Open FuzzySecurity opened 7 months ago
FuzzySecurity
commented
7 months ago An example here
It happens a bit randomly and the can start re-analysing etc
I haven't tested this properly but I assume this can be an issue as well if you happen to save the bndb because I guess it will overwrite some analysis you may have done at that point. In this case have a bndb copy outside the vm so I don't have many concerns.
FuzzySecurity
commented
7 months ago This generally causes quite a few issues, even when single stepping it will jump back and forth between he correct decompilation and random bytes it also crashed my binja client twice. Another issue here is that, when there is a call to an external function (eg ObfReferenceObject in nt) it doesn't show the symbol even though it is correctly resolved in the local dndb.
I think some work is generally needed here, probably across a number of releases.
xusheng6
commented
7 months ago Could you please provide a concrete repro step so that I can troubleshoot this?
I noticed that when debugging it would incorrectly disassemble sometimes when I would hit a breakpoint. I think this generally need some improvement still. Especially if you are debugging a target you have locally on your machine, there shouldn't be a reason for binja to then incorrectly decompile on break or forget what a function is called (rename it to something like
sub_fffff8041fa1125for whatever).I know it's early days, I'm just brain dumping issues from a few hours of debugging a remote target.