search

Vector35 / binaryninja-api

Public API, examples, documentation and issues for Binary Ninja
https://binary.ninja/
MIT License
899 stars 203 forks source link

Function chunks not always automatic #4337

Closed joelreymont closed 1 year ago

joelreymont commented 1 year ago

Version and Platform (required):

This is wrong 

00008e08  int32_t sub_8e08(void* arg1 @ r4, void* arg2 @ r6, int32_t* arg3 @ r7, int32_t arg4 @ r8, int32_t arg5 @ r9, int32_t arg6 @ r10, int32_t arg7 @ r11, int32_t arg8, 
00008e08      int32_t arg9, int32_t arg10, int32_t arg11, int32_t arg12, int32_t arg13, int32_t arg14, int32_t arg15, int32_t arg16, int32_t arg17, int32_t arg18, 
00008e08      int32_t arg19, char arg20, char arg21, int32_t arg22, int32_t arg23, int32_t arg24, int32_t arg25, int32_t arg26, int32_t arg27, int32_t arg28, int32_t arg29, 
00008e08      int32_t* arg30, int32_t arg31)

00008e08  bbf1000f   cmp     r11, #0
00008e0c  2fd0       beq     #0x8e6e

00008e0e  baf1000f   cmp     r10, #0
00008e12  2cd1       bne     #0x8e6e
...

and should really look like this. And it does, once I undefine sub_8e08.

00008e08  bbf1000f   cmp     r11, #0
00008e0c  2fd0       beq     #0x8e6e

00008e0e  baf1000f   cmp     r10, #0
00008e12  2cd1       bne     #0x8e6e

00008e14  9df8d935   ldrb    r3, [sp, #0x5d9] {var_47}
00008e18  4bb3       cbz     r3, #0x8e6e
...

Anyone from V35 should search for "Encourage Salesman Prompt Delay" to find the database.

fuzyll commented 1 year ago

This one appears to be an artifact of how the original database was created. Exporting the original file and creating a new database with the platform set results in these locations correctly being function chunks, I believe?

image

If that looks accurate, I'm going to close this one as I don't believe there's an action here for us to take. If it does not look accurate, I'll need some extra context to understand what our analysis did wrong.

joelreymont commented 1 year ago

You can close it.

On Tue, 23 May 2023 at 21:32, Alexander Taylor @.***> wrote:

This one appears to be an artifact of how the original database was created. Exporting the original file and creating a new database with the platform set results in these locations correctly being function chunks, I believe?

[image: image] https://user-images.githubusercontent.com/607452/240386372-9e862b52-790c-4eed-8ede-fb20305e55e1.png

If that looks accurate, I'm going to close this one as I don't believe there's an action here for us to take. If it does not look accurate, I'll need some extra context to understand what our analysis did wrong.

— Reply to this email directly, view it on GitHub https://github.com/Vector35/binaryninja-api/issues/4337#issuecomment-1559948645, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAESZ2QDJA5C2SMHX2HOJDXHT7FRANCNFSM6AAAAAAYMAHXDI . You are receiving this because you authored the thread.Message ID: @.***>