Created
December 18, 2023 18:49
-
-
Save ald3ns/bc3bcc60d1f453af8deeb1a29df31a54 to your computer and use it in GitHub Desktop.
Binary Ninja __cstring section cleanup script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| When analyzing MachO binaries in binja, sometimes not all strings in the __cstring | |
| section are defined. This script iterates through the section cleaning up anything | |
| that was missed. There is probably a better/already existing way to do this but | |
| ¯\_(ツ)_/¯ | |
| """ | |
| import binaryninja | |
| cstring_section = bv.get_section_by_name('__cstring') | |
| start = cstring_section.start | |
| end = cstring_section.end | |
| current_address = start | |
| # Iterate over __cstring section address rane | |
| while current_address < end: | |
| string_len = 0 | |
| # Spec says that strings in this section are null terminated | |
| while bv.read(current_address + string_len, 1) != b'\x00': | |
| string_len += 1 | |
| # We only want to define if there is a value to define | |
| if string_len > 0: | |
| bv.define_user_data_var(current_address, binaryninja.Type.array(bv.parse_type_string("char const")[0], string_len + 1)) | |
| current_address += (string_len + 1) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment