Vector35
File does not contain debug info
Version and Platform (required):
- Binary Ninja Version: 4.0.4911 free, 15e9149
- OS: windows
- OS Version: 10
- CPU Architecture: x86_64
Bug Description:
Unable to parse ntoskrnl.exe pdb information, Almost none of the function names and types apply
Steps To Reproduce: You only need to find ntoskrnl.exe on your computer and analyze it.
Expected Behavior:
Screenshots:
Additional Information:
[Default] File does not contain debug info
[Analysis] Added windows-kernel-x86_64 entry point at 0x140993010
[TypeLibrary] Type library 'pshed.dll' imported
[BinaryView.PEView] PDBFileName: ntkrnlmp.pdb
[BinaryView.PEView] PE parsing took 2.054 seconds
[Default] Check file exists: C:\Users\user\AppData\Roaming\Binary Ninja\symbols/ntkrnlmp.pdb/06564D3477822C7D97F04852CBD5AFD61/ntkrnlmp.pdb
[Default] Check file exists: C:\Users\user\AppData\Roaming\Binary Ninja\symbols/ntkrnlmp.pdb/06564D3477822C7D97F04852CBD5AFD61/file.ptr
[Default] Check file exists: https://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/06564D3477822C7D97F04852CBD5AFD61/ntkrnlmp.pdb
[Default] HEAD: https://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/06564D3477822C7D97F04852CBD5AFD61/ntkrnlmp.pdb
[Default] Read file: https://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/06564D3477822C7D97F04852CBD5AFD61/ntkrnlmp.pdb
[Default] GET: https://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/06564D3477822C7D97F04852CBD5AFD61/ntkrnlmp.pdb
[Default] Check file exists: C:\Users\user\AppData\Roaming\Binary Ninja\symbols/ntkrnlmp.pdb/06564D3477822C7D97F04852CBD5AFD61/ntkrnlmp.pdb
[Default] Check file exists: C:\Users\user\AppData\Roaming\Binary Ninja\symbols/ntkrnlmp.pdb/06564D3477822C7D97F04852CBD5AFD61/file.ptr
[Default] Check file exists: https://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/06564D3477822C7D97F04852CBD5AFD61/ntkrnlmp.pdb
[Default] HEAD: https://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/06564D3477822C7D97F04852CBD5AFD61/ntkrnlmp.pdb
[Default] Read file: https://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/06564D3477822C7D97F04852CBD5AFD61/ntkrnlmp.pdb
[Default] GET: https://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/06564D3477822C7D97F04852CBD5AFD61/ntkrnlmp.pdb
[Default] File does not contain debug info
Hmm, I can't reproduce that with the free build on the ntoskrnl.exe I have here. Can you provide the sha256 of the file you're opening?
Hmm, I can't reproduce that with the free build on the ntoskrnl.exe I have here. Can you provide the sha256 of the file you're opening?
Hmmm... Maybe it's a platform specific bug? I'll try on a fresh VM with the windows free version. I'm seeing a bunch of types and symbols parsed from the PDB on the Free MacOS version. Thanks, I'll let you know if we can't reproduce it on windows.
Oh, one other thing to try just to make sure, try launching BN with the environment variable BN_DISABLE_USER_SETTINGS set to anything to disable user settings just to see if that impacts anything.
We got a similar issue: https://github.com/Vector35/binaryninja-api/issues/5357
Hmmm... Maybe it's a platform specific bug? I'll try on a fresh VM with the windows free version. I'm seeing a bunch of types and symbols parsed from the PDB on the Free MacOS version. Thanks, I'll let you know if we can't reproduce it on windows.
Oh, one other thing to try just to make sure, try launching BN with the environment variable
BN_DISABLE_USER_SETTINGSset to anything to disable user settings just to see if that impacts anything.
It seems that the corresponding pdb was not downloaded correctly. I saw that a request was sent to msdl.microsoft.com, and the free version download component is
I remember that the paid version could use python before. Maybe you used python to download the component so it was successful?
Hmmm... Maybe it's a platform specific bug? I'll try on a fresh VM with the windows free version. I'm seeing a bunch of types and symbols parsed from the PDB on the Free MacOS version. Thanks, I'll let you know if we can't reproduce it on windows. Oh, one other thing to try just to make sure, try launching BN with the environment variable
BN_DISABLE_USER_SETTINGSset to anything to disable user settings just to see if that impacts anything.It seems that the corresponding pdb was not downloaded correctly. I saw that a request was sent to
msdl.microsoft.com, and the free version download component isI remember that the paid version could use python before. Maybe you used python to download the component so it was successful?
I tried python downloader with paid version.
It gives
[Default] Error searching remote symbol server https://msdl.microsoft.com/download/symbols: Err() [Core] Loaded native plugin cryptoplugin [Core] Loaded native plugin dwarf_export [Core] Loaded native plugin dwarf_import [Core] Loaded native plugin view_elf [Core] Loaded native plugin view_macho [Core] Loaded native plugin view_pe [Core] Loaded native plugin arch_arm64 [Core] Loaded native plugin arch_armv7 [Core] Loaded native plugin arch_mips [Core] Loaded native plugin arch_ppc [Core] Loaded native plugin arch_x86 [Core] Loaded native plugin pdb_import_plugin [Core] Loaded native plugin platform_decree [Core] Loaded native plugin platform_efi [Core] Loaded native plugin platform_freebsd [Core] Loaded native plugin platform_linux [Core] Loaded native plugin platform_mac [Core] Loaded native plugin platform_windows [Core] Loaded native plugin workflow_objc [Core] Loaded native plugin debuggercore [Core] Loaded native plugin pythonplugin [Core] Loaded UI plugin debuggerui [Core] Loaded UI plugin triage [Platform] 8 bundled types for platform windows-x86_64 loaded [Platform] 0 bundled variables for platform windows-x86_64 loaded [Platform] 76 bundled functions for platform windows-x86_64 loaded [Analysis] Added windows-x86_64 entry point at 0x140566010 [BinaryView.PEView] PDBFileName: ntkrnlmp.pdb [BinaryView.PEView] PE parsing took 0.795 seconds [Default] Check file exists: C:\symbols/ntkrnlmp.pdb/105E35CDD9BB308C18A176AB5BB37CE31/ntkrnlmp.pdb [Default] Check file exists: C:\symbols/ntkrnlmp.pdb/105E35CDD9BB308C18A176AB5BB37CE31/file.ptr [Default] Check file exists: https://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/105E35CDD9BB308C18A176AB5BB37CE31/ntkrnlmp.pdb [Default] HEAD: https://msdl.microsoft.com/download/symbols/ntkrnlmp.pdb/105E35CDD9BB308C18A176AB5BB37CE31/ntkrnlmp.pdb [Default] Traceback (most recent call last): [Default] File "C:\Program Files\Vector35\BinaryNinja\plugins\..\python\binaryninja\downloadprovider.py", line 131, in _perform_custom_request [Default] self.bn_response.headerKeys[i] = core.BNAllocString(key.decode('utf8')) [Default] AttributeError: 'str' object has no attribute 'decode'
I have Python 3.10 installed
I can reproduce this bug. The bug has been fixed in the latest development builds.
Unfortunately, we do not publish the development builds for the free version. It will only be updated when we release the next stable release. If you wish to access the bug fix earlier, please consider purchasing the personal or commercial version (https://binary.ninja/purchase/) and then switch to the dev builds following: https://docs.binary.ninja/guide/index.html#development-branch
This bug affects Windows/macOS/Linux in the exactly same way. This is not a platform-dependent bug!
Also there is a pitfall in testing this bug -- if you have previously opened the file with binja and downloaded the symbol files correctly (no matter how), then you must delete them before testing a new version. Otherwise, binja will load the cached version and the PDB symbols will always appear to be loaded.
The symbol file path is ~/Library/Application\ Support/Binary\ Ninja/symbols by default
@xusheng6 For some reason I cannot download the updated version. The dialog shows "Downloading" (I left it for 1 hour) and update doesn't apply. Might it be the same bug? Is there a direct link I can use to download an update\installer for the personal version with the fix?
@xusheng6 managed to download the dev version. the PDB fix works, thank you!