binaryninja-api icon indicating copy to clipboard operation
binaryninja-api copied to clipboard
verified publisher icon Vector35

Disassembly of instruction stops at section boundary

Open xusheng6 opened this issue 3 years ago • 2 comments

Here is an issue that I ran into when I deal with the crackme at https://github.com/antire-book/dont_panic. After some processing, I get the following code:

Screen Shot 2022-08-26 at 9 10 11 PM

The code at 0x40017a fails to disassemble. However, if we look at the bytes(48 31 ed ...), it is definitely a valid instruction:

Screen Shot 2022-08-26 at 9 10 37 PM

And the reason that we stop disassembling even if the bytes are valid is because we are hititng a section boundary:

Screen Shot 2022-08-26 at 9 11 06 PM

The related database: trouble.bndb.zip

xusheng6 avatar Aug 26 '22 13:08 xusheng6

Upon further investigation, I figured that the disassembly itself succeeds (the arch x86 returns valid instruction info), but the instruction is considered invalid by the core because it strides the .data section, which does not have code semantics.

I suggest we reconsider if we should stop disassembly in such cases. Also, the code creates an invalid instruction tag at the address, which went missing. We need to fix this as well.

xusheng6 avatar Aug 26 '22 13:08 xusheng6

I think what we need here is two things:

  1. Notify the user that the disassembly is halted due to crossing a section boundary.
  2. Add a setting that allows the user to override this behavior.

plafosse avatar Aug 29 '22 18:08 plafosse