What is the purpose of the `exception_children_cache` used here?

[Yangff]

https://github.com/trumank/patternsleuth/blame/02db53fc589fb89db270b6bfac61f30d7679542f/patternsleuth_cli/src/db.rs#L645

Just want to confirm what is doing here is to get a vec of root functions and iter over that.. you're not actually using any information on the parent/children relationship between the debug infos?

[trumank]

It's my attempt at using the exception directory to find the end of functions given the start. It's trivial to walk the exception directory back to the start/root but going the other direction is slow because of how the exception directory is structured. The cache was my attempt at make it fast to access but building the cache up front is still slow and still has problems with some denuvo games, so I haven't written any resolvers that depend on it.

I made a pass at abstracting Elf/Pe images yesterday. Ideally the function information accessors would work the same for each, but I don't fully understand the differences yet. It technically functions without any conditional compilation now though: https://github.com/trumank/patternsleuth/tree/linux-port I now see you've done a lot more work on the branch already which I haven't looked at yet.

[Yangff]

Yes, I'm also trying to abstract image, and then I'd like to hide the structure related to exception_children_cache in the definition with PE and expose a PE/ELF generic function.

What I'm doing is exposing a get_root_function_range(), which basically does what you're doing here and then returns the range.

For elf, I'm not 100% sure but it seems safe to assume that each of DWARF's fde is a function and it works, so all get_function functions in ELF currently return the entire function range.

[Yangff]

BTW, I removed most of the conditional compilation on my branch and it should currently parse both ELF and PE on Windows and Linux.

On the abstracted Image implemtation image_type_dispatch is used to define functions that are exported but have difference on ELF and PE, and if needed it can allow more types like ELF64/ELFARM and such. For different platforms, image_type in the struct Image is used to hide platform-specific definitions and functions.

The resolver will also use image_type to allow selection of the resolver based on the platform.

I've added parsing of .sym, so that cli symbols should also work.

I've only tested the cli tool and UE4SS bind under Linux and they work fine, I'm not sure about Win.

[trumank]

Great progress! Hopefully I have a chance to look at it soon