xusheng6
commented
4 months ago I am not expecting this to happen -- is the vt variable global? Could you please share the binary so that we can make sure of the cause of the issue?
Open VisualEhrmanntraut opened 4 months ago
xusheng6
commented
4 months ago I am not expecting this to happen -- is the vt variable global? Could you please share the binary so that we can make sure of the cause of the issue?
VisualEhrmanntraut
commented
4 months ago is the vt variable global?
(pointer to struct for dynamic dispatch, so the values are defined globally, but the field is instantiated in runtime at type construction)
xusheng6
commented
4 months ago is the vt variable global?
(pointer to struct for dynamic dispatch, so the values are defined globally, but the field is instantiated in runtime at type construction)
Could you please also show the disassembly?
VisualEhrmanntraut
commented
4 months ago Could you please also show the disassembly?
Certainly.
VisualEhrmanntraut
commented
4 months ago (IOCommandGate_vt is a struct with __ptr_offset(0x10))
xusheng6
commented
4 months ago Thx for all the info!
plafosse
commented
4 months ago This might be related to https://github.com/Vector35/binaryninja-api/issues/1060
Version and Platform (required):
Bug Description: Jump to a function pointer struct field is treated as unresolved control flow, wrecking analysis.
Expected Behavior: It's supposed to look something like this
Additional Information: The jumps (
braa) is what I would assume a compiler optimisation. The issue doesn't seem to happen if it's using an instruction likeblraa.