Component Creation¶
The Component Creation feature of Sidekick automatically identifies groups of related functions (think compilation units) and arranges them hierarchically, making it easier to understand the binary program's structure.
How it works¶
Sidekick uses features derived from BinaryNinja's static analysis and consolidates them into a single graph that captures the relationships between functions. The graph is uploaded to the Sidekick service where it is partitioned into components, arranged hierarchically to form a tree. The tree is then displayed in the Symbols sidebar.
Sidekick attempts to name the components based on function names and other symbols it finds. If these features are not present in the binary, the components will be named based on their location in the binary. However, you can always use the Sidekick Suggestions feature to infer more meaningful names.
How to use it¶
Component Creation applies to the current function or a set of functions depending on which operation is performed. To create a component for the current function, click on the Create Component item in the Plugins/Sidekick menu.
The operation can take a few minutes to complete, depending on the number of functions selected. When it's done, you'll see the components in the Symbols sidebar.
Note
In Sidekick versions before 2.0, components can also be created for the set of functions within the current index of the Sidekick Indexes sidebar by clicking on the Create Components in Current Index item in the Plugins/Sidekick menu or Create components for functions in this index icon in the Sidekick Indexes sidebar
How to customize it¶
The component creation algorithm has several parameters that you can adjust to customize its behavior. To adjust these parameters, go to the Settings tab and locate the Sidekick.components section. The following options are available:
| Option | Description |
|---|---|
| Minimum Component Size | The minimum number of functions that a component must contain. The default is 2. |
| Maximum Component Size | The maximum number of functions that a component must contain. The default is 50. |
| Component Depth | The maximum depth of the component tree. The default is 3. |
| Maximum Tier Width | The maximum number of components in a tier. The default is 7. |
| Maximum Adjacent Distance | The maximum distance between adjacent functions in a leaf component. The default is 1. |
Note
The default values for the component clustering options are based on our experience with the most common types of binaries. You can experiment with other values, but the results may vary depending on your binary.
You can configure how components are named. The sidekick.components.naming_convention setting controls the naming convention:
| Value | Description |
|---|---|
| any | Use whatever names are generated by the model. |
| snake | Formats the variable name as snake_case. |
| camel | Formats the variable name as camelCase. |
| pascal | Formats the variable name as PascalCase. |
How to interpret it¶
The component creation process depends on the features that are available in the binary. Some binaries will have more indicators than others. In general, the components will correspond to logical units of the program and roughly correspond to its compilation units, libraries, or subsystems.