Author: Daniel Roethlisberger
Annotation of Apple libclosure blocks.
Type annotation of stack and global blocks, block descriptors, variables closed over and related function signatures in Binary Ninja. Blocks are an implementation of closures often found in C, C++, ObjC and ObjC++ code for Apple platforms. Blocks are distinct from C++ lambdas.
Commands:
- Annotate all blocks
- Annotate all global blocks
- Annotate all stack blocks
- Annotate global block here
- Annotate stack block here
- Annotate stack byref here
Features:
- Find and annotate global and stack blocks
- Annotate block imported variables based on inline or out-of-line generic helper info or extended layout
- Annotate block invoke function type based on encoded block ObjC type signature
- Annotate block descriptors, copy/dispose functions, generic helper info and out-of-line extended layout bytecode
- Annotate stack byrefs (
__blockvariables) based on non-extended layout or inline or out-of-line extended layout, including keep and destroy functions - Define per-block and per-byref named structs to allow for manual fixups
- Define structs for fully manual annotation:
Block_literal,Block_descriptor_1,Block_descriptor_2,Block_descriptor_3,Block_byref_1,Block_byref_2,Block_byref_3
Known limitations:
- Automatic discovery of blocks and byrefs on the stack is unreliable by nature and depends on Binary Ninja's ability to lift into clean HLIL
- No support for 32-bit architectures
- No support for "small descriptors", "old GC layout", older block layout before the introduction of block descriptors
- Byrefs passed as function arguments are not automatically discovered
Blocks language docs:
- Blocks Programming Topics, Apple Documentation Archive
- LLVM Block Language Spec
Blocks implementation details:
- libclosure, source code and two spec documents
- LLVM Block ABI
Objective-C Type Encodings:
- Type Encodings, Objective-C Runtime Programming Guide, Apple Documentation Archive
- LLVM code emitting type encodings
This plugin is released under an MIT license.