Default package
Get desktop application:
View/edit binary Protocol Buffers messages
message
binexport2.proto:67optional meta_information = 1
repeated expression = 2
repeated operand = 3
repeated mnemonic = 4
repeated instruction = 5
repeated basic_block = 6
repeated flow_graph = 7
optional call_graph = 8
repeated string string_table = 9
repeated address_comment = 10
No longer written. This is here so that BinDiff can work with older BinExport files.
repeated comment = 17
Rich comment index used for BinDiff's comment porting.
repeated string_reference = 11
repeated expression_substitution = 12
repeated section = 13
repeated library = 14
repeated data_reference = 15
repeated module = 16
message
binexport2.proto:227Used in:
repeated instruction_index = 1
Implicit: instruction sequence
message
binexport2.proto:233This is a space optimization. The instructions for an individual basic block will usually be in a continuous index range. Thus it is more efficient to store the range instead of individual indices. However, this does not hold true for all basic blocks, so we need to be able to store multiple index ranges per block.
Used in:
optional int32 begin_index = 1
These work like begin and end iterators, i.e. the sequence is [begin_index, end_index). If the sequence only contains a single element end_index will be omitted.
optional int32 end_index = 2
message
binexport2.proto:87Used in:
repeated vertex = 1
vertices == functions in the call graph. Important: Most downstream tooling (notably BinDiff), need these to be sorted by `Vertex::address` (ascending). For C++, the `BinExport2Writer` class enforces this invariant.
repeated edge = 2
edges == calls in the call graph.
message
binexport2.proto:129Used in:
optional int32 source_vertex_index = 1
source and target index into the vertex repeated field.
optional int32 target_vertex_index = 2
message
binexport2.proto:88Used in:
optional uint64 address = 1
The function's entry point address. Messages need to be sorted, see comment below on `vertex`.
optional Vertex.Type type = 2
optional string mangled_name = 3
If the function has a user defined, real name it will be given here. main() is a proper name, sub_BAADF00D is not (auto generated dummy name).
optional string demangled_name = 4
Demangled name if the function is a mangled C++ function and we could demangle it.
optional int32 library_index = 5
If this is a library function, what is its index in library arrays.
optional int32 module_index = 6
If module name, such as class name for DEX files, is present - index in module table.
Used in:
NORMAL = 0
Regular function with full disassembly.
LIBRARY = 1
This function is a well known library function.
IMPORTED = 2
Imported from a dynamic link library (e.g. dll).
THUNK = 3
A thunk function, forwarding its work via an unconditional jump.
INVALID = 4
An invalid function (a function that contained invalid code or was considered invalid by some heuristics).
message
binexport2.proto:301Used in:
optional int32 instruction_index = 1
Index into the global instruction table. This is here to enable comment processing without having to iterate over all instructions. There is an N:M mapping of instructions to comments.
optional int32 instruction_operand_index = 2
Index into the operand array local to an instruction.
optional int32 operand_expression_index = 3
Index into the expression array local to an operand, like in Reference. This is not currently used, but allows to implement expression substitutions.
optional int32 string_table_index = 4
Index into the global string table.
optional bool repeatable = 5
Comment is propagated to all locations that reference the original location.
optional Comment.Type type = 6
Used in:
DEFAULT = 0
A regular instruction comment. Typically displayed next to the instruction disassembly.
ANTERIOR = 1
A comment line that is typically displayed before (above) the instruction it refers to.
POSTERIOR = 2
Like ANTERIOR, but a typically displayed after (below).
FUNCTION = 3
Similar to an ANTERIOR comment, but applies to the beginning of an identified function. Programs displaying the proto may choose to render these differently (e.g. above an inferred function signature).
ENUM = 4
Named constants, bitfields and similar.
LOCATION = 5
Named locations, usually the target of a jump.
GLOBAL_REFERENCE = 6
Data cross references.
LOCAL_REFERENCE = 7
Local/stack variables.
message
binexport2.proto:293Used in:
optional int32 instruction_index = 1
Index into the global instruction table.
optional uint64 address = 2
Address being referred.
message
binexport2.proto:146An operand consists of 1 or more expressions, linked together as a tree.
Used in:
optional Expression.Type type = 1
IMMEDIATE_INT is by far the most common type and thus we can save some space by omitting it as the default.
optional string symbol = 2
Symbol for this expression. Interpretation depends on type. Examples include: "eax", "[", "+"
optional uint64 immediate = 3
If the expression can be interpreted as an integer value (IMMEDIATE_INT) the value is given here.
optional int32 parent_index = 4
The parent expression. Example expression tree for the second operand of: mov eax, b4 [ebx + 12] "b4" --- "[" --- "+" --- "ebx" \ "12"
optional bool is_relocation = 5
true if the expression has entry in relocation table
Used in:
SYMBOL = 1
IMMEDIATE_INT = 2
IMMEDIATE_FLOAT = 3
OPERATOR = 4
REGISTER = 5
SIZE_PREFIX = 6
DEREFERENCE = 7
message
binexport2.proto:245Used in:
repeated int32 basic_block_index = 1
Basic blocks are sorted by address.
optional int32 entry_basic_block_index = 3
The flow graph's entry point address is the first instruction of the entry_basic_block.
repeated edge = 2
message
binexport2.proto:246Used in:
optional int32 source_basic_block_index = 1
Source instruction will always be the last instruction of the source basic block, target instruction the first instruction of the target basic block.
optional int32 target_basic_block_index = 2
optional Edge.Type type = 3
optional bool is_back_edge = 4
Indicates whether this is a loop edge as determined by Lengauer-Tarjan.
Used in:
CONDITION_TRUE = 1
CONDITION_FALSE = 2
UNCONDITIONAL = 3
SWITCH = 4
message
binexport2.proto:197Used in:
optional uint64 address = 1
This will only be filled for instructions that do not just flow from the immediately preceding instruction. Regular instructions will have to calculate their own address by adding raw_bytes.size() to the previous instruction's address.
repeated uint64 call_target = 2
If this is a call instruction and call targets could be determined they'll be given here. Note that we may or may not have a flow graph for the target and thus cannot use an index into the flow graph table here. We could potentially use call graph nodes, but linking instructions to the call graph directly does not seem a good choice.
optional int32 mnemonic_index = 3
Index into the mnemonic array of strings. Used for de-duping the data. The default value is used for the most common mnemonic in the executable.
repeated int32 operand_index = 4
Indices into the operand tree. On X86 this can be 0, 1 or 2 elements long, 3 elements with VEX/EVEX. Implicit: operand sequence
optional bytes raw_bytes = 5
The unmodified input bytes corresponding to this instruction.
repeated int32 comment_index = 6
Implicit: comment sequence
message
binexport2.proto:372Used in:
optional bool is_static = 1
If this library is statically linked.
optional uint64 load_address = 2
Address where this library was loaded, 0 if unknown.
optional string name = 3
Name of the library (format is platform-dependent).
message
binexport2.proto:68Used in:
optional string executable_name = 1
Input binary filename including file extension but excluding file path. example: "insider_gcc.exe"
optional string executable_id = 2
Application defined executable id. Often the SHA256 hash of the input binary.
optional string architecture_name = 3
Input architecture name, e.g. x86-32.
optional int64 timestamp = 4
When did this file get created? Unix time. This may be used for some primitive versioning in case the file format ever changes.
message
binexport2.proto:192An instruction has exactly 1 mnemonic.
Used in:
optional string name = 1
Literal representation of the mnemonic, e.g.: "mov".
message
binexport2.proto:383Used in:
optional string name = 1
Name, such as Java class name. Platform-dependent.
message
binexport2.proto:180An instruction may have 0 or more operands.
Used in:
repeated int32 expression_index = 1
Contains all expressions constituting this operand. All expressions should be linked into a single tree, i.e. there should only be one expression in this list with parent_index == NULL and all others should descend from that. Rendering order for expressions on the same tree level (siblings) is implicitly given by the order they are referenced in this repeated field. Implicit: expression sequence
message
binexport2.proto:279Generic reference class used for address comments (deprecated), string references and expression substitutions. It allows referencing from an instruction, operand, expression subtree tuple to a de-duped string in the string table.
Used in:
optional int32 instruction_index = 1
Index into the global instruction table.
optional int32 instruction_operand_index = 2
Index into the operand array local to an instruction.
optional int32 operand_expression_index = 3
Index into the expression array local to an operand.
optional int32 string_table_index = 4
Index into the global string table.
message
binexport2.proto:355Used in:
optional uint64 address = 1
Section start address.
optional uint64 size = 2
Section size.
optional bool flag_r = 3
Read flag of the section, True when section is readable.
optional bool flag_w = 4
Write flag of the section, True when section is writable.
optional bool flag_x = 5
Execute flag of the section, True when section is executable.