Windows kernel platform should have types for portable executable

Vector35 / binaryninja-api

Public API, examples, documentation and issues for Binary Ninja

https://binary.ninja/

MIT License

840 stars 194 forks source link

Windows kernel platform should have types for portable executable #4889

Open op2786 opened 5 months ago

op2786 commented 5 months ago

Version and Platform (required):

Binary Ninja Version: 3.6.4764-dev, 1e8f4a9b
OS: macos
OS Version: 14.2
CPU Architecture: arm64

Standart types related to PE like IMAGE_DOS_HEADER, IMAGE_NT_HEADERS, IMAGE_SECTION_HEADER does not included in windows kernel types. We sometimes need them in the kernel mode too.

xusheng6 commented 5 months ago

This would be handled better once we have type archives. So that one can easily add additional types into the binary view when needed. But I am keeping this open to allow us to revisit it once type archive lands

op2786 commented 5 months ago

Maybe the type archives feature can solve this but I believe these types are a must have types for windows platform. So we should have them by default without any user interaction.

fuzyll commented 5 months ago

I may be mistaken, but I think we just didn't put the PE types from the Windows platform into the Windows Kernel platform. I don't think that type archives are the right feature for addressing this...I think we just need to copy the existing types into the new platform.

I'll check with @plafosse about this when I see him next. Thanks for the report.

plafosse commented 3 months ago

Agreed with the original post. Updated tags