PDB Can create DataVariable to types which don't exist

[NeoQuix]

Version and Platform (required):

• Binary Ninja Version: 3.4.4231-dev
• OS: Arch Linux
• OS Version: -
• CPU Architecture: x64

Bug Description:
Can't access value property of an DataVariable because of ValueError: Couldn't find target for type.
Type is enum HRTType.

Steps To Reproduce:
With a python shell:

Python 3.10.10 (main, Mar  5 2023, 22:26:53) [GCC 12.2.1 20230201] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from binaryninja import BinaryViewType
>>> bv = BinaryViewType.get_view_of_file("esentutl.exe")
>>> dv = bv.get_data_var_at(0x140056c08)
>>> dv.value
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/.../BinaryNinja/python/binaryninja/binaryview.py", line 9228, in value
    return self._accessor.value
  File "/.../BinaryNinja/python/binaryninja/binaryview.py", line 9081, in value
    return self._value_helper(self.type, self.view.read(self.address, len(self.type)))
  File "/.../BinaryNinja/python/binaryninja/binaryview.py", line 9121, in _value_helper
    raise ValueError("Couldn't find target for type")
ValueError: Couldn't find target for type

Expected Behavior:
Access value of DataVariable

Additional Information:
Binary which produces errror: esentutl.tar.gz

[plafosse]

The problem here is that the type at the DataVariable in question is a NamedTypeReference which points to a type which doesn't exist. I don't know how you got into this state but the code above is working as intended. This would be equivalent to a compiler error like if you had done:

typedef enum foobar HRTType;

and tried to compile it. You'd get a 'foobar' is not defined. My assumption is that you wrote a script to define this type and perhaps made a mistake. If however you were able to create this though the UI this would be a bug though not in the area that is pointed out in the code above.

[NeoQuix]

Sry! Forgot to answer.

I get your point and it's totally valid if the type was set by a custom script.
But here the type HRTType is set by binary ninja itself, using the PDB debug information provided by microsoft.
If you have PDB enabled, even the GUI does not know the value of the variable at 0x140056c08.

[plafosse]

Ah yes you're right then this is a bug. I've ran into this too. I thought there was already an issue for this bug but it looks like there isn't.

[CouleeApps]

This is the fault of the name demangler. The symbol hrtt aka ?hrtt@@3W4HRTType@@A has a raw name that demangles to HRTType hrtt, but the PDB does not contain the type HRTType and the demangler does not create an empty type on the view for it either.

Looks like there is no main issue for this (all of the ones i can find are specific to other weird cases). I'll go make one for it, I guess. Relevant: #3062 #2757

[CouleeApps]

Potential solutions here are:

1. Leave the broken demangler alone and make the PDB loader handle it
2. Fix the demanglers and make them actually create used types (PDB will then need to detect this and overwrite with the real type if it gets one)

For the purposes of this issue, option 1 would solve it fastest. Option 2 is the longer term correct solution, though.

[CouleeApps]

I've made #4551 to track the main issue for this. I'll leave this open as a band-aid solution for PDB is probably higher value-for-time than fixing the real problem right now.

[CouleeApps]

This is being addressed for PDBs specifically in build >= 3.5.4455-dev. Referenced missing types will have empty structures and enums created when loading a PDB. The general issue #4551 remains open for now though.

[ccarpenter04]

Is there any chance the same solution could be implemented for DWARF debug data?