Vector35 / binaryninja-api

Public API, examples, documentation and issues for Binary Ninja
https://binary.ninja/
MIT License
921 stars 208 forks source link

demangled function type parameters are resolved incorrectly #6002

Open VisualEhrmanntraut opened 1 week ago

VisualEhrmanntraut commented 1 week ago

Version and Platform (required):

Bug Description: getting the demangled function type and assigning it doesn't always work correctly. it doesn't matter if the type is defined or not.

Steps To Reproduce:

>>> demangle_gnu3(bv.arch, current_function.symbol.raw_name, bv)[0].parameters[0].type.target.type_id
'demange:[]'
>>> demangle_gnu3(bv.arch, current_function.symbol.raw_name, bv)[0].parameters
[IOMFB::AppleRegisterStream* ]
>>> current_function.type = demangle_gnu3(bv.arch, current_function.symbol.raw_name, bv)[0]
>>> current_function.type.parameters[0]
IOMemoryCursor::PhysicalSegment* arg1

this is happening even though IOMFB::AppleRegisterStream is defined and IOMemoryCursor::PhysicalSegment doesn't even exist in the bndb, I have no idea where it is pulling that from.

Expected Behavior: current_function.type.parameters[0] should've been IOMFB::AppleRegisterStream* arg1.

Additional Information: working with a bndb that was opened before iOS typelib was introduced, however I am uncertain of its relevancy to the issue.

VisualEhrmanntraut commented 1 week ago
>>> bv.types.get("IOMemoryCursor::PhysicalSegment") is None
True
>>> bv.type_names.index("IOMemoryCursor::PhysicalSegment")
7540
VisualEhrmanntraut commented 1 week ago

another variant: shows correct name, but actually points to different type

Screenshot 2024-10-18 at 10 44 26 Screenshot 2024-10-18 at 10 44 59
CouleeApps commented 20 hours ago

What's the value of current_function.symbol.raw_name? The type name may be coming from that, or could be some artifact of the id being empty.