binaryninja-api icon indicating copy to clipboard operation
binaryninja-api copied to clipboard
verified publisher icon Vector35

PDB file is not downloaded from Windows Symbol server

Open feoff3 opened this issue 1 year ago • 8 comments

Version and Platform (required):

  • Binary Ninja Version: 4.0.4958 Personal, ddff9339
  • OS: windows
  • OS Version: 10
  • CPU Architecture: x86_64

Bug Description: No symbols are shown, and no PDB downloaded from MS symbol server

Steps To Reproduce:

  1. Run Binary Ninja
  2. Load any Windows driver module .sys (that was not disassembled yet)

Expected Behavior: Binary Ninja shows disassembly with symbols from MS symbol server

Screenshots:

Additional Information:

Tried with both default symbol directory and custom C:\Symbols

Also it works as expected if I manually download the PDB file (it has weird name .blob) manually via the link shown in the log and place it into the folder where Binary Ninja expects to find the PDB file.

Logs:

[Analysis] Analysis update took 0.467 seconds
[Core] Loaded native plugin cryptoplugin
[Core] Loaded native plugin dwarf_export
[Core] Loaded native plugin dwarf_import
[Core] Loaded native plugin view_elf
[Core] Loaded native plugin view_macho
[Core] Loaded native plugin view_pe
[Core] Loaded native plugin arch_arm64
[Core] Loaded native plugin arch_armv7
[Core] Loaded native plugin arch_mips
[Core] Loaded native plugin arch_ppc
[Core] Loaded native plugin arch_riscv
[Core] Loaded native plugin arch_x86
[Core] Loaded native plugin pdb_import_plugin
[Core] Loaded native plugin platform_decree
[Core] Loaded native plugin platform_efi
[Core] Loaded native plugin platform_freebsd
[Core] Loaded native plugin platform_linux
[Core] Loaded native plugin platform_mac
[Core] Loaded native plugin platform_windows
[Core] Loaded native plugin platform_windows_kernel
[Core] Loaded native plugin workflow_objc
[Core] Loaded native plugin debuggercore
[Core] Loaded native plugin pythonplugin
[Core] Loaded UI plugin debuggerui
[Core] Loaded UI plugin triage
[Platform] 4231 bundled types for platform windows-kernel-x86_64 loaded
[Platform] 0 bundled variables for platform windows-kernel-x86_64 loaded
[Platform] 1 bundled functions for platform windows-kernel-x86_64 loaded
[Analysis] Added windows-kernel-x86_64 entry point at 0x1c007a1e0
[TypeLibrary] Type library 'ntoskrnl.exe' imported
[TypeLibrary] Type library 'hal.dll' imported
[BinaryView.PEView] PDBFileName: spaceport.pdb
[BinaryView.PEView] PE parsing took 0.494 seconds
[Default] Restored View State for the current file.
[Default] Check file exists: C:\symbols/spaceport.pdb/7B52D30874904F02848B1676EF2FCB1B1/spaceport.pdb
[Default] Check file exists: C:\symbols/spaceport.pdb/7B52D30874904F02848B1676EF2FCB1B1/file.ptr
[Default] Check file exists: https://msdl.microsoft.com/download/symbols/spaceport.pdb/7B52D30874904F02848B1676EF2FCB1B1/spaceport.pdb
[Default] HEAD: https://msdl.microsoft.com/download/symbols/spaceport.pdb/7B52D30874904F02848B1676EF2FCB1B1/spaceport.pdb
[Default] Read file: https://msdl.microsoft.com/download/symbols/spaceport.pdb/7B52D30874904F02848B1676EF2FCB1B1/spaceport.pdb
[Default] GET: https://msdl.microsoft.com/download/symbols/spaceport.pdb/7B52D30874904F02848B1676EF2FCB1B1/spaceport.pdb
[Analysis] Analysis update took 13.168 seconds
[Default] Analysis starting...
[Analysis.LinearSweep] Adding section: .text <0x1c0001000 - 0x1c0032a1e> for analysis.
[Analysis.LinearSweep] Adding section: INIT <0x1c007a000 - 0x1c007a21a> for analysis.
[Analysis.LinearSweep] Adding section: PAGE <0x1c0046000 - 0x1c0079b9d> for analysis.
[Analysis.LinearSweep] Analysis Phase 2.0 created 0 functions. [x86_64:windows-kernel-x86_64]
[Analysis.LinearSweep] Analysis Phase 2.1 created 0 functions. [x86_64:windows-kernel-x86_64]
[Analysis.LinearSweep] Analysis Phase 3.0 created 8 functions [x86_64:windows-kernel-x86_64]
[Analysis.LinearSweep] Analysis Phase 3.1 created 0 functions [x86_64:windows-kernel-x86_64]
[Analysis.SignatureMatcher] 0 functions matched total, 0 name-only matches, 6 thunks resolved, 34 functions skipped because they were too small
[Analysis.PointerSweep] Initial code analysis complete, starting pointer sweep...
[Analysis.PointerSweep] Pointer sweep found 0 pointer(s).

feoff3 avatar May 03 '24 06:05 feoff3

@feoff3 Could you please attach a file that can reproduce this? It would make it easier for us to reproduce it

xusheng6 avatar May 03 '24 08:05 xusheng6

I tested with a few spaceport.sys that I can find on my end, and they do not show the behavior.

xusheng6 avatar May 03 '24 08:05 xusheng6

I tried with spaceport.sys available in Windows 2016, Windows 2019 and Windows 2022, and other drivers. Might be a problem on my end then like a networking issue. Is there a way to diagnose the PDB downloading process?

On Fri, 3 May 2024, 14:30 xusheng, @.***> wrote:

I tested with a few spaceport.sys that I can find on my end, and they do not show the behavior.

— Reply to this email directly, view it on GitHub https://github.com/Vector35/binaryninja-api/issues/5357#issuecomment-2092595112, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABV5W5W2PYJWRIVY77KGQ2LZANGZLAVCNFSM6AAAAABHE7KC6KVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOJSGU4TKMJRGI . You are receiving this because you were mentioned.Message ID: @.***>

feoff3 avatar May 03 '24 09:05 feoff3

If you download it manually and put it in the same folder it should just work. We also support a bunch of standard environment variables for PDB caches. https://docs.binary.ninja/guide/index.html#loading-pdbs

psifertex avatar May 03 '24 10:05 psifertex

Yes, it works when I download it manually.

It is not very convenient to be honest.

The auto download worked fine for me just a couple of weeks ago - I was worried that some last update had broken the functionality

On Fri, 3 May 2024, 16:16 Jordan, @.***> wrote:

If you download it manually and put it in the same folder it should just work. We also support a bunch of standard environment variables for PDB caches. https://docs.binary.ninja/guide/index.html#loading-pdbs

— Reply to this email directly, view it on GitHub https://github.com/Vector35/binaryninja-api/issues/5357#issuecomment-2092756560, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABV5W5QBSDAWPMNPNP4BORDZANTKHAVCNFSM6AAAAABHE7KC6KVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOJSG42TMNJWGA . You are receiving this because you were mentioned.Message ID: @.***>

feoff3 avatar May 03 '24 10:05 feoff3

I have tried uninstalling the latest version, and installed version 3.5.4526 the result is similar - no symbols downloaded

feoff3 avatar May 03 '24 11:05 feoff3

Example of spaceport binary for which I have an issue spaceport.zip

feoff3 avatar May 03 '24 11:05 feoff3

I also tried installing a free version on a machine hosted in cloud (MS Azure, US East region). Same issue.

My only idea for now is that something has changed on MS symbol server side.

feoff3 avatar May 03 '24 11:05 feoff3

I tested and can reproduce this bug with the last stable release. The bug has been fixed in the dev branch a while ago. Please update to the latest development branch following this guide: https://docs.binary.ninja/guide/index.html#development-branch

xusheng6 avatar May 06 '24 04:05 xusheng6

great to know, thank you!

feoff3 avatar May 06 '24 04:05 feoff3