Symbols and data variables for import functions overwritten by PDB parser with lower quality symbols/data vars

Vector35 / binaryninja-api

Public API, examples, documentation and issues for Binary Ninja

https://binary.ninja/

MIT License

927 stars 209 forks source link

Symbols and data variables for import functions overwritten by PDB parser with lower quality symbols/data vars #4051

Closed xusheng6 closed 1 year ago

xusheng6 commented 1 year ago

kernel32-64.dll_.zip

For the attached file, we can see the IAT table is not correctly processed, that the import symbols are not defined:

Screenshot 2023-03-01 at 11 24 15 AM

For comparison, a typical x64 file looks like this:

Screenshot 2023-03-01 at 11 24 55 AM

xusheng6 commented 1 year ago

This is also caused by the downloading a PDB. If I disable the PDB, then everything works fine.

xusheng6 commented 1 year ago

The problem is that the PDB parser overwrites the import function symbols and the data var with information from the PDB (as illustrated in the first screenshot), but the info from PDB is having a lower quality than we already have (in the second screenshot).

CouleeApps commented 1 year ago

This has since been resolved (as of 3.4.4163), although note that type libraries for those functions still do not exist.