Awesome

Apple Blocks Plugin

Author: Daniel Roethlisberger

Description

Type annotation of stack and global blocks, block descriptors, variables closed over and related function signatures in Binary Ninja. Blocks are an implementation of closures often found in C, C++, ObjC and ObjC++ code for Apple platforms. Blocks are not the same as C++ lambdas.

Stack block before annotation:

Screenshot of stack block before annotation

Stack block after annotation:

Screenshot of stack block after annotation

Invoke function before annotation:

Screenshot of invoke function before annotation

Invoke function after annotation:

Screenshot of invoke function after annotation

Commands:

Annotate all blocks
Annotate all global blocks
Annotate all stack blocks
Annotate global block here
Annotate stack block here
Remove plugin comment here (deprecated)

Features:

Find and annotate global and stack blocks
Annotate block imported variables based on inline or out-of-line generic helper info or extended layout
Annotate block invoke function type based on encoded block ObjC type signature
Annotate block descriptors, copy/dispose functions, generic helper info and out-of-line extended layout bytecode
Annotate stack byrefs (__block variables) based on non-extended layout or inline or out-of-line extended layout, including keep and destroy functions
Define per-block and per-byref named structs to allow for manual fixups
Define structs for fully manual annotation: Block_literal, Block_descriptor_1, Block_descriptor_2, Block_descriptor_3, Block_byref_1, Block_byref_2, Block_byref_3.

Known limitations:

Automatic discovery of blocks and byrefs on the stack is unreliable by nature and depends on Binary Ninja's ability to lift into clean HLIL
No support for "small descriptors"
No support for 32-bit architectures
No support for "old GC layout"
No support for older block layout from before the introduction of block descriptors
Byrefs passed as function arguments are not automatically discovered

References

Blocks language docs:

Blocks Programming Topics, Apple Documentation Archive
LLVM Block Language Spec

Blocks implementation details:

libclosure, source code and two spec documents
LLVM Block ABI

Objective-C Type Encodings:

Type Encodings, Objective-C Runtime Programming Guide, Apple Documentation Archive
LLVM code emitting type encodings

License

This plugin is released under an MIT license.