Struct BinaryView 

pub struct BinaryView {
    pub handle: *mut BNBinaryView,
}

Represents the “whole view” of the binary and its analysis.

Analysis information:

• BinaryView::functions
• BinaryView::data_variables
• BinaryView::strings

Annotation information:

• BinaryView::symbols
• BinaryView::tags_all_scopes
• BinaryView::comments

Data representation and binary information:

• BinaryView::types
• BinaryView::segments
• BinaryView::sections

Cleaning up

BinaryView has a cyclic relationship with the associated FileMetadata, each holds a strong reference to one another, so to properly clean up/free the BinaryView, you must manually close the file using FileMetadata::close, this is not fixable in the general case, until FileMetadata has only a weak reference to the BinaryView.

Fields

handle: *mut BNBinaryView

Implementations

impl BinaryView

pub unsafe fn from_raw(handle: *mut BNBinaryView) -> Self

pub fn from_custom<C: CustomBinaryView>( view_type_name: &str, file: &FileMetadata, parent_view: &BinaryView, view: C, ) -> Result<Ref<Self>, ()>

Create a core instance of the CustomBinaryView.

pub fn from_metadata(meta: &FileMetadata) -> Result<Ref<Self>, ()>

Construct the raw binary view from the given metadata.

Before calling this, make sure you have a valid file path set for the FileMetadata. It is required that the FileMetadata::file_path exist in the local filesystem.

pub fn from_path( meta: &FileMetadata, file_path: impl AsRef<Path>, ) -> Result<Ref<Self>, ()>

Construct the raw binary view from the given file_path and metadata.

This will implicitly set the metadata file path and then construct the view. If the metadata already has the desired file path, use BinaryView::from_metadata instead.

pub unsafe fn from_accessor<A: Accessor>( meta: &FileMetadata, accessor: &mut FileAccessor<A>, ) -> Result<Ref<Self>, ()>

Construct the raw binary view from the given accessor and metadata.

It is the responsibility of the caller to keep the accessor alive for the lifetime of the view; because of this, we mark the function as unsafe.

pub fn from_data(meta: &FileMetadata, data: &[u8]) -> Ref<Self>

Construct the raw binary view from the given data and metadata.

The data will be copied into the view, so the caller does not need to keep the data alive.

pub fn save_to_path(&self, file_path: impl AsRef<Path>) -> bool

Save the original binary file to the provided file_path along with any modifications.

WARNING: Currently, there is a possibility to deadlock if the analysis has queued up a main thread action that tries to take the FileMetadata lock of the current view and is executed while we are executing in this function.

To avoid the above issue, use crate::main_thread::execute_on_main_thread_and_wait to verify there are no queued up main thread actions.

pub fn save_to_accessor<A: Accessor>(&self, file: &mut FileAccessor<A>) -> bool

Save the original binary file to the provided FileAccessor along with any modifications.

WARNING: Currently, there is a possibility to deadlock if the analysis has queued up a main thread action that tries to take the FileMetadata lock of the current view and is executed while we are executing in this function.

To avoid the above issue, use crate::main_thread::execute_on_main_thread_and_wait to verify there are no queued up main thread actions.

pub fn file(&self) -> Ref<FileMetadata>

pub fn parent_view(&self) -> Option<Ref<BinaryView>>

pub fn raw_view(&self) -> Option<Ref<BinaryView>>

pub fn view_type(&self) -> String

pub fn read_vec(&self, offset: u64, len: usize) -> Vec<u8>

Reads up to len bytes from address offset

pub fn read_into_vec( &self, dest: &mut Vec<u8>, offset: u64, len: usize, ) -> usize

Appends up to len bytes from address offset into dest

pub fn read_c_string_at(&self, offset: u64, len: usize) -> Option<CString>

Reads up to len bytes from the address offset returning a CString if available.

pub fn read_utf8_string_at(&self, offset: u64, len: usize) -> Option<String>

Reads up to len bytes from the address offset returning a String if available.

pub fn search<C: FnMut(u64, &DataBuffer) -> bool>( &self, query: &SearchQuery, on_match: C, ) -> bool

Search the view using the query options.

In the on_match callback return false to stop searching.

pub fn search_with_progress<P: ProgressCallback, C: FnMut(u64, &DataBuffer) -> bool>( &self, query: &SearchQuery, on_match: C, progress: P, ) -> bool

Search the view using the query options.

In the on_match callback return false to stop searching.

pub fn find_next_data( &self, start: u64, end: u64, data: &DataBuffer, ) -> Option<u64>

pub fn find_next_data_with_opts<P: ProgressCallback>( &self, start: u64, end: u64, data: &DataBuffer, flag: FindFlag, progress: P, ) -> Option<u64>

Warning

This function is likely to be changed to take in a “query” structure. Or deprecated entirely.

pub fn find_next_constant( &self, start: u64, end: u64, constant: u64, view_type: FunctionViewType, ) -> Option<u64>

pub fn find_next_constant_with_opts<P: ProgressCallback>( &self, start: u64, end: u64, constant: u64, disasm_settings: &DisassemblySettings, view_type: FunctionViewType, progress: P, ) -> Option<u64>

Warning

This function is likely to be changed to take in a “query” structure.

pub fn find_next_text( &self, start: u64, end: u64, text: &str, view_type: FunctionViewType, ) -> Option<u64>

pub fn find_next_text_with_opts<P: ProgressCallback>( &self, start: u64, end: u64, text: &str, disasm_settings: &DisassemblySettings, flag: FindFlag, view_type: FunctionViewType, progress: P, ) -> Option<u64>

Warning

This function is likely to be changed to take in a “query” structure.

pub fn notify_data_written(&self, offset: u64, len: usize)

pub fn notify_data_inserted(&self, offset: u64, len: usize)

pub fn notify_data_removed(&self, offset: u64, len: usize)

pub fn offset_has_code_semantics(&self, offset: u64) -> bool

Consults the Section’s current crate::section::Semantics to determine if the offset has code semantics.

pub fn offset_has_extern_semantics(&self, offset: u64) -> bool

Check if the offset is within a Section with crate::section::Semantics::External.

pub fn offset_has_writable_semantics(&self, offset: u64) -> bool

Consults the Section’s current crate::section::Semantics to determine if the offset has writable semantics.

pub fn offset_has_read_only_semantics(&self, offset: u64) -> bool

Consults the Section’s current crate::section::Semantics to determine if the offset has read only semantics.

pub fn image_base(&self) -> u64

pub fn original_image_base(&self) -> u64

pub fn set_original_image_base(&self, image_base: u64)

pub fn end(&self) -> u64

The highest address in the view.

pub fn add_analysis_option(&self, name: &str)

pub fn has_initial_analysis(&self) -> bool

pub fn set_analysis_hold(&self, enable: bool)

pub fn update_analysis(&self)

Runs the analysis pipeline, analyzing any data that has been marked for updates.

You can explicitly mark a function to be updated with:

• Function::mark_updates_required
• Function::mark_caller_updates_required

NOTE: This is a non-blocking call, use BinaryView::update_analysis_and_wait if you require analysis to have completed before moving on.

pub fn update_analysis_and_wait(&self)

Runs the analysis pipeline, analyzing any data that has been marked for updates.

You can explicitly mark a function to be updated with:

• Function::mark_updates_required
• Function::mark_caller_updates_required

NOTE: This is a blocking call, use BinaryView::update_analysis if you do not need to wait for the analysis update to finish.

pub fn reanalyze(&self)

Causes all functions to be reanalyzed.

Use BinaryView::update_analysis or BinaryView::update_analysis_and_wait instead if you want to incrementally update analysis.

NOTE: This function does not wait for the analysis to finish.

pub fn abort_analysis(&self)

pub fn analysis_is_aborted(&self) -> bool

pub fn workflow(&self) -> Ref<Workflow>

pub fn analysis_info(&self) -> AnalysisInfo

pub fn analysis_progress(&self) -> AnalysisProgress

pub fn default_arch(&self) -> Option<CoreArchitecture>

pub fn set_default_arch<A: Architecture>(&self, arch: &A)

pub fn default_platform(&self) -> Option<Ref<Platform>>

pub fn set_default_platform(&self, plat: &Platform)

pub fn base_address_detection(&self) -> Option<BaseAddressDetection>

pub fn instruction_len<A: Architecture>( &self, arch: &A, addr: u64, ) -> Option<usize>

pub fn symbol_by_address(&self, addr: u64) -> Option<Ref<Symbol>>

pub fn symbol_by_raw_name(&self, raw_name: impl IntoCStr) -> Option<Ref<Symbol>>

pub fn symbols(&self) -> Array<Symbol>

pub fn symbols_by_name(&self, name: impl IntoCStr) -> Array<Symbol>

pub fn symbols_in_range(&self, range: Range<u64>) -> Array<Symbol>

pub fn symbols_of_type(&self, ty: SymbolType) -> Array<Symbol>

pub fn symbols_of_type_in_range( &self, ty: SymbolType, range: Range<u64>, ) -> Array<Symbol>

pub fn define_auto_symbol(&self, sym: &Symbol)

pub fn define_auto_symbol_with_type<'a, T: Into<Option<&'a Type>>>( &self, sym: &Symbol, plat: &Platform, ty: T, ) -> Ref<Symbol>

Defines the symbol as well as the analysis object associated with the given symbol type, such as the data variable for a SymbolType::Data, or the function for a SymbolType::Function. Returns the symbol, as it was applied to the binary view.

pub fn undefine_auto_symbol(&self, sym: &Symbol)

pub fn define_user_symbol(&self, sym: &Symbol)

pub fn undefine_user_symbol(&self, sym: &Symbol)

pub fn data_variables(&self) -> Array<DataVariable>

pub fn data_variable_at_address(&self, addr: u64) -> Option<DataVariable>

pub fn define_auto_data_var<'a, T: Into<Conf<&'a Type>>>( &self, addr: u64, ty: T, )

pub fn define_user_data_var<'a, T: Into<Conf<&'a Type>>>( &self, addr: u64, ty: T, )

You likely would also like to call BinaryView::define_user_symbol to bind this data variable with a name

pub fn undefine_auto_data_var(&self, addr: u64, blacklist: Option<bool>)

pub fn undefine_user_data_var(&self, addr: u64)

pub fn define_auto_type<T: Into<QualifiedName>>( &self, name: T, source: &str, type_obj: &Type, ) -> QualifiedName

pub fn define_auto_type_with_id<T: Into<QualifiedName>>( &self, name: T, id: &str, type_obj: &Type, ) -> QualifiedName

pub fn define_user_type<T: Into<QualifiedName>>(&self, name: T, type_obj: &Type)

pub fn define_auto_types<T, I>( &self, names_sources_and_types: T, ) -> HashMap<String, QualifiedName>

where T: Iterator<Item = I>, I: Into<QualifiedNameTypeAndId>,

pub fn define_auto_types_with_progress<T, I, P>( &self, names_sources_and_types: T, progress: P, ) -> HashMap<String, QualifiedName>

where T: Iterator<Item = I>, I: Into<QualifiedNameTypeAndId>, P: ProgressCallback,

pub fn define_user_types<T, I>(&self, names_and_types: T)

where T: Iterator<Item = I>, I: Into<QualifiedNameAndType>,

pub fn define_user_types_with_progress<T, I, P>( &self, names_and_types: T, progress: P, )

where T: Iterator<Item = I>, I: Into<QualifiedNameAndType>, P: ProgressCallback,

pub fn undefine_auto_type(&self, id: &str)

pub fn undefine_user_type<T: Into<QualifiedName>>(&self, name: T)

pub fn types(&self) -> Array<QualifiedNameAndType>

pub fn dependency_sorted_types(&self) -> Array<QualifiedNameAndType>

pub fn type_by_name<T: Into<QualifiedName>>(&self, name: T) -> Option<Ref<Type>>

pub fn type_by_ref(&self, ref_: &NamedTypeReference) -> Option<Ref<Type>>

pub fn type_by_id(&self, id: &str) -> Option<Ref<Type>>

pub fn type_name_by_id(&self, id: &str) -> Option<QualifiedName>

pub fn type_id_by_name<T: Into<QualifiedName>>(&self, name: T) -> Option<String>

pub fn is_type_auto_defined<T: Into<QualifiedName>>(&self, name: T) -> bool

pub fn segments(&self) -> Array<Segment>

pub fn segment_at(&self, addr: u64) -> Option<Ref<Segment>>

pub fn add_segment(&self, segment: SegmentBuilder)

Adds a segment to the view.

NOTE: Consider using BinaryView::begin_bulk_add_segments and BinaryView::end_bulk_add_segments if you plan on adding a number of segments all at once, to avoid unnecessary MemoryMap updates.

pub fn begin_bulk_add_segments(&self)

Start adding segments in bulk. Useful for adding large numbers of segments.

After calling this any call to BinaryView::add_segment will be uncommitted until a call to BinaryView::end_bulk_add_segments

If you wish to discard the uncommitted segments you can call BinaryView::cancel_bulk_add_segments.

NOTE: This must be paired with a later call to BinaryView::end_bulk_add_segments or BinaryView::cancel_bulk_add_segments, otherwise segments added after this call will stay uncommitted.

pub fn end_bulk_add_segments(&self)

Commit all auto and user segments that have been added since the call to Self::begin_bulk_add_segments.

NOTE: This must be paired with a prior call to Self::begin_bulk_add_segments, otherwise this does nothing and segments are added individually.

pub fn cancel_bulk_add_segments(&self)

Flushes the auto and user segments that have yet to be committed.

This is to be used in conjunction with Self::begin_bulk_add_segments and Self::end_bulk_add_segments, where the latter will commit the segments which have been added since Self::begin_bulk_add_segments, this function will discard them so that they do not get added to the view.

pub fn add_section(&self, section: SectionBuilder)

pub fn remove_auto_section(&self, name: impl IntoCStr)

pub fn remove_user_section(&self, name: impl IntoCStr)

pub fn section_by_name(&self, name: impl IntoCStr) -> Option<Ref<Section>>

pub fn sections(&self) -> Array<Section>

pub fn sections_at(&self, addr: u64) -> Array<Section>

pub fn memory_map(&self) -> MemoryMap

pub fn add_auto_function(&self, address: u64) -> Option<Ref<Function>>

Add an auto function at the given address with the views default platform.

Use BinaryView::add_auto_function_with_platform if you wish to specify a platform.

NOTE: The default platform must be set for this view!

pub fn add_auto_function_with_platform( &self, address: u64, platform: &Platform, ) -> Option<Ref<Function>>

Add an auto function at the given address with the platform.

Use BinaryView::add_auto_function_ext if you wish to specify a function type.

NOTE: If the view’s default platform is not set, this will set it to platform.

pub fn add_auto_function_ext( &self, address: u64, platform: &Platform, func_type: Option<&Type>, ) -> Option<Ref<Function>>

Add an auto function at the given address with the platform and function type.

NOTE: If the view’s default platform is not set, this will set it to platform.

pub fn remove_auto_function(&self, func: &Function, update_refs: bool)

Remove an auto function from the view.

Pass true for update_refs to update all references of the function.

NOTE: Unlike BinaryView::remove_user_function, this will NOT prohibit the function from being re-added in the future, use BinaryView::remove_user_function to blacklist the function from being automatically created.

pub fn add_user_function(&self, addr: u64) -> Option<Ref<Function>>

Add a user function at the given address with the views default platform.

Use BinaryView::add_user_function_with_platform if you wish to specify a platform.

NOTE: The default platform must be set for this view!

pub fn add_user_function_with_platform( &self, addr: u64, platform: &Platform, ) -> Option<Ref<Function>>

Add an auto function at the given address with the platform.

NOTE: If the view’s default platform is not set, this will set it to platform.

pub fn remove_user_function(&self, func: &Function)

Removes the function from the view and blacklists it from being created automatically.

NOTE: If you call BinaryView::add_user_function, it will override the blacklist.

pub fn has_functions(&self) -> bool

pub fn add_entry_point(&self, addr: u64)

Add an entry point at the given address with the view’s default platform.

NOTE: The default platform must be set for this view!

pub fn add_entry_point_with_platform(&self, addr: u64, platform: &Platform)

Add an entry point at the given address with the platform.

NOTE: If the view’s default platform is not set, this will set it to platform.

pub fn entry_point_function(&self) -> Option<Ref<Function>>

pub fn entry_point_functions(&self) -> Array<Function>

This list contains the analysis entry function, and functions like init_array, fini_array, and TLS callbacks etc.

We see entry_functions as good starting points for analysis, these functions normally don’t have internal references. Exported functions in a dll/so file are not included.

pub fn functions(&self) -> Array<Function>

pub fn functions_at(&self, addr: u64) -> Array<Function>

List of functions starting at addr

pub fn functions_containing(&self, addr: u64) -> Array<Function>

List of functions containing addr

pub fn functions_by_name( &self, name: impl IntoCStr, plat: Option<&Platform>, ) -> Vec<Ref<Function>>

List of functions with the given name.

There is one special case where if you pass a string of the form sub_[0-9a-f]+ then it will lookup all functions defined at the address matched by the regular expression if that symbol is not defined in the database.

Params

• name: Name that the function should have
• plat: Optional platform that the function should be defined for. Defaults to all platforms if None passed.

pub fn function_at( &self, platform: &Platform, addr: u64, ) -> Option<Ref<Function>>

pub fn function_start_before(&self, addr: u64) -> u64

pub fn function_start_after(&self, addr: u64) -> u64

pub fn basic_blocks_containing( &self, addr: u64, ) -> Array<BasicBlock<NativeBlock>>

pub fn basic_blocks_starting_at( &self, addr: u64, ) -> Array<BasicBlock<NativeBlock>>

pub fn is_new_auto_function_analysis_suppressed(&self) -> bool

pub fn set_new_auto_function_analysis_suppressed(&self, suppress: bool)

pub fn should_skip_target_analysis( &self, src_loc: impl Into<Location>, src_func: &Function, src_end: u64, target: impl Into<Location>, ) -> bool

pub fn read_buffer(&self, offset: u64, len: usize) -> Option<DataBuffer>

pub fn debug_info(&self) -> Ref<DebugInfo>

pub fn set_debug_info(&self, debug_info: &DebugInfo)

pub fn apply_debug_info(&self, debug_info: &DebugInfo)

pub fn show_plaintext_report(&self, title: &str, plaintext: &str)

pub fn show_markdown_report(&self, title: &str, contents: &str, plaintext: &str)

pub fn show_html_report(&self, title: &str, contents: &str, plaintext: &str)

pub fn show_graph_report(&self, raw_name: &str, graph: &FlowGraph)

pub fn load_settings(&self, view_type_name: &str) -> Option<Ref<Settings>>

pub fn set_load_settings(&self, view_type_name: &str, settings: &Settings)

pub fn create_tag_type(&self, name: &str, icon: &str) -> Ref<TagType>

Creates a new TagType and adds it to the view.

Arguments

• name - the name for the tag
• icon - the icon (recommended 1 emoji or 2 chars) for the tag

pub fn remove_tag_type(&self, tag_type: &TagType)

Removes a TagType and all tags that use it

pub fn tag_type_by_name(&self, name: &str) -> Option<Ref<TagType>>

Get a tag type by its name.

pub fn tags_all_scopes(&self) -> Array<TagReference>

Get all tags in all scopes

pub fn tag_types(&self) -> Array<TagType>

Get all tag types present for the view

pub fn tags_by_type(&self, tag_type: &TagType) -> Array<TagReference>

Get all tag references of a specific type

pub fn tag_by_id(&self, id: &str) -> Option<Ref<Tag>>

Get a tag by its id.

Note this does not tell you anything about where it is used.

pub fn add_tag(&self, addr: u64, t: &TagType, data: &str, user: bool)

Creates and adds a tag to an address

User tag creations will be added to the undo buffer

pub fn remove_auto_data_tag(&self, addr: u64, tag: &Tag)

removes a Tag object at a data address.

pub fn remove_user_data_tag(&self, addr: u64, tag: &Tag)

removes a Tag object at a data address. Since this removes a user tag, it will be added to the current undo buffer.

pub fn comment_references(&self) -> Array<CommentReference>

Retrieves a list of comment addresses, the comments themselves can then be queried with the function BinaryView::comment_at.

If you would rather retrieve the contents of all comments at once you can do so with the helper function BinaryView::comments.

pub fn comments(&self) -> BTreeMap<u64, String>

Retrieves a map of comment addresses to their contents.

This is a helper function that eagerly reads the contents of all comments within the view, use BinaryView::comment_references instead if you do not wish to read all the comments.

pub fn comment_at(&self, addr: u64) -> Option<String>

pub fn set_comment_at(&self, addr: u64, comment: &str)

Sets a comment for the BinaryView at the address specified.

NOTE: This is different from setting a comment at the function-level. To set a comment in a function use Function::set_comment_at

pub fn get_next_linear_disassembly_lines( &self, pos: &mut LinearViewCursor, ) -> Array<LinearDisassemblyLine>

Retrieves a list of the next disassembly lines.

Retrieves an Array over LinearDisassemblyLine objects for the next disassembly lines, and updates the LinearViewCursor passed in. This function can be called repeatedly to get more lines of linear disassembly.

Arguments

• pos - Position to retrieve linear disassembly lines from

pub fn get_previous_linear_disassembly_lines( &self, pos: &mut LinearViewCursor, ) -> Array<LinearDisassemblyLine>

Retrieves a list of the previous disassembly lines.

get_previous_linear_disassembly_lines retrieves an Array over LinearDisassemblyLine objects for the previous disassembly lines, and updates the LinearViewCursor passed in. This function can be called repeatedly to get more lines of linear disassembly.

Arguments

• pos - Position to retrieve linear disassembly lines relative to

pub fn query_metadata(&self, key: &str) -> Option<Ref<Metadata>>

pub fn get_metadata<T>(&self, key: &str) -> Option<T>

where T: for<'a> TryFrom<&'a Metadata>,

Retrieve the metadata as the type T.

Fails if the metadata does not exist, or if the metadata failed to coerce to type T.

pub fn store_metadata<V>(&self, key: &str, value: V, is_auto: bool)

where V: Into<Ref<Metadata>>,

pub fn remove_metadata(&self, key: &str)

pub fn code_refs_to_addr(&self, addr: u64) -> Array<CodeReference>

Retrieves a list of CodeReferences pointing to a given address.

pub fn code_refs_into_range(&self, range: Range<u64>) -> Array<CodeReference>

Retrieves a list of CodeReferences pointing into a given Range.

pub fn code_refs_from_addr( &self, addr: u64, func: Option<&Function>, ) -> Vec<u64>

Retrieves a list of addresses pointed to by a given address.

pub fn data_refs_to_addr(&self, addr: u64) -> Array<DataReference>

Retrieves a list of DataReferences pointing to a given address.

pub fn data_refs_into_range(&self, range: Range<u64>) -> Array<DataReference>

Retrieves a list of DataReferences pointing into a given Range.

pub fn data_refs_from_addr(&self, addr: u64) -> Array<DataReference>

Retrieves a list of DataReferences originating from a given address.

pub fn code_refs_using_type_name<T: Into<QualifiedName>>( &self, name: T, ) -> Array<CodeReference>

Retrieves a list of CodeReferences for locations in code that use a given named type.

pub fn data_refs_using_type_name<T: Into<QualifiedName>>( &self, name: T, ) -> Array<DataReference>

Retrieves a list of DataReferences for locations in data that use a given named type.

pub fn relocations_at(&self, addr: u64) -> Array<Relocation>

pub fn relocation_ranges(&self) -> Vec<Range<u64>>

pub fn component_by_guid(&self, guid: &str) -> Option<Ref<Component>>

pub fn root_component(&self) -> Option<Ref<Component>>

pub fn component_by_path(&self, path: &str) -> Option<Ref<Component>>

pub fn remove_component(&self, component: &Component) -> bool

pub fn remove_component_by_guid(&self, guid: &str) -> bool

pub fn data_variable_parent_components( &self, data_variable: &DataVariable, ) -> Array<Component>

pub fn external_libraries(&self) -> Array<ExternalLibrary>

pub fn external_library(&self, name: &str) -> Option<Ref<ExternalLibrary>>

pub fn remove_external_library(&self, name: &str)

pub fn add_external_library( &self, name: &str, backing_file: Option<&ProjectFile>, auto: bool, ) -> Option<Ref<ExternalLibrary>>

pub fn external_locations(&self) -> Array<ExternalLocation>

pub fn external_location_from_symbol( &self, symbol: &Symbol, ) -> Option<Ref<ExternalLocation>>

pub fn remove_external_location(&self, location: &ExternalLocation)

pub fn remove_external_location_from_symbol(&self, symbol: &Symbol)

pub fn add_external_location( &self, symbol: &Symbol, library: &ExternalLibrary, target_symbol_name: &str, target_address: Option<u64>, target_is_auto: bool, ) -> Option<Ref<ExternalLocation>>

pub fn type_container(&self) -> TypeContainer

Type container for all types (user and auto) in the Binary View.

NOTE: Modifying an auto type will promote it to a user type.

pub fn user_type_container(&self) -> TypeContainer

Type container for user types in the Binary View.

pub fn auto_type_container(&self) -> TypeContainer

Type container for auto types in the Binary View.

NOTE: Unlike Self::type_container modification of auto types will NOT promote it to a user type.

pub fn type_libraries(&self) -> Array<TypeLibrary>

pub fn add_type_library(&self, library: &TypeLibrary)

Make the contents of a type library available for type/import resolution

pub fn type_library_by_name(&self, name: &str) -> Option<Ref<TypeLibrary>>

pub fn record_imported_object_library<T: Into<QualifiedName>>( &self, lib: &TypeLibrary, name: T, addr: u64, platform: &Platform, )

Should be called by custom BinaryView implementations when they have successfully imported an object from a type library (eg a symbol’s type). Values recorded with this function will then be queryable via BinaryView::lookup_imported_object_library.

• lib - Type Library containing the imported type
• name - Name of the object in the type library
• addr - address of symbol at import site
• platform - Platform of symbol at import site

pub fn import_type_library_type<T: Into<QualifiedName>>( &self, name: T, lib: Option<&TypeLibrary>, ) -> Option<Ref<Type>>

Recursively imports a type from the specified type library, or, if no library was explicitly provided, the first type library associated with the current BinaryView that provides the name requested.

This may have the impact of loading other type libraries as dependencies on other type libraries are lazily resolved when references to types provided by them are first encountered.

Note that the name actually inserted into the view may not match the name as it exists in the type library in the event of a name conflict. To aid in this, the Type object returned is a NamedTypeReference to the deconflicted name used.

pub fn import_type_library_object<T: Into<QualifiedName>>( &self, name: T, lib: Option<&TypeLibrary>, ) -> Option<Ref<Type>>

Recursively imports an object (function) from the specified type library, or, if no library was explicitly provided, the first type library associated with the current BinaryView that provides the name requested.

This may have the impact of loading other type libraries as dependencies on other type libraries are lazily resolved when references to types provided by them are first encountered.

NOTE: If you are implementing a custom BinaryView and use this method to import object types, you should then call BinaryView::record_imported_object_library with the details of where the object is located.

pub fn import_type_by_guid(&self, guid: &str) -> Option<Ref<Type>>

Recursively imports a Type given its GUID from available type libraries.

pub fn export_type_to_library<T: Into<QualifiedName>>( &self, lib: &TypeLibrary, name: T, type_obj: &Type, )

Recursively exports type_obj into lib as a type with name name.

As other referenced types are encountered, they are either copied into the destination type library or else the type library that provided the referenced type is added as a dependency for the destination library.

pub fn export_object_to_library<T: Into<QualifiedName>>( &self, lib: &TypeLibrary, name: T, type_obj: &Type, )

Recursively exports type_obj into lib as a type with name name.

As other referenced types are encountered, they are either copied into the destination type library or else the type library that provided the referenced type is added as a dependency for the destination library.

pub fn lookup_imported_object_library( &self, addr: u64, platform: &Platform, ) -> Option<(Ref<TypeLibrary>, QualifiedName)>

Gives you details of which type library and name was used to determine the type of a symbol at a given address

• addr - address of symbol at import site
• platform - Platform of symbol at import site

pub fn lookup_imported_type_library<T: Into<QualifiedName>>( &self, name: T, ) -> Option<(Ref<TypeLibrary>, QualifiedName)>

Gives you details of from which type library and name a given type in the analysis was imported.

• name - Name of type in analysis

pub fn strings(&self) -> Array<StringReference>

Retrieve all known strings in the binary.

NOTE: This returns a list of StringReference as strings may not be representable as a String or even a BnString. It is the caller’s responsibility to read the underlying data and convert it to a representable form.

Some helpers for reading strings are available:

• BinaryView::read_c_string_at
• BinaryView::read_utf8_string_at

NOTE: This returns discovered strings and is therefore governed by analysis.limits.minStringLength and other settings.

pub fn string_at(&self, addr: u64) -> Option<StringReference>

Retrieve the string that falls on a given virtual address.

NOTE: This returns a StringReference and since strings may not be representable as a Rust String or even a BnString. It is the caller’s responsibility to read the underlying data and convert it to a representable form.

Some helpers for reading strings are available:

• BinaryView::read_c_string_at
• BinaryView::read_utf8_string_at

NOTE: This returns discovered strings and is therefore governed by analysis.limits.minStringLength and other settings.

pub fn strings_in_range(&self, range: Range<u64>) -> Array<StringReference>

Retrieve all known strings within the provided range.

NOTE: This returns a list of StringReference as strings may not be representable as a String or even a BnString. It is the caller’s responsibility to read the underlying data and convert it to a representable form.

Some helpers for reading strings are available:

• BinaryView::read_c_string_at
• BinaryView::read_utf8_string_at

NOTE: This returns discovered strings and is therefore governed by analysis.limits.minStringLength and other settings.

pub fn attached_type_archives(&self) -> Vec<TypeArchiveId>

Retrieve the attached type archives as their TypeArchiveId.

Using the returned id you can retrieve the TypeArchive with BinaryView::type_archive_by_id.

pub fn type_archive_by_id(&self, id: &TypeArchiveId) -> Option<Ref<TypeArchive>>

Look up a connected TypeArchive by its id.

NOTE: A TypeArchive can be attached but not connected, returning None.

pub fn type_archive_path_by_id(&self, id: &TypeArchiveId) -> Option<PathBuf>

Look up the path for an attached (but not necessarily connected) TypeArchive by its id.

Trait Implementations

impl AsRef<BinaryView> for BinaryView

fn as_ref(&self) -> &Self

Converts this type into a shared reference of the (usually inferred) input type.

impl BinaryViewBase for BinaryView

fn read(&self, buf: &mut [u8], offset: u64) -> usize

fn write(&self, offset: u64, data: &[u8]) -> usize

fn insert(&self, offset: u64, data: &[u8]) -> usize

fn remove(&self, offset: u64, len: usize) -> usize

fn offset_valid(&self, offset: u64) -> bool

Check if the offset is valid for the current view.

fn offset_readable(&self, offset: u64) -> bool

Check if the offset is readable for the current view.

fn offset_writable(&self, offset: u64) -> bool

Check if the offset is writable for the current view.

fn offset_executable(&self, offset: u64) -> bool

Check if the offset is executable for the current view.

fn offset_backed_by_file(&self, offset: u64) -> bool

Check if the offset is backed by the original file and not added after the fact.

fn next_valid_offset_after(&self, offset: u64) -> u64

Get the next valid offset after the provided offset, useful if you need to iterate over all readable offsets in the view.

fn modification_status(&self, offset: u64) -> ModificationStatus

Whether the data at the given offset been modified (patched).

fn start(&self) -> u64

The lowest address in the view.

fn len(&self) -> u64

The length of the view.

fn executable(&self) -> bool

fn relocatable(&self) -> bool

fn entry_point(&self) -> u64

fn default_endianness(&self) -> Endianness

fn address_size(&self) -> usize

fn save(&self) -> bool

impl Debug for BinaryView

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Hash for BinaryView

fn hash<__H: Hasher>(&self, state: &mut __H)

Feeds this value into the given Hasher.

fn hash_slice<H>(data: &[Self], state: &mut H)

where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher.

impl PartialEq for BinaryView

fn eq(&self, other: &BinaryView) -> bool

Tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl ToOwned for BinaryView

type Owned = Ref<BinaryView>

The resulting type after obtaining ownership.

fn to_owned(&self) -> Self::Owned

Creates owned data from borrowed data, usually by cloning.

fn clone_into(&self, target: &mut Self::Owned)

Uses borrowed data to replace owned data, usually by cloning.

impl Eq for BinaryView

impl Send for BinaryView

impl StructuralPartialEq for BinaryView

impl Sync for BinaryView