Closed lcytxw closed 5 years ago
edmcman
commented
5 years ago It took me a bit of looking at this to spot the problem. Here's a prettified snippet:
{
"vfptr" : "12",
"entries" : "",
"ea" : "41dcdc"
}Entries should be an empty array instead of an empty string.
edmcman
commented
5 years ago Which executable was this?
edmcman
commented
5 years ago 
sei-ccohen
commented
5 years ago That bug is not that surprising. I know that sei-jgennari had been fighting with exactly this bug before release. There must be a spot he missed or a regression or something like that. We'll investigate more as soon as we can.
lcytxw
commented
5 years ago The executable was compiled from oo.cpp in /pharos/src. The program does not crash directly, but return a null vftList even if the "Vftables" fields has a right "entries" items in config file. So why not just ignore the empty “entries” field when generate config file because I think None "entries" is useless. for example:
/pharos/libpharos/oojson_exporter.cpp: 259 methods_associated.insert(vfunc->get_address()); 260 json_vft_entries.push_back(std::make_pair("",json_vf)); // add the new vf 261 voff++; 262 } 263 264 ++ if(!json_vft_entries.empty()) 265 ++ json_vft.put_child("entries",json_vft_entries); 266 267 json_vftables.push_back(std::make_pair("", json_vft)); 268 269 GDEBUG << "Vftable added" << LEND;
sei-eschwartz
commented
5 years ago Can you see if this was fixed? @sei-jgennari committed some changes that were intended to fix this.
lcytxw
commented
5 years ago Yes, It works.
when the config file's vftable include a null entries, json parse Exception with "Expected BEGIN_ARRAY but was STRING at path $[0].entries" and thus return a null vftList. field cls3 for example:
{"Name":".?AVCls3@@","DemangledName":"Cls3","Size":"84","Members":[{"name":"vfptr_0","type":"vfptr","offset":"0","count":"1"},{"name":"vfptr_c","type":"vfptr","offset":"c","count":"1"},{"name":"mbr_50","type":"dword","offset":"50","count":"1"},{"name":".?AVCls1@@_0","type":"struc","struc":".?AVCls1@@","parent":"yes","offset":"0","count":"1"},{"name":".?AVCls2@@_c","type":"struc","struc":".?AVCls2@@","parent":"yes","offset":"c","count":"1"}],"Methods":[{"ea":"412930","name":"ctor_412930","demangled_name":"","import":"no","type":"ctor"}],"Vftables":[{"ea":"41dcd0","vfptr":"0","entries":[{"ea":"4149f0","offset":"0","name":"virt_meth_4149f0","demangled_name":"","import":"no","type":"meth"},{"ea":"414b70","offset":"3","name":"virt_meth_414b70","demangled_name":"","import":"no","type":"meth"}]},{"ea":"41dcdc","vfptr":"12","entries":""}]}
vftable parse occur some error: scom.google.gson.JsonSyntaxException: java.lang.IllegalStateException: Expected BEGIN_ARRAY but was STRING at path $[1].entries
line /pharos/tools/ooanalyzer/ghidra/OOAnalyzerPlugin/src/main/java/ooanalyzer/OOAnalyzer.java:1508 cause this issue.