binaryninja-api icon indicating copy to clipboard operation
binaryninja-api copied to clipboard
verified publisher icon Vector35

DWARF inlining structure definitions, not creating types

Open psifertex opened this issue 1 year ago • 3 comments

Latest dev: 5175

When analyzing the major dine favor binary (available in the V35 slack or enterprise server), function DjiUser_FillInUserInfo has a struct inlined directly into its parameters instead of created as a type that's referenced. Among (probably) other issues, this means that you can't round-trip the type information by hitting y on the function. More importantly, you can't actually edit the type but must first manually copy it out of the parameter and into a dedicated type which is tedious.

Screenshot 2024-04-25 at 12 42 00

psifertex avatar Apr 25 '24 16:04 psifertex

related: vector35/binaryninja#597

psifertex avatar May 21 '24 14:05 psifertex

This is because the param is a typedef to an anonymous struct and instead of stopping resolution at the typedef we go all the way to the bare struct type. This guarantees we define the base type before using the typedef anywhere, but we should make sure that we use the param types as defined instead of what they resolve to.

Here's a simple repro:

typedef struct {
    int field1;
    char field2;
    char field3;
    char field4;
    char field5;
    char field6;
} asd;

void do_copy(asd* src, asd* dst)
{
    dst->field1 = src->field1;
    dst->field2 = src->field2;
    dst->field3 = src->field3;
    dst->field4 = src->field4;
    dst->field5 = src->field5;
    dst->field6 = src->field6;
}

int main(int argc, char** argv, char** envp)
{
    asd one;
    asd two;
    do_copy(&one, &two);
    return 0;
}

negasora avatar Jul 05 '24 14:07 negasora

looking at this more, it seems like we're making a pointer to the type pointed to by a named type reference instead of a pointer to the typedef

negasora avatar Jul 05 '24 21:07 negasora