Function type is invalid by default

[Kharos102]

Binary Ninja Version: 3.0.3337-dev Personal, 7daa28e8
Platform: Windows 11 Version 2009
Example File: C:\windows\system32\wevtsvc.dll

When disassembling this file with symbols, Binja will create the function prototypes.

However, these prototypes can be invalid when attempting to edit them.

The screenshot I've attached is the function prototype as created by binary ninja when parsing the file with symbols, if I go to edit it, its already invalid before I can change it (so if i wanted to change arg2 to another type, it wouldn't work because something with the pre-filled prototype defined by binja prevents parsing).

[plafosse]

This is likely due to us not parsing the __ptr64 We should be hiding those when we emit the string.

[plafosse]

This output comes from the output of the msvc++ name demangler.

[Kharos102]

This is likely due to us not parsing the __ptr64 We should be hiding those when we emit the string.

Yes, fixing up this line does fix this issue.

[CouleeApps]

Clang says: '__ptr64' attribute only applies to pointer arguments. This is a bug in whatever generated that type, since __ptr64 does not apply to references. It should be easily worked around by changing the parameter type to a pointer. Will leave this open for future as this is likely a bug with the PDB parser.

[Kharos102]

sample.zip
Adding another example here which may be the same issue?

It affects a rust binary compiled for Arm64 rust (no PDBs) -- trying to change the type of a function symbol generated during analysis is also invalid by default.

Attached the screenshot and binary.

[CouleeApps]

int128_t is not supported on the default type parser-- try switching to Clang in the Settings (analysis -> type parser) or use a different type.

[fuzyll]

We're closing this as fixed because it should work with the Clang parser. Please let us know if this isn't actually fixed and we'll look into it further.

[Kharos102]

Hi,

This still is broken, even with the latest dev binja.

This time the error is different, see the screenshot of the result of analysing "c:\windows\system32\wevtsvc.dll" and attempting to change the function type (but not changing it, just immediately hitting ok)

[CouleeApps]

Looks like the PDB did not define the class wmi::AutoRef<class Log> and so Clang creates an empty struct when it sees class wmi::AutoRef<class Log> and returns that instead of the function. I'm not quite sure what the expected behavior is here, considering that the "change type" dialog is now trying to define a type, but the PDB loader bugs are still leading to type parsing bugs down the line.