. __fentry__ is the linux kernel function tracing framework that you can read more about here.

The problem, as far as Binja is concerned, is that fentry calls clobber registers on entry to the function, effectively discarding the functions actual arguments from analysis. For example, from the decompilation we would see:

00000050  int64_t kernote_ioctl()
       00000050  kernote_ioctl:
   0 @ 00000050  int64_t rdx_2
   1 @ 00000050  int32_t rsi_2
   2 @ 00000050  rdx_2, rsi_2 = __fentry__()
   ...

Note that the ioctl call has no parameters, and __fentry__ clobbers rdx and rsi. The solution is to create a calling convetion that modifies nothing, then automatically apply it to all of our fentry calls, which is exactly what this plugin does. With this plugin, we now see:

00000050  int64_t kernote_ioctl(int64_t arg1, int32_t arg2, int64_t arg3)
       00000050  kernote_ioctl:
   0 @ 00000050  __fentry__()
   ...

Ideally this plugin will be rolled into Binja's default linux platform types and be made obsolete. This code should be easily adaptable to apply a custom calling convention to any external call.

Owner
_yrp
_yrp
GitHub Repository
JHBuild is a tool designed to ease building collections of source packages, called “modules”.

JHBuild README JHBuild is a tool designed to ease building collections of source packages, called “modules”. JHBuild was originally written for buildi

GNOME Github Mirror 46 Nov 22, 2022
Function Plotter✨

Function-Plotter Build With : Python PyQt5 unittest matplotlib Getting Started This is an list of needed instructions to set up your project locally,

Ahmed Lotfy 3 Jan 06, 2022
Takes output from RedLime's SpeedRunIGT mod (igt_timer.log) to get the top run retime as per the rules in speedrun.com/mc as well as generating a new file which is a copy of igt_timer.log which specifies what type of pause each one was.

top-run-time Takes output from RedLime's SpeedRunIGT mod (igt_timer.log) to get the top run retime as per the rules in speedrun.com/mc as well as gene

Meera 2 May 12, 2022
This is a project for socks card label validation where the socks card is validated comparing with the correct socks card whose coordinates are stored in the database. When the test socks card is compared with the correct socks card(master socks card) the software checks whether both test and master socks card mathches or not.

Automation_in_socks_label_validation THEME: MACHINE LEARNING This is a project for socks card label validation where the socks card is validated compa

Shyam Krish 3 Apr 21, 2022
A program made in PYTHON🐍 that automatically performs data insertions into a POSTGRES database 🐘 , using as base a .CSV file 📁 , useful in mass data insertions

A program made in PYTHON🐍 that automatically performs data insertions into a POSTGRES database 🐘 , using as base a .CSV file 📁 , useful in mass data insertions.

Davi Galdino 1 Oct 17, 2022
This python application let you check for new announcements from MMLS, take attendance while your lecturer is sharing QR Code on the screen.

This python application let you check for new announcements from MMLS, take attendance while your lecturer is sharing QR Code on the screen.

wyhong3103 5 Jul 17, 2022
A companion web application to connect stash to deovr

stash-vr-companion This is a companion web application to connect stash to deovr. Stash is a self hosted web application to manage your porn collectio

19 Sep 29, 2022
Ellipitical Curve Table Generator

Ellipitical-Curve-Table-Generator This script generates a table of elliptical po

Nishaant Goswamy 1 Jan 02, 2022
Structural basis for solubility in protein expression systems

Structural basis for solubility in protein expression systems Large-scale protein production for biotechnology and biopharmaceutical applications rely

ProteinQure 16 Aug 18, 2022
Demodulate and error correct FIS-B and ADS-B signals on 978 MHz.

FIS-B 978 ('fisb-978') is a set of programs that demodulates and error corrects FIS-B (Flight Information System - Broadcast) and ADS-B (Automatic Dep

2 Nov 15, 2022
Cup Noodle Vending Maching Ordering Queue

Noodle-API Cup Noodle Vending Machine Ordering Queue Install dependencies in virtual environment python3 -m venv

Jonas Kazlauskas 1 Dec 09, 2021
Python language from the beginning.

Python For Beginners Python Programming Language ♦️ Python is a very powerful and user friendly programming language. ❄️ ♦️ There are some basic sytax

Randula Yashasmith Mawaththa 6 Sep 18, 2022
Installer, package manager, build wrapper and version manager for Piccolo

Piccl Installer, package manager, build wrapper and version manager for Piccolo

1 Dec 19, 2021
This is a Python script to detect rapid upwards price changes (pumps) in a cryptocurrency pairing

A python script to detect a rapid upwards price brekout (pump) in a cryptocurrency pairing, through pandas and Binance API.

3 May 25, 2022
Wannier & vASP Postprocessing module

WASPP module Wannier90 & vASP Postprocessing module with functionalities I needed during my PhD. Being updated Version: 0.5 Main functions: Wannier90

Irián Sánchez Ramírez 4 Dec 27, 2022
An Advanced Wordlist Library Written In Python For Acm114

RBAPG -RBAPG is the abbreviation of "Rule Based Attack Password Generator". -This module is a wordlist generator module. -You can generate randomly

Aziz Kaplan 11 Aug 28, 2022
Free Data Engineering course!

Data Engineering Zoomcamp Register in DataTalks.Club's Slack Join the #course-data-engineering channel The videos are published to DataTalks.Club's Yo

DataTalksClub 7.3k Dec 30, 2022
This repository contains various tools useful for offensive operations (reversing, etc) regarding the PE (Portable Executable) format

PE-Tools This repository contains various tools useful for offensive operations (reversing, etc) regarding the PE (Portable Executable) format Install

stark0de 4 Oct 13, 2022
Tutor plugin for integration of Open edX with a Richie course catalog

Richie plugin for Tutor This is a plugin to integrate Richie, the learning portal CMS, with Open edX. The integration takes the form of a Tutor plugin

Overhang.IO 2 Sep 08, 2022
Set of scripts that schedules employees for shifts throughout the week based on availability, shift times, and shift necessities

Automatic-Scheduler Set of scripts that schedules employees for shifts throughout the week based on availability, shift times, and shift necessities *

Matthew 1 May 01, 2022