Ghidra not correctly resolving some symbols

[agnosticlines]

Hi there,

I was doing a simple challenge and I loaded it up in Ghidra, but I noticed that when I compared it to the IDA output it seemed to have totally missed the _signal and _alarm functions.

Am I doing something wrong or missing some extra step to resolve these symbols?

IDA:

Ghidra:

Interestingly when I disassemble the function itself that IDA correctly identifies as _alarm I seem to have the wrong disassembly in Ghidra:

IDA:

Ghidra:

Not too sure if this is a bug but it feels like it might be? I'm on the latest 10.3 DEV branch, I'm also not sure if I'm missing a key step in resolving these functions as IDA does it automatically, the binary is here: Hunting.zip

Password: hackthebox

[emteere]

Ghidra didn't propagate the constant value of EBX into the thunk that jumps to alarm().

If you set the value of the EBX register to 0x2b2d at the start of the the function at 0x11150 and then clear and re-disassemble the jmp, a reference should be created and the function named. Possibly the ENDBR32 instruction will get in the way of the thunk detection.

Ghidra propagates other register values into functions for other processors, for example GP on MIPS, but doesn't normally do that for EBX on x86 processors. Ghidra could easily do it but would need to be careful doing so, as EBX could be a parameter value that changes.