binaryninja-api icon indicating copy to clipboard operation
binaryninja-api copied to clipboard
verified publisher icon Vector35

Analysis fails to recognise table lookups for uint16_t entry tables, and ignores table type inforamation

Open dragonmux opened this issue 2 years ago • 0 comments

Version and Platform (required):

  • Binary Ninja Version: 3.4.4271 Personal (b7fd028d)
  • OS: Linux - Debian (Bookworm)
  • OS Version: 12.0
  • CPU Architecture: x86_64 + ARMv7-M (32-bit)

Bug Description: When dissecting either firmware or an executable on our Linux host, Binary Ninja fails to properly handle table lookups to tables of uint16_t's - both by failing to recognise the index properly, and by ignoring the table type information.

This manifests as messes such as else if (*(int16_t*)(&debugCommandTable + (operationIndex << 1)) == 0x36e) and ((uint64_t)*(int16_t*)((var_10 + var_10) + &valueTable)) being emitted from the decompiler rather than the expected else if (debugCommandTable[operationIndex] == 0x36e) and valueTable[var_10]. Both tables in this case have the proper type information (see attached .bndb)

Steps To Reproduce: Please provide all steps required to reproduce the behavior:

  1. Open the attached .bndb
  2. Locate main
  3. Visualise in Linear mode using Pseudo C
  4. See the mess at 0040117e

Expected Behavior: Binja correctly detects the table indexing and uses the provided type information to resolve the casts away into a human readable form using the indexing operator.

Screenshots: image

Additional Information: Please add any other context about the problem here.

Example BNDB (in .zip archive because GitHub): test.zip

dragonmux avatar Jul 01 '23 16:07 dragonmux