panopticon icon indicating copy to clipboard operation
panopticon copied to clipboard
verified publisher icon das-labor

indirect call handling

Open m4b opened this issue 8 years ago • 0 comments

I've been seeing cases of indirect calls like:

_init
sub rsp, 8
mov rax, qword ptr [rip+0x2009ad]
test rax, rax
je 63a
call rax
add rsp, 8
ret

(Or something like that). You see this, for instance in _init which calls a value placed in the GOT.

Panopticon seems to understand this is special, and adds a call target with a variable argument to the operands, iirc.

So my question is:

  1. Does panopticon currently have the ability to analyze this?
  2. Will it have the ability to do a more robust analysis, and what would this look like?

m4b avatar Feb 04 '17 07:02 m4b