Binja Arm64 Disassembler

Overview

Binja Arm64 Disassembler

Build Status Latest Version Latest Docs

These are bindings to the Binary Ninja arm64 architecture/disassembler plugin.

Note that while Binary Ninja is an (excellent) commercial product, the disassembler is entirely Apache 2 licensed and may be used without a license. To install, just add bad64 as a normal dependency in Cargo.toml.

For docs and usage, please see docs.rs and the examples.

$ cargo run --example decode 0x91010420
Instruction {
    address: 0x1000,
    opcode: 0x91010420,
    op: ADD,
    num_operands: 0x3,
    operands: [
        Reg {
            reg: X0,
            arrspec: None,
        },
        Reg {
            reg: X1,
            arrspec: None,
        },
        Imm64 {
            imm: Unsigned(
                0x41,
            ),
            shift: None,
        },
    ],
}
add x0, x1, #0x41
Comments
  • `orr` with `xzr` does not disassemble as `mov`

    `orr` with `xzr` does not disassemble as `mov`

    I've noticed some cases where an orr with xzr or wzr does not disassemble as a mov. Changing tiny details makes a mov or a mvn as expected.

    I'm not sure this is an incorrect disassembly. I have seen similar cases where the orr form is being used because the mov form would assemble to a different instruction. However, I can't explain the following cases:

    orr w0, wzr, w1, lsl #0x15 // orn is fine.
    orr x0, xzr, x1, lsl #0x15 // orn is fine.
    orr x0, xzr, #0x3333333333333333 // 32-bit is fine.
    

    Of course, this is not a serious problem. All these disassemblies would assemble back to the correct instruction. The issue is only that the disassembly is not using the mov alias.

    opened by apt1002 4
  • Avoid `MaybeUninit` and `array_map` so that we can compile on Rust stable

    Avoid `MaybeUninit` and `array_map` so that we can compile on Rust stable

    Thanks for a great project. This is exactly what I need! However, I need a version that builds on Rust stable. Attempting to build on stable gives the following errors:

    $ cargo check
    [... lines omitted ...]
        Checking bad64 v0.2.0 (/home/apt1002/temp/bad64)
    error[E0554]: `#![feature]` may not be used on the stable release channel
      --> src/lib.rs:67:1
       |
    67 | #![feature(maybe_uninit_uninit_array, maybe_uninit_extra, maybe_uninit_slice)]
       | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    
    error[E0554]: `#![feature]` may not be used on the stable release channel
      --> src/lib.rs:68:1
       |
    68 | #![feature(array_map)]
       | ^^^^^^^^^^^^^^^^^^^^^^
    

    These problems are pretty easy to fix. It is sufficient to initialise some variables and find an alternative to array_map. You might not like all my choices in this pull request; they are only intended to show that the fix is easy.

    Yours hopefully,

    • Alistair
    opened by apt1002 4
  • Update bad64-sys requirement from 0.4 to 0.5

    Update bad64-sys requirement from 0.4 to 0.5

    Updates the requirements on bad64-sys to permit the latest version.

    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • More changes

    More changes

    The falcon arm64 stuff is almost done. The falcon portion, at least, is done.

    I am hoping you will upstream these changes. These changes:

    1. Eliminate that terrible, awful Operand::None case I put in your library for some reason. Apologies for that, and... it's gone. Instead, operands will default to an Imm::Unsigned(0). The user will never see those values, so it shouldn't matter too much. The original purpose of that case was to give us something to use instead of MaybeUninit, which is not yet stable.
    2. Implement the std::error::Error trait behind a std feature flag. The create remains no_std, but this is going to make it much easier to integrate Bad64 into projects which use convenience error things like error-chain or failure or what have you. No one should use those, btw, but the past is what it is.
    opened by endeav0r 1
  • build with stable rust

    build with stable rust

    So a wonderful person wrote an AARCH64 lifter for Falcon against these bindings :)! https://github.com/kawadakk/falcon/tree/aarch64-bad64

    I want to bring these bindings into Falcon (we're working it https://github.com/falconre/falcon/pull/108). In order for that to happen those bindings are going to need to build stable, which means bad64 will need to build stable.

    This PR is a proposal to make bad64 build stable. It's probably slightly slower than the original. Very open to comments. Let me know.

    opened by endeav0r 1
  • Add exhaustive decoding example

    Add exhaustive decoding example

    This panics on main right now, but run to completion, looks like:

    checked 134217728 words (3.1%) in 7.7s (19173961 words/sec)
    checked 268435456 words (6.3%) in 17.1s (15790321 words/sec)
    checked 402653184 words (9.4%) in 28.8s (14380471 words/sec)
    checked 536870912 words (12.5%) in 38.9s (14128182 words/sec)
    checked 671088640 words (15.6%) in 46.8s (14588883 words/sec)
    checked 805306368 words (18.8%) in 59.6s (13649260 words/sec)
    checked 939524096 words (21.9%) in 71.9s (13232734 words/sec)
    checked 1073741824 words (25.0%) in 82.1s (13094412 words/sec)
    checked 1207959552 words (28.1%) in 89.8s (13572579 words/sec)
    checked 1342177280 words (31.3%) in 99.6s (13557346 words/sec)
    checked 1476395008 words (34.4%) in 108.8s (13670324 words/sec)
    checked 1610612736 words (37.5%) in 118.2s (13649260 words/sec)
    checked 1744830464 words (40.6%) in 126.1s (13847861 words/sec)
    checked 1879048192 words (43.8%) in 138.6s (13616291 words/sec)
    checked 2013265920 words (46.9%) in 147.3s (13695687 words/sec)
    checked 2147483648 words (50.0%) in 157.1s (13678240 words/sec)
    checked 2281701376 words (53.1%) in 165.4s (13828493 words/sec)
    checked 2415919104 words (56.3%) in 174.7s (13884593 words/sec)
    checked 2550136832 words (59.4%) in 187.5s (13637095 words/sec)
    checked 2684354560 words (62.5%) in 197.2s (13626165 words/sec)
    checked 2818572288 words (65.6%) in 205.4s (13749133 words/sec)
    checked 2952790016 words (68.8%) in 218.2s (13544908 words/sec)
    checked 3087007744 words (71.9%) in 231.0s (13421773 words/sec)
    checked 3221225472 words (75.0%) in 240.1s (13421773 words/sec)
    checked 3355443200 words (78.1%) in 248.6s (13530013 words/sec)
    checked 3489660928 words (81.3%) in 258.4s (13525818 words/sec)
    checked 3623878656 words (84.4%) in 268.8s (13521935 words/sec)
    checked 3758096384 words (87.5%) in 277.4s (13567135 words/sec)
    checked 3892314112 words (90.6%) in 285.6s (13657242 words/sec)
    checked 4026531840 words (93.8%) in 294.3s (13695687 words/sec)
    checked 4160749568 words (96.9%) in 303.6s (13731847 words/sec)
    decoded 1544103388 valid instructions in 312.9s
    
    opened by ranweiler 0
  • Update xmas-elf requirement from 0.7 to 0.8

    Update xmas-elf requirement from 0.7 to 0.8

    Updates the requirements on xmas-elf to permit the latest version.

    Commits
    • 0663a34 Bump version to 0.8.0
    • 1ebee5e Merge pull request #63 from Freax13/cloneable-iters
    • 3ee1234 Merge pull request #62 from toku-sa-n/impl_upperhex
    • bbe7cba derive Clone for SectionIter and ProgramIter
    • e05218e feat: implement UpperHex for Flags
    • 3b7439c Merge pull request #60 from toku-sa-n/remove_try
    • 3fb82e6 refactor: use ? instead of try!
    • e7f4019 Merge pull request #59 from toku-sa-n/use_try
    • 267402c chore: use ? instead of try!
    • 2cad159 Merge pull request #58 from toku-sa-n/add_missing_dyn
    • Additional commits viewable in compare view

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 0
  • Update xmas-elf requirement from 0.8 to 0.9

    Update xmas-elf requirement from 0.8 to 0.9

    Updates the requirements on xmas-elf to permit the latest version.

    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 0
Owner
_yrp
_yrp
🍄 A disassembler for the UEFI Bytecode Virtual Machine.

?? A disassembler for the UEFI Bytecode Virtual Machine.

Samuel Wilder 51 Dec 6, 2022
Hashlink bytecode disassembler, analyzer, decompiler and assembler.

Hashlink bytecode This repository contains a collection of Rust crates and cli tools to load, disassemble, decompile and analyze Hashlink bytecode. Re

Guillaume Anthouard 24 Dec 21, 2022
A Fuel VM bytecode disassembler.

Fuel Disassembler A disassembler for the Fuel VM byte code. About The forc utility provides a parse-bytecode command which will print a bare-bones dis

Toby Hutton 2 Dec 5, 2022