Vector35
Not get all function info from DWARF
Version and Platform (required):
- Binary Ninja Version: 4.1.4957-dev, 89858360
- OS: macOS
- OS Version: 14.4
- CPU Architecture: x86_64
Bug Description:
Binary Ninjanot get function names fromDWARF. 2.Binary Ninjanot to get function boundary info fromDWARF.
Steps To Reproduce:
- Download and install KDK:
https://github.com/dortania/KdkSupportPkg/releases/download/23E214/Kernel_Debug_Kit_14.4_build_23E214.dmg. kernel.release.t8103andkernel.release.t8103.dSYMare in dir/System/Library/Kernels, copy them to other place.- Rename
kernel.release.t8103.dSYMtokernel.release.t8103_dSYM. - File | Open with Options...
- Select
kernel.release.t8103 - Select
External Debug Info File:kernel.release.t8103_dSYM/Contents/Resources/DWARF/kernel.release.t8103 - Load them.
Expected Behavior:
- Load function info from
DWARF.
Screenshots:
Additional Information:
- seems that function info from
DWARFhas a low priority by design.
This is likely due to a symbol already exists at the address, and DWARF parser is shy of adding another one. This is a known problem and is tracked by an internal issue.
The good news is we actually support multiple symbols at the same address, we just need some UI changes to support presenting the info to the user
Between 0xFFFFFE00072A8548 and 0xFFFFFE00072ACF20, there should be 10 functions. However, only 3 are shown by Binary Ninja. Do you mean that Binary Ninja has identified all the 10 functions but not shown them?
Between
0xFFFFFE00072A8548and0xFFFFFE00072ACF20, there should be 10 functions. However, only 3 are shown byBinary Ninja. Do you mean thatBinary Ninjahas identified all the 10 functions but not shown them?
It seems like the dwarf importer missed these functions. I just looked at the two functions you highlighted and saw they already have a name, so I kinda think existing symbols is the problem.
I installed the DMG you linked, but I cannot seem to find the kernel.release.t8103.dSYM in /System/Library/Kernels. Is the path correct?
I forgot to mention a step: install the
.pkgfile inside the DMG.
Yeah I have installed that. However, for some reason, the file is not there. Could you please send the dSYM to [email protected], or join our slack (https://slack.binary.ninja/) and share the file with us?
The file is large. Please check the directory: /Library/Developer/KDKs/KDK_14.4_23E214.kdk/System/Library/Kernels.
If you want to uninstall it, delete /Library/Developer/KDKs/KDK_14.4_23E214.kdk.
I find the files, thx for the path! I see there are some DWARD related messages being printed out when I open the file:
[Default] DWARF information is invalid (infinite abstract origin reference cycle). Debug information may be incomplete.
[Default] DWARF information is invalid (infinite abstract origin reference cycle). Debug information may be incomplete.
[Default] DWARF information is invalid (infinite abstract origin reference cycle). Debug information may be incomplete.
[Default] DWARF information is invalid (infinite abstract origin reference cycle). Debug information may be incomplete.
[Default] DWARF information is invalid (infinite abstract origin reference cycle). Debug information may be incomplete.
[Default] DWARF info contains duplicate data variable definition. Overwriting data variable at 0x00000001 (`bool`) with `unsigned long`
[Default] DWARF information is invalid (infinite abstract origin reference cycle). Debug information may be incomplete.
[Default] DWARF information is invalid (infinite abstract origin reference cycle). Debug information may be incomplete.
[Default] DWARF info contains duplicate data variable definition. Overwriting data variable at 0xfffffe000701fe20 (`char[0x11]`) with `char const[0x11]`
[Default] DWARF info contains duplicate data variable definition. Overwriting data variable at 0xfffffe000701fe20 (`char const[0x11]`) with `char[0x11]`
[Default] DWARF info contains duplicate data variable definition. Overwriting data variable at 0x00000001 (`unsigned long`) with `bool`
[Default] DWARF info contains duplicate data variable definition. Overwriting data variable at 0x00000001 (`bool`) with `unsigned long`
[Default] DWARF info contains duplicate data variable definition. Overwriting data variable at 0xfffffe000701fe20 (`char[0x11]`) with `char const[0x11]`
[Default] DWARF information is invalid (infinite abstract origin reference cycle). Debug information may be incomplete.
[Default] DWARF information is invalid (infinite abstract origin reference cycle). Debug information may be incomplete.
[Default] DWARF info contains duplicate data variable definition. Overwriting data variable at 0xfffffe0007026680 (`char[0x5]`) with `char const[0x5]`
[Default] DWARF info contains duplicate data variable definition. Overwriting data variable at 0x00000001 (`unsigned long`) with `bool`
[Default] DWARF info contains duplicate data variable definition. Overwriting data variable at 0x00000001 (`bool`) with `bool`
[Default] DWARF info contains duplicate data variable definition. Overwriting data variable at 0x00000000 (`bool`) with `bool`
[Default] DWARF info contains duplicate data variable definition. Overwriting data variable at 0xfffffe000703c15e (`char[0x5]`) with `char const[0x5]`
[Default] DWARF info contains duplicate data variable definition. Overwriting data variable at 0x00000001 (`bool`) with `int`
[Default] DWARF info contains duplicate data variable definition. Overwriting data variable at 0x00000000 (`bool`) with `bool`
[Default] DWARF info contains duplicate data variable definition. Overwriting data variable at 0xfffffe000703c154 (`char[0x2]`) with `char const[0x2]`
There might be some issues with our DWARF parsing. We will look into this
V35 folks should search for lose which by route title to find the relevant files