Unusable IL in code calling objc_msgSend in libraries manually extracted from dyld shared cache

[bdash]

Version and Platform (required):

• Binary Ninja Version: 4.2.6405-dev Ultimate (79461eba)
• OS: macOS
• OS Version: 15.1
• CPU Architecture: arm64

Bug Description: When analyzing Objective-C code in a framework extracted from the macOS dyld shared cache using a third-party tool, the high-level IL of a function is often collapsed to a single jump(…). The majority of the logic is missing. The low-level IL also terminates at what appears to be the first call to objc_msgSend, inlined from within an direct messaging stub function.

Steps To Reproduce:

1. Use a tool like https://github.com/keith/dyld-shared-cache-extractor to extract frameworks from the macOS shared cache.
2. Load /System/Library/Frameworks/AppKit.framework/Version/C/AppKit from the directory you extracted the shared cache to.
3. Search for _NSFullScreenMenuBarCompanionController dispose in the symbol list.
4. Observe that in any of the IL or pseudo-code views, most of the function body is missing compared to the disassembly.

Expected Behavior: Branches whose destinations cannot be resolved should not result in the entire function being collapsed.

Screenshots/Video Recording: Low level IL, showing truncated IL

High level IL, showing body as a single jump(…)

First part of the disassembly

Binary: See steps to reproduce.

Additional Information: This is not specific to this particular function. Most/all functions within AppKit show this behavior.

The new built-in dyld shared cache extractor does not have this problem. Sadly its performance and memory use make it hard to use for quick analysis.

[bdash]

I suspect this boils down to the extracted binaries being improperly formed (#5596), but this is a particularly confusing failure mode that makes Binary Ninja appear broken vs other tools opening the same files.