Getting Started¶

Welcome to Binary Ninja. This introduction document is meant to quickly guide you over some of the most common uses of Binary Ninja.

Directories¶

Binary Ninja uses two main locations. The first is the install path of the binary itself and the second is the user folders for user-installed content.

Binary Path¶

Binaries are installed in the following locations by default:

• MacOS: /Applications/Binary Ninja.app
• Windows (global install): C:\Program Files\Vector35\BinaryNinja
• Windows (user install): %LOCALAPPDATA%\Vector35\BinaryNinja
• Linux: Wherever you extract it! (No standard location)

User Folder¶

The base locations of user folders are:

• MacOS: ~/Library/Application Support/Binary Ninja
• Linux: ~/.binaryninja
• Windows: %APPDATA%\Binary Ninja

Contents of the user folder includes:

• lastrun: A text file containing the directory of the last BinaryNinja binary path -- very useful for plugins to resolve the install locations in non-default settings or on Linux.
• license.dat: License file
• plugins/: Folder containing all manually installed user plugins
• repositories/: Folder containing files and plugins managed by the Plugin Manager API
• settings.json: User settings file (see settings)
• keybindings.json: Custom key bindings (see key bindings)

License¶

When you first run Binary Ninja, it will prompt you for your license key. You should have received your license key via email after your purchase. If not, please contact support.

Once the license key is installed, you can change it, back it up, or otherwise inspect it simply by looking inside the base of the user folder for license.dat.

Linux Setup¶

Because Linux install locations can vary widely, we do not assume a Binary Ninja has been installed in any particular folder on Linux. Rather, you can simply run binaryninja/scripts/linux-setup.sh after extracting the zip and various file associations, icons, and other settings will be set up. Run it with -h to see the customization options.

Loading Files¶

You can load files in many ways:

1. Drag-and-drop a file onto the Binary Ninja window
2. Use the File/Open menu or Open button on the start screen ([CMD/CTRL] o)
3. Use the File/Open with Options menu which allows you to customize the analysis options ([CMD/CTRL-SHIFT] o)
4. Open a file from the Triage picker (File/Open for Triage) which enables several minimal analysis options and shows a summary view first
5. Click an item in the recent files list (hold [CMD/CTRL-SHIFT] while clicking to use the Open with Options workflow)
6. Run Binary Ninja with an optional command-line parameter
7. Open a file from a URL via the [CMD/CTRL] l hotkey
8. Open a file using the binaryninja: URL handler. For security reasons, the URL handler requires you to confirm a warning before opening a file via the URL handler. URLs additionally support deep linking using the expr query parameter where expression value is a valid parsable expression such as those possible in the navigation dialog, and fully documented in the parse_expression API. Below a few examples are provided:
   • URLs For referencing files on the local file system.
     • binaryninja:///bin/ls?expr=sub_2830 - open the given file and navigate to the function: sub_2830
     • binaryninja:///bin/ls?expr=.text - open the given file and navigate to the start address of the .text section
     • binaryninja:///bin/ls?expr=.text+6b - open the given file and navigate to the hexadecimal offset 6b from the .text section.
   • URLs For referencing remote file files either the url should be prefixed with binaryninja: and optionally suffixed with the expr query parameter
     • binaryninja:file://<remote_path>?expr=[.data + 400] - Download the remote file and navigate to the address at .data plus 0x400

Analysis¶

As soon as you open a file, Binary Ninja begins its auto-analysis which is fairly similar to decompiling the entire binary.

Even while Binary Ninja is analyzing a binary, the UI should be responsive. Not only that, but because the analysis prioritizes user-requested analysis, you can start navigating a binary immediately and wherever you are viewing will be prioritized for analysis. The current progress through a binary is shown in the status bar (more details are available via bv.analysis_info in the Python console), but note that the total number of items left to analyze will go up as well as the binary is processed and more items are discovered that require analysis.

Errors or warnings during the load of the binary are also shown in the status bar, along with an icon (in the case of the image above, a large number of warnings were shown). The most common warnings are from incomplete lifting and can be safely ignored. If the warnings include a message like Data flow for function at 0x41414141 did not terminate, then please report the binary to the bug database.

Analysis Speed¶

If you wish to speed up analysis, you have several options. The first is to use the File/Open for Triage menu which activates the Triage file picker. By default, Triage mode will enable a faster set of default analysis options that doesn't provide as much in-depth analysis but is significantly faster.

Additionally, using the open with options feature allows for customization of a number of analysis options on a per-binary basis. See all settings under the analysis category for more details.

Interacting¶

Navigating¶

Navigating code in Binary Ninja is usually a case of just double-clicking where you want to go. Addresses, references, functions, jump edges, etc, can all be double-clicked to navigate. Additionally, the g hotkey can navigate to a specific address in the current view. Syntax for this field is very flexible. Full expressions can be entered including basic arithmetic, dereferencing, and name resolution (function names, data variable names, segment names, etc). Numerics default to hexadecimal but that can be controlled as well. Full documentation on the syntax of this field can be found here.

Switching Views¶

Switching views happens multiple ways. In some instances, it is automatic (clicking a data reference from graph view will navigate to linear view as data is not shown in the graph view), and there are multiple ways to manually change views as well. While navigating, you can use the view hotkeys (see below) to switch to a specific view at the same location as the current selection. Alternatively, the view menu in the bottom-right can be used to change views without navigating to any given location.

Command-Palette¶

One great feature for quickly navigating through a variety of options and actions is the command palette. Inspired by similar features in Sublime, and VS Code, the command-palette is a front end into an application-wide, context-sensitive action system that all actions, plugins, and hotkeys in the system are routed through.

To trigger it, simply use the [CMD/CTRL] p hotkey. Note that the command-palette is context-sensitive and therefore some actions (for example, Display as - Binary) may only be available depending on your current view or selection. This is also available to plugins. For example, a plugin may use PluginCommand.register with the optional is_valid callback to determine when the action should be available.

Custom Hotkeys¶

Any action in the action system can have a custom hotkey mapped to it. To access the keybindings menu, use the [CMD/CTRL-SHIFT] b hotkey, via the Edit / Keybindings... menu, or the Keybindings command palette entry.

Default Hotkeys¶

• h : Switch to hex view
• p : Create a function
• [ESC] : Navigate backward
• [CMD] [ (MacOS) : Navigate backward
• [CMD] ] (MacOS) : Navigate forward
• [CTRL] [ (Windows/Linux) : Navigate backward
• [CTRL] ] (Windows/Linux) : Navigate forward
• [SPACE] : Toggle between linear view and graph view
• g : Go To Address dialog
• n : Name a symbol
• u : Undefine an existing symbol (only for removing new user-defined names)
• e : Edits an instruction (by modifying the original binary -- currently only enabled for x86, and x64)
• x : Focuses the cross-reference pane
• ; : Adds a comment
• i : Cycles between disassembly, LLIL, MLIL and HLIL in graph view
• t : Switch to type view
• y : Change type
• a : Change the data type to an ASCII string
• [1248] : Change type directly to a data variable of the indicated widths
• d : Switches between data variables of various widths
• r : Change the data type to single ASCII character
• o : Create a pointer data type
• [CMD-SHIFT] + (MacOS) : Graph view zoom in
• [CMD-SHIFT] - (MacOS) : Graph view zoom out
• [CTRL-SHIFT] + (Windows/Linux) : Graph view zoom in
• [CTRL-SHIFT] - (Windows/Linux) : Graph view zoom out

Graph View¶

The default view in Binary Ninja when opening a binary is a graph view that groups the basic blocks of disassembly into visually distinct blocks with edges showing control flow between them.

Features of the graph view include:

• Ability to double click edges to quickly jump between locations
• Zoom (CTRL-mouse wheel)
• Vertical Scrolling (Side scroll bar as well as mouse wheel)
• Horizontal Scrolling (Bottom scroll bar as well as SHIFT-mouse wheel)
• Individual highlighting of arguments, addresses, immediate values
• Edge colors indicate whether the path is the true or false case of a conditional jump (a color-blind option in the preferences is useful for those with red-green color blindness)
• Context menu that can trigger some function-wide actions as well as some specific to the highlighted instruction (such as inverting branch logic or replacing a specific function with a NOP)

View Options¶

Each of the views (Hex, Graph, Linear) have a variety of options configurable in the bottom-right of the UI.

Current options include:

• Hex
  • Background highlight
    • None
    • Column
    • Byte value
  • Color highlight
    • None
    • ASCII and printable
    • Modification
  • Contrast
    • Normal
    • Medium
    • Highlight
• Graph
  • Show address
  • Show opcode bytes
  • Assembly
  • Lifted IL
    • Show IL flag usage (if showing Lifted IL)
  • Low Level IL
    • Show basic block register state (if showing Low Level IL)
  • Medium Level IL
    • Show basic block register state (if showing Medium IL)
  • High Level IL
    • Show basic block register state (if showing High IL)
• Linear
  • Show address
  • Show call parameter names
  • Show opcode bytes
  • Show register set highlighting
  • Show variable types
    • List default register types

Hex View¶

The hexadecimal view is useful for view raw binary files that may or may not even be executable binaries. The hex view is particularly good for transforming data in various ways via the Copy as, Transform, and Paste from menus. Note that Transform menu options will transform the data in-place, and that these options will only work when the Hex View is in the Raw mode as opposed to any of the binary views (such as "ELF", "Mach-O", or "PE").

Cross References Pane¶

The Cross References view in the lower-left shows all cross-references to the currently selected address or address range. Additionally this pane will change depending on whether an entire line is selected (all cross-references to that address are shown), or whether a specific token within the line is selected. For instance if you click on the symbol memmove in call memmove it will display all known cross-references to memmove, whereas if you click on the line the call instruction is on, you will only get cross-references to the address of the call instruction. Cross-references can be either incoming or outgoing, and they can be either data or code. To be explicit:

• Incoming-Data References - The reference is a data variable pointing to this location.
• Incoming-Code References - The reference is a pointer in code pointing to this location.
• Outgoing-Data References - The currently selected item is a data variable pointer to the reference which itself is either data or code.
• Outgoing-Code References - The currently selected item is code pointing to the reference which itself is either data or code.

Tree-based Layout¶

The cross-references pane comes in two different layouts: tree-based (default and shown above) and table-based (this can be toggled through the context menu or the command palette). The tree-based layout provides the most condensed view, allowing users to quickly see (for instance) how many references are present to the current selection overall and by function. It also allows collapsing to quickly hide uninteresting results.

Table-based Layout¶

The table-based layout provides field-based sorting and multi-select. Clicking the Filter text expands the filter pane, showing options for filtering the current results.

Cross-Reference Filtering¶

The first of the two drop down boxes allows the selection of incoming, outgoing, or both incoming and outgoing (default). The second allows selection of code, data, or code and data (default). The text box allows regular expression matching of results. When a filter is selected the Filter display changes from Filter (<total-count>) to Filter (<total-filtered>/<total-count>)

Cross-Reference Pinning¶

By default Binary Ninja's cross-reference pane is dynamic, allowing quick navigation to relevant references. Sometimes you might rather have the current references stick around so they can be used as a sort of work-list. This workflow is supported in three different ways. First and most obviously by clicking the Pin checkbox (which is only visible if the Filter drop-down is open). This prevents the list of cross-references from being updated even after the current selection is changed. Alternatively, SHIFT+X (or selecting Focus Pinned Cross References in the context menu or command palette) pops up a Pinned Cross References pane. This pane has a static address range which can only be updated through the Pinned Cross References action. The third way would be to select (or multi-select in table view) a set of cross-references then right-click Tag Selected Rows. The tag pane can then be used to navigate those references. Tags allow for persistent lists to be saved to analysis database whereas the other options only last for the current session.

Cross-Reference Hotkeys¶

• x - Focus the cross-references pane
• [SHIFT] x Focus the pinned cross-references pane
• [OPTION/ALT] x - Navigate to the next cross-reference
• [OPTION/ALT-SHIFT] x - Navigate to the previous cross-reference

The following are only available when the cross-references pane is in focus:

• [CMD/CTRL] f - Open the filter dialog
• [ESC] - Clear the search dialog
• [CMD/CTRL] a - Select all cross-references
• [ARROW UP/DOWN] - Select (but don't navigate) next/previous cross-reference
• [ENTER] - Navigate to the selected reference

Linear View¶

Linear view is a hybrid view between a graph-based disassembly window and the raw hex view. It lists the entire binary's memory in a linear fashion and is especially useful when trying to find sections of a binary that were not properly identified as code or even just examining data.

Linear view is most commonly used for identifying and adding type information for unknown data. To this end, as you scroll, you'll see data and code interspersed. Much like the graph view, you can turn on and off addresses via the command palette Show Address or the Options menu in the lower right. Many other option are also available.

Function List¶

The function list in Binary Ninja shows the list of functions currently identified. As large binaries are analyzed, the list may grow during analysis. The function list starts with known functions such as the entry point, exports, or using other features of the binary file format and explores from there to identify other functions.

The function list also highlights imports, and functions identified with symbols in different colors to make them easier to identify.

Script (Python) Console¶

The integrated script console is useful for small scripts that aren't worth writing as full plugins.

To trigger the console, either use <CTRL>-<BACKTICK>, or use the View/Native Docks/Show Python Console menu.

Once loaded, the script console can be docked in different locations or popped out into a stand-alone window. Note that at this time window locations are not saved on restart.

Multi-line input is possible just by doing what you'd normally do in python. If you leave a trailing : at the end of a line, the box will automatically turn into a multi-line edit box, complete with a command-history. To submit that multi-line input, use <CTRL>-<ENTER>

By default the interactive python prompt has a number of convenient helper functions and variables built in:

• here / current_address: address of the current selection
• bv / current_view / : the current BinaryView
• current_function: the current Function
• current_basic_block: the current BasicBlock
• current_llil: the current LowLevelILFunction
• current_mlil: the current MediumLevelILFunction
• current_selection: a tuple of the start and end addresses of the current selection
• write_at_cursor(data): function that writes data to the start of the current selection
• get_selected_data(): function that returns the data in the current selection

Using Plugins¶

Plugins can be installed by one of two methods. First, they can be manually installed by adding the plugin (either a .py file or a folder implementing a python module with a __init__.py file) to the appropriate path:

• MacOS: ~/Library/Application Support/Binary Ninja/plugins/
• Linux: ~/.binaryninja/plugins/
• Windows: %APPDATA%\Binary Ninja\plugins

Alternatively, plugins can be installed with the new pluginmanager API.

For more detailed information on plugins, see the plugin guide.

PDB Plugin¶

Binary Ninja supports loading PDB files through a built in PDB loader. When selected from the plugin menu it attempts to find the corresponding PDB file using the following search order:

1. Look for in the same directory as the opened file/bndb (e.g. If you have c:\foo.exe or c:\foo.bndb open the PDB plugin looks for c:\foo.pdb)
2. Look in the local symbol store. This is the directory specified by the settings: local-store-relative or local-store-absolute. The format of this directory is foo.pdb\<guid>\foo.pdb.
3. Attempt to connect and download the PDB from the list of symbol servers specified in setting symbol-server-list.
4. Prompt the user for the PDB.

Settings¶

Settings are available via the [CMD/CTRL] , hotkey and allow a wide variety of customization.

All settings are saved in the user directory in the file settings.json. Each top level object in this file is represents a different plugin or logical group.

Enabling the identifiers check box will show the raw identifiers used to set settings in the json file which may be useful for programmatically interacting with settings.

All Settings¶

Here's a list of all settings currently available from the UI:

Category	Setting	Description	Type	Default	Key
analysis	Disallow Branch to String	Enable the ability to halt analysis of branch targets that fall within a string reference. This setting may be useful for malformed binaries.	boolean	False	analysis.conservative.disallowBranchToString
analysis	Alternate Type Propagation	Enable an alternate approach for function type propagation. This setting is experimental and may be useful for some binaries.	boolean	False	analysis.experimental.alternateTypePropagation
analysis	Always Analyze Indirect Branches	When using faster analysis modes, perform full analysis of functions containing indirect branches.	boolean	True	analysis.forceIndirectBranches
analysis	Advanced Analysis Cache Size	Controls the number of functions for which the most recent generated advanced analysis is cached. Large values are may result in very high memory utilization.	number	64	analysis.limits.cacheSize
analysis	Max Function Analysis Time	Any functions that exceed this analysis time are deferred. A value of 0 disables this feature. The default value is 20 seconds. Time is specified in milliseconds.	number	20000	analysis.limits.maxFunctionAnalysisTime
analysis	Max Function Size	Any functions over this size will not be automatically analyzed. A value of 0 disables analysis of functions and suppresses the related log warning. To override see FunctionAnalysisSkipOverride. Size is specified in bytes.	number	65536	analysis.limits.maxFunctionSize
analysis	Max Function Update Count	Any functions that exceed this incremental update count are deferred. A value of 0 disables this feature.	number	100	analysis.limits.maxFunctionUpdateCount
analysis	Max Lookup Table Size	Limits the maximum number of entries for a lookup table.	number	4095	analysis.limits.maxLookupTableSize
analysis	Minimum String Length	The minimum length for strings created during auto-analysis	number	4	analysis.limits.minStringLength
analysis	Worker Thread Count	The number of worker threads available for concurrent analysis activities.	number	11	analysis.limits.workerThreadCount
analysis	Autorun Linear Sweep	Automatically run linear sweep when opening a binary for analysis.	boolean	True	analysis.linearSweep.autorun
analysis	Control Flow Graph Analysis	Enable the control flow graph analysis (Analysis Phase 3) portion of linear sweep.	boolean	True	analysis.linearSweep.controlFlowGraph
analysis	Detailed Linear Sweep Log Information	Linear sweep generates additional log information at the InfoLog level.	boolean	False	analysis.linearSweep.detailedLogInfo
analysis	Entropy Heuristics for Linear Sweep	Enable the application of entropy based heuristics to the function search space for linear sweep.	boolean	True	analysis.linearSweep.entropyHeuristics
analysis	Max Linear Sweep Work Queues	The number of binary regions under concurrent analysis.	number	64	analysis.linearSweep.maxWorkQueues
analysis	Analysis Mode	Controls the amount of analysis performed on functions.	string	full	analysis.mode
		enum: Only perform control flow analysis on the binary. Cross references are valid only for direct function calls. [Disassembly Only]	enum	controlFlow	analysis.mode
		enum: Perform fast initial analysis of the binary. This mode does not analyze types or data flow through stack variables. [LLIL and Equivalents]	enum	basic	analysis.mode
		enum: Perform analysis which includes type propagation and data flow. [MLIL and Equivalents]	enum	intermediate	analysis.mode
		enum: Perform full analysis of the binary.	enum	full	analysis.mode
analysis	Never Save Undo Data	Never save previous user actions to the database.	boolean	False	analysis.neverSaveUndoData
analysis	Autorun Function Signature Matcher	Automatically run the function signature matcher when opening a binary for analysis.	boolean	True	analysis.signatureMatcher.autorun
analysis	Auto Function Analysis Suppression	Enable suppressing analysis of automatically discovered functions.	boolean	False	analysis.suppressNewAutoFunctionAnalysis
analysis	Tail Call Heuristics	Attempts to recover function starts that may be obscured by tail call optimization (TCO). Specifically, branch targets within a function are analyzed as potential function starts.	boolean	True	analysis.tailCallHeuristics
analysis	Tail Call Translation	Performs tail call translation for jump instructions where the target is an existing function start.	boolean	True	analysis.tailCallTranslation
analysis	Unicode Blocks	Defines which unicode blocks to consider when searching for strings.	array	[]	analysis.unicode.blocks
analysis	UTF-16 Encoding	Whether or not to consider UTF-16 code points when searching for strings.	boolean	True	analysis.unicode.utf16
analysis	UTF-32 Encoding	Whether or not to consider UTF-32 code points when searching for strings.	boolean	True	analysis.unicode.utf32
analysis	UTF-8 Encoding	Whether or not to consider UTF-8 code points when searching for strings.	boolean	True	analysis.unicode.utf8
arch	x86 Disassembly Case	Specify the case for opcodes, operands, and registers.	boolean	True	arch.x86.disassembly.lowercase
arch	x86 Disassembly Separator	Specify the token separator between operands.	string	,	arch.x86.disassembly.separator
arch	x86 Disassembly Syntax	Specify disassembly syntax for the x86/x86_64 architectures.	string	BN_INTEL	arch.x86.disassembly.syntax
		enum: Sets the disassembly syntax to a simplified Intel format. (TBD)	enum	BN_INTEL	arch.x86.disassembly.syntax
		enum: Sets the disassembly syntax to Intel format. (Destination on the left)	enum	INTEL	arch.x86.disassembly.syntax
		enum: Sets the disassembly syntax to AT&T format. (Destination on the right)	enum	AT&T	arch.x86.disassembly.syntax
downloadClient	HTTPS Proxy	Override default HTTPS proxy settings. By default, HTTPS Proxy settings are detected and used automatically via environment variables (e.g., https_proxy). Alternatively, proxy settings are obtained from the Internet Settings section of the Windows registry, or the Mac OS X System Configuration Framework.	string		downloadClient.httpsProxy
downloadClient	Download Provider	Specify the registered DownloadProvider which enables resource fetching over HTTPS.	string	PythonDownloadProvider	downloadClient.providerName
			enum	QtDownloadProvider	downloadClient.providerName
			enum	PythonDownloadProvider	downloadClient.providerName
pdb	Auto Download PDBs	Automatically download pdb files from specified symbol servers.	boolean	True	pdb.autoDownload
pdb	Absolute PDB Symbol Store Path	Absolute path specifying where the PDB symbol store exists on this machine, overrides relative path.	string		pdb.localStoreAbsolute
pdb	Relative PDB Symbol Store Path	Path relative to the binaryninja user directory, specifying the pdb symbol store.	string	symbols	pdb.localStoreRelative
pdb	Symbol Server List	List of servers to query for pdb symbols.	array	['https://msdl.microsoft.com/download/symbols']	pdb.symbolServerList
pluginManager	Community Plugin Manager Update Channel	Specify which community update channel the Plugin Manager should update plugins from.	string	master	pluginManager.communityUpdateChannel
		enum: The default channel. This setting should be used unless you are testing the Plugin Manager.	enum	master	pluginManager.communityUpdateChannel
		enum: Plugin Manager test channel.	enum	test	pluginManager.communityUpdateChannel
pluginManager	Official Plugin Manager Update Channel	Specify which official update channel the Plugin Manager should update plugins from.	string	master	pluginManager.officialUpdateChannel
		enum: The default channel. This setting should be used unless you are testing the Plugin Manager.	enum	master	pluginManager.officialUpdateChannel
		enum: Plugin Manager test channel.	enum	test	pluginManager.officialUpdateChannel
python	Python Interpreter	Python interpreter library(dylib/dll/so.1) to load if one is not already present when plugins are loaded.	string	libpython2.7.dylib	python.interpreter
triage	Triage Analysis Mode	Controls the amount of analysis performed on functions when opening for triage.	string	basic	triage.analysisMode
		enum: Only perform control flow analysis on the binary. Cross references are valid only for direct function calls.	enum	controlFlow	triage.analysisMode
		enum: Perform fast initial analysis of the binary. This mode does not analyze types or data flow through stack variables.	enum	basic	triage.analysisMode
		enum: Perform full analysis of the binary.	enum	full	triage.analysisMode
triage	Triage Shows Hidden Files	Whether the Triage file picker shows hidden files.	boolean	False	triage.hiddenFiles
triage	Triage Linear Sweep Mode	Controls the level of linear sweep performed when opening for triage.	string	partial	triage.linearSweep
		enum: Do not perform linear sweep of the binary.	enum	none	triage.linearSweep
		enum: Perform linear sweep on the binary, but skip the control flow graph analysis phase.	enum	partial	triage.linearSweep
		enum: Perform full linear sweep on the binary.	enum	full	triage.linearSweep
triage	Always Prefer Triage Summary View	Always prefer opening binaries in Triage Summary view, even when performing full analysis.	boolean	False	triage.preferSummaryView
triage	Prefer Triage Summary View for Raw Files	Prefer opening raw files in Triage Summary view.	boolean	False	triage.preferSummaryViewForRaw
ui	Color Blind	Choose colors that are visible to those with red/green color blindness.	boolean	False	ui.colorBlind
ui	Debug Mode	Enable developer debugging features (Additional views: Lifted IL, and IL SSA forms).	boolean	False	ui.debugMode
ui	Dock Window Title Bars	Enable to display title bars for dockable windows attached to a main window.	boolean	True	ui.docks.titleBars
ui	Feature Map Auto-Rotate	Automatically rotate the feature map orientation based on the current layout and dimensions.	boolean	True	ui.featureMap.autoRotate
ui	Feature Map	Enable the feature map which displays a visual overview of the BinaryView.	boolean	True	ui.featureMap.enable
ui	Feature Map File-Backed Only Mode	Exclude mapped regions that are not backed by a load file.	boolean	False	ui.featureMap.fileBackedOnly
ui	Antialiasing	Select font antialiasing style.	string	subpixel	ui.font.antialiasing
		enum: Perform subpixel antialiasing on fonts.	enum	subpixel	ui.font.antialiasing
		enum: Avoid subpixel antialiasing on fonts if possible.	enum	grayscale	ui.font.antialiasing
		enum: No subpixel antialiasing at High DPI.	enum	hidpi	ui.font.antialiasing
		enum: No font antialiasing.	enum	none	ui.font.antialiasing
ui	Bold Fonts	Allow bold fonts.	boolean	True	ui.font.bold
ui	Font Name	Font family selection.	string	Source Code Pro	ui.font.name
ui	Font Size	Font point size selection.	number	12	ui.font.size
ui	Line Spacing	Specify an additional distance between adjacent baselines.	number	1	ui.font.spacing
ui	Graph Carousel	Graphs and order of graphs to display for 'i' keystroke	array	['Disassembly', 'LowLevelIL', 'MediumLevelIL', 'HighLevelIL']	ui.graph.carousel
			enum	Disassembly	ui.graph.carousel
			enum	LowLevelIL	ui.graph.carousel
			enum	LiftedIL	ui.graph.carousel
			enum	LowLevelILSSAForm	ui.graph.carousel
			enum	MediumLevelIL	ui.graph.carousel
			enum	MediumLevelILSSAForm	ui.graph.carousel
			enum	MappedMediumLevelIL	ui.graph.carousel
			enum	MappedMediumLevelILSSAForm	ui.graph.carousel
			enum	HighLevelIL	ui.graph.carousel
			enum	HighLevelILSSAForm	ui.graph.carousel
ui	Default Disassembly Graph	Default disassembly graph to display on startup.	string	Disassembly	ui.graph.default
			enum	Disassembly	ui.graph.default
			enum	LowLevelIL	ui.graph.default
			enum	LiftedIL	ui.graph.default
			enum	LowLevelILSSAForm	ui.graph.default
			enum	MediumLevelIL	ui.graph.default
			enum	MediumLevelILSSAForm	ui.graph.default
			enum	MappedMediumLevelIL	ui.graph.default
			enum	MappedMediumLevelILSSAForm	ui.graph.default
			enum	HighLevelIL	ui.graph.default
			enum	HighLevelILSSAForm	ui.graph.default
ui	Prefer Disassembly Graph	Prefer disassembly graph over linear view on startup.	boolean	False	ui.graph.preferred
ui	Number of history entries to store.	Controls the number of history entries to store for input dialogs.	number	50	ui.inputHistoryCount
ui	Minimum UI Log Level	Set the minimum log level for the UI log.	string	InfoLog	ui.log.minLevel
		enum: Display Debug, Info, Warning, Error, and Alert messages to log console.	enum	DebugLog	ui.log.minLevel
		enum: Display Info, Warning, Error, and Alert messages to log console.	enum	InfoLog	ui.log.minLevel
		enum: Display Warning, Error, and Alert messages to log console.	enum	WarningLog	ui.log.minLevel
		enum: Display Error and Alert messages to log console.	enum	ErrorLog	ui.log.minLevel
		enum: Display Alert messages to log console.	enum	AlertLog	ui.log.minLevel
ui	Manual Tooltip	Enable to prevent tooltips from showing without <ctrl> being held.	boolean	False	ui.manualTooltip
ui	Recent File Limit	Specify a limit for the recent file history.	number	10	ui.recentFileLimit
ui	Scripting Provider	Specify the registered ScriptingProvider for the default scripting console in the UI	string	Python	ui.scriptingProvider
			enum	Python	ui.scriptingProvider
ui	Display Settings Identifiers	Display setting identifiers in the UI settings view.	boolean	False	ui.settings.displayIdentifiers
ui	Theme	Customize the appearance and style of Binary Ninja.	string	Dark	ui.theme
ui	Linear View Carousel	Views and order of views to display for 'i' keystroke	array	['Disassembly', 'LowLevelIL', 'MediumLevelIL', 'HighLevelIL']	ui.view.disassembly.carousel
			enum	Disassembly	ui.view.disassembly.carousel
			enum	LowLevelIL	ui.view.disassembly.carousel
			enum	LiftedIL	ui.view.disassembly.carousel
			enum	LowLevelILSSAForm	ui.view.disassembly.carousel
			enum	MediumLevelIL	ui.view.disassembly.carousel
			enum	MediumLevelILSSAForm	ui.view.disassembly.carousel
			enum	MappedMediumLevelIL	ui.view.disassembly.carousel
			enum	MappedMediumLevelILSSAForm	ui.view.disassembly.carousel
			enum	HighLevelIL	ui.view.disassembly.carousel
			enum	HighLevelILSSAForm	ui.view.disassembly.carousel
ui	Gutter Width	Disassembly view gutter and tags width, in characters.	number	5	ui.view.disassembly.gutterWidth
ui	Default Linear View Type	Default linear view type to display on startup.	string	HighLevelIL	ui.view.disassembly.type
			enum	Disassembly	ui.view.disassembly.type
			enum	LowLevelIL	ui.view.disassembly.type
			enum	LiftedIL	ui.view.disassembly.type
			enum	LowLevelILSSAForm	ui.view.disassembly.type
			enum	MediumLevelIL	ui.view.disassembly.type
			enum	MediumLevelILSSAForm	ui.view.disassembly.type
			enum	MappedMediumLevelIL	ui.view.disassembly.type
			enum	MappedMediumLevelILSSAForm	ui.view.disassembly.type
			enum	HighLevelIL	ui.view.disassembly.type
			enum	HighLevelILSSAForm	ui.view.disassembly.type
ui	TypeView Line Numbers	Controls the display of line numbers in the types view.	boolean	True	ui.view.types.lineNumbers
updates	Active Content	Allow Binary Ninja to connect to the update server to check for updates and release notes.	boolean	True	updates.activeContent
updates	Update Channel Preferences	Select update channel and version.	string	None	updates.channelPreferences
updates	Show All Versions	Show all versions that are available for the current update channel in the UI.	boolean	False	updates.showAllVersions
user	Email	The email that will be shown when collaborating with other users.	string		user.email
user	Name	The name that will be shown when collaborating with other users.	string		user.name

Updates¶

Binary Ninja automatically updates itself by default. This functionality can be disabled in the Update Channel dialog ([CMD/CTRL] p, Update Channel, or under the Preferences sub menu available under Edit on Linux and Windows, and the Application menu on MacOS) preferences by turning off the Update to latest version automatically option.

Updates are silently downloaded in the background and when complete an option to restart is displayed in the status bar. Whenever Binary Ninja restarts next, it will replace itself with the new version as it launches.

On windows, this is achieved through a separate launcher that loads first and replaces the installation before launching the new version which you'll notice as a separate window. On MacOS and Linux, the original installation is overwritten after the update occurs as these operating systems allow files to be replaced while running. The update on restart is thus immediate.

Unicode Support¶

Currently, Unicode support for Big Endian strings is very limited. Also, UTF-16 only supports Basic Latin code points.

Getting Support¶

Vector 35 offers a number of ways to receive support.