search

google / binexport

Export disassemblies into Protocol Buffers
Apache License 2.0
1.02k stars 194 forks source link

Binary Ninja: TYPE_SWITCH xrefs are backwards #99

Closed comex closed 1 year ago

comex commented 1 year ago

From AnalyzeFlow in binaryninja/main_plugin.cc:

  const std::vector<BinaryNinja::ReferenceSource> xrefs =
      view->GetCodeReferences(address);
[..]
    for (const auto& xref : xrefs) {
      flow_graph->AddEdge(
          FlowGraphEdge(address, xref.addr, FlowGraphEdge::TYPE_SWITCH));

This code thinks there's control flow from address to xref.addr, but GetCodeReferences returns references to, not from, an address:

        /*! Get Code References to a virtual address

            \param addr Address to check
            \return vector of ReferenceSources referencing the virtual address
        */
        std::vector<ReferenceSource> GetCodeReferences(uint64_t addr);

This should be GetCodeReferencesFrom instead (although that has some additional complexity because it requires specifying a function).

cblichmann commented 1 year ago

Thanks for the report. This indeed looks wrong. In my defense, when I wrote this, the Binary Ninja C++ API did not document any of those functions :)

cblichmann commented 1 year ago

This should be fixed. Feel free to reopen if you still have issues with backwards references.