debugger
debugger copied to clipboard
Vector35
BUG -> WINDOWS_KERNEL: Decompilation/Symbols
I noticed that when debugging it would incorrectly disassemble sometimes when I would hit a breakpoint. I think this generally need some improvement still. Especially if you are debugging a target you have locally on your machine, there shouldn't be a reason for binja to then incorrectly decompile on break or forget what a function is called (rename it to something like sub_fffff8041fa1125f or whatever).
I know it's early days, I'm just brain dumping issues from a few hours of debugging a remote target.
An example here
It happens a bit randomly and the can start re-analysing etc
I haven't tested this properly but I assume this can be an issue as well if you happen to save the bndb because I guess it will overwrite some analysis you may have done at that point. In this case have a bndb copy outside the vm so I don't have many concerns.
This generally causes quite a few issues, even when single stepping it will jump back and forth between he correct decompilation and random bytes it also crashed my binja client twice. Another issue here is that, when there is a call to an external function (eg ObfReferenceObject in nt) it doesn't show the symbol even though it is correctly resolved in the local dndb.
I think some work is generally needed here, probably across a number of releases.
Could you please provide a concrete repro step so that I can troubleshoot this?
