Incorrect implementation of the Binary Ninja backend #11
Comments
|
Based on the above comment, I've write an example for x86_64: extern "C" bool is_indirect_branch_default_impl(uint8_t *insn_data, size_t insn_size) {
size_t ttCount;
BNInstructionTextToken* ttResult = NULL;
BNGetInstructionText(arch, (const uint8_t*) insn_data, 0 /*addr*/, &insn_size, &ttResult, &ttCount);
std::string call_op = "call";
auto opcode = ttResult[0];
// auto padding = ttResult[1];
auto first_operand = ttResult[2];
if ((call_op.compare(opcode.text) == 0) && (first_operand.type != BNInstructionTextTokenType::CodeRelativeAddressToken)){
return true;
}
//BNInstructionInfo info;
//BNGetInstructionInfo(arch, insn_data, 0, insn_size, &info);
//for (int i = 0; i < info.branchCount; i++) {
// BNBranchType br = info.branchType[i];
// if ((br == BNBranchType::IndirectBranch) || (br == BNBranchType::UnresolvedBranch)) {
// return true;
// }
//}
return false;
} |
|
I've tested arm32
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
For x86_64 indirect calls like
call rax, binary ninja does not identify them as branch instruction.Thus even
BNBranchType::CallDestinationcannot record these indirect calls.Maybe by parsing the disassembly text token types can resolve this issue, as shown in https://api.binary.ninja/binaryninja.architecture-module.html#binaryninja.architecture.InstructionTextToken
The text was updated successfully, but these errors were encountered: