This repository contains documentation and source code for the Binary Ninja reverse engineering platform API.
Please note that the dev branch tracks changes on the dev
build of binary ninja and is generally the place where all pull requests should be submitted to. However, the master branch tracks the stable
build of Binary Ninja which is the default version run after installation. Online documentation tracks the stable branch.
Public contributions are welcome to this repository. All the API and documentation in this repository is licensed under an MIT license, however, the API interfaces with a closed-source commercial application, Binary Ninja.
If you're interested in contributing when you submit your first PR, you'll receive a notice from CLA Assistant that allows you to sign our Contribution License Agreement online.
The issue tracker for this repository tracks not only issues with the source code contained here but also the broader Binary Ninja product.
Starting July 10th, C++ portion of this API can be built into a static library (.a, .lib) that binary plugins can link against using cmake.
The compiled API contains names and functions you can use from your plugins, but most of the implementation is missing until you link up against libbinaryninjacore.dylib or libbinaryninjacore.dll (via import file libbinaryninjacore.lib). See the ./examples.
Since BinaryNinja is a 64-bit only product, ensure that you are using a 64-bit compiling and linking environment. Errors on windows like LNK1107 might indicate that your bits don't match.
# Get the source
git clone https://github.com/Vector35/binaryninja-api.git
cd binaryninja-api
git submodule update --init --recursive
# Do an out-of-source build
cd ../
mkdir build
cd build
# Build it
cmake ../binaryninja-api
make -j8
The output is in build/out
.
There are several options that you can pass to cmake:
- If BinaryNinja is installed at a different location than the defautls in CMakeLists.txt, it will complain "Binary Ninja Core Not Found". Specify the path by
-DBN_INSTALL_DIR=/path/to/binaryninja/installation
- If you also wish to build the API examples, pass
-DBN_API_BUILD_EXAMPLES=ON
. After the make succeeds, you can install the built plugins bymake install
- If you are using a headless BinaryNinja distribution or you do not wish to build UI plugins, pass
-DHEADLESS=ON
. - You will need Qt 6.1.3 (as of writing) installed to build UI plugins.
There are many examples available. The Python examples folder demonstrates many different applications of the Python API, while native examples include:
- bin-info is a standalone executable that prints some information about a given binary to stdout (only usable with licenses that support headless API access)
- breakpoint is a plugin that allows you to select a region within an x86 binary and use the context menu to fill it with breakpoint bytes
- command-line disassm demonstrates how to dump disassembly to the command-line (only usable with licenses that support headless API access)
- llil-parser parses Low-Level IL, demonstrating how to match types and use a visitor class (only usable with licenses that support headless API access)
- mlil-parser parses Medium-Level IL, demonstrating how to match types and use a visitor class (only usable with licenses that support headless API access)
- print_syscalls is a standalone executable that prints the syscalls used in a given binary (only usable with licenses that support headless API access)
- triage is a fully featured plugin that is shipped and enabled by default, demonstrating how to do a wide variety of tasks including extending the UI through QT
- workflows is a collection of plugins that demonstrate using Workflows to extend the analysis pipeline
- x86 extension creates an architecture extension which shows how to modify the behavior of the build-in architectures without creating a complete replacement
Some components may be released under compatible but slightly different open source licenses and will have their own LICENSE file as appropriate.