ghidra007
ghidra007
> What is happening is that there are function pointers that span the entire length of the vftable, but due to there being labels thrown in the middle, RecoverClassesFromRTTIScript thinks...
> What reference? I mean past the label in the middle.
> It only includes ones up to the reference. Thanks.
@hiimjustin000 Can you go to address 140535fb0 in your example above then right mouse on the address and choose References -> Show References To Address and share an image of...
> Update: I got a new version of this binary, and a new analysis points to the possibility that this may have been somewhat fixed in an 11.1.x or 11.2.x...
@FeeeeK I'm not 100% sure about this, but I believe this is happening because under the hood in Ghidra there isn't anything really tying the data type to the this....
@FeeeeK Ok thanks for clarifying. I'll take a look.
Thanks. I had to also choose Replace for the function params to reproduce your being able to get it to apply correctly.
@CarrotCultivator Thanks for pointing out how the script can be improved. I'll take a look at 1 and 3 and see what can be done about them. I already know...
> In my case the script goes into an infinite loop, because `classesWithSameShortenedName` contains two classes with identical names. These classes are in different namespaces, so it is perfectly legal,...