Find and generate byte patterns for x86_64 in Binary Ninja.
Generate pattern (right-click an address in a function) extends one instruction
at a time, wildcarding operands, until the resulting pattern is unique within
executable segments, then copies it to the clipboard.
Find pattern (Plugins menu) searches executable segments for a user-entered
pattern. Wildcards accept either ?? (FlexHex, default) or ? (legacy).
- Binary Ninja >= 5.0 (build 7648). Older builds fall back to a Python search.
capstonein Binary Ninja's per-user site-packages.install.pypip installs it for you against the right Python ABI.
git clone <this repo>
cd binja-patterns
python install.py # link + pip install capstone into BN
python install.py --copy # snapshot copy + pip install
python install.py --no-deps # plugin only, install capstone yourself
python install.py --uninstall
The script writes the plugin into the standard user folder:
| OS | Path |
|---|---|
| Windows | %APPDATA%\Binary Ninja\plugins\ |
| macOS | ~/Library/Application Support/Binary Ninja/plugins/ |
| Linux | ~/.binaryninja/plugins/ |
And installs pip dependencies into <user folder>/pythonXY/site-packages,
matching the wheel ABI to BN's Python version (auto-detected from existing
pythonXY/ folders).
Other flags:
--user-folder PATH-- override the BN user folder.--name NAME-- override the plugin directory name.--bn-python-version 3.10-- override Python version detection.
To install capstone by hand instead: open BN's command palette
(Ctrl/Cmd+P), run Install python3 module, and enter capstone.
Settings -> Plugins -> Patterns:
Max instructions-- instruction budget for one generated pattern (default 128).Wildcard token--??(FlexHex, default) or?(legacy).Search executable segments only-- uncheck to scan all segments.
MIT.