binaryninja-api icon indicating copy to clipboard operation
binaryninja-api copied to clipboard
verified publisher icon Vector35

Loading ELF with no program headers and first section at non-zero address has segments/sections at wrong address

Open negasora opened this issue 10 months ago • 1 comments

In the attached binary, there are no program headers and the first section has address 0x13000 and size 0x13cc0. When we load this file we create this section at whatever load base was requested (0x400000 by default) instead of the load base plus 0x13000

This is the section table entry:

0000b270      [0x1] = 
0000b270      {
0000b270          uint32_t name = 0x1
0000b274          enum sh_type type = SHT_NOBITS
0000b278          enum sh_flags flags = SHF_ALLOC | SHF_EXECINSTR
0000b280          uint64_t address = 0x13000
0000b288          uint64_t offset = 0x0
0000b290          uint64_t size = 0x13cc0
0000b298          uint32_t link = 0x0
0000b29c          uint32_t info = 0x0
0000b2a0          uint64_t align = 0x1000
0000b2a8          uint64_t entry_size = 0x0
0000b2b0      }

And the resulting section/segments:

Image

We should create the section/segment at 0x413000 instead of 0x400000

wrong_load_base.zip

negasora avatar Apr 24 '25 20:04 negasora

This might be as simple as switching calls from BinaryView::GetStart() to BinaryView::GetImageBase()

negasora avatar May 07 '25 18:05 negasora

This is what I currently have for this issue:

Image Image

None of those functions have disassembly information and there are many [Analysis error] Attempting to add function not backed by file: <some address> Any feedback or any guidance for next steps for this issue would be appreciated.

hongyu-dev avatar Jul 04 '25 03:07 hongyu-dev

This fix has been merged check PR:https://github.com/Vector35/binaryninja-api/pull/7052 and commit

hongyu-dev avatar Jul 30 '25 19:07 hongyu-dev