-
I was doing some reverse engineering and saw a constant 0x4000 in a binary that I believe comes from NTIFS.H: How can I add that information to Binary Ninja so I can replace the constant value with a more useful representation? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
Thanks psifertex for asking such a question I'm sure other people have. 😉 There are two ways you can do this. The first is the much more robust scalable way to add lots of new types. Specifically, once you've identified the source of your enum as you linked above, you can use the import header file interface in the UI to include the entire set of headers. You'll probably want to follow the guide on importing system headers, specifically the section on windows system headers. However, the quicker and easier way is to just manually create an enum yourself. Either find the exact enum you want, or just create your own: enum FileType
{
S_IFIFO = 0x1000,
S_IFCHR = 0x2000,
S_IFDIR = 0x4000,
S_IFBLK = 0x6000,
S_IFREG = 0x8000,
S_IFLNK = 0xa000,
S_IFSOCK = 0xc000
};
As long as your enum is simple and self-contained you shouldn't need any of the complicated steps for importing system headers above. Just go to the "Types" side-panel: And hit You will then see the type show up in the user types section: And you can replace a constant value in decompilation by selecting the token in the decompilation and using the |
Beta Was this translation helpful? Give feedback.
Thanks psifertex for asking such a question I'm sure other people have. 😉
There are two ways you can do this. The first is the much more robust scalable way to add lots of new types. Specifically, once you've identified the source of your enum as you linked above, you can use the import header file interface in the UI to include the entire set of headers. You'll probably want to follow the guide on importing system headers, specifically the section on windows system headers.
However, the quicker and easier way is to just manually create an enum yourself. Either find the exact enum you want, or just create your own: