Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Array indexing pattern unrecognized on ARM when array contents referenced via literal pool #4915

Closed
lwerdna opened this issue Jan 19, 2024 · 2 comments
Closed

Array indexing pattern unrecognized on ARM when array contents referenced via literal pool #4915

lwerdna opened this issue Jan 19, 2024 · 2 comments
Assignees
@lwerdna
Labels
Arch: ARM/Thumb Issues with the ARM/Thumb architecture plugin Component: Architecture Issue needs changes to an architecture plugin Core: LLIL Issue involves Low Level IL Core: MLIL Issue involves Medium Level IL Effort: Trivial Issue should take < 1 day
Milestone
Dorsai

Comments

@lwerdna
Copy link
Contributor

lwerdna commented Jan 19, 2024

Version and Platform (required):
3.6 on MacOS

Bug Description:
Binja has all the information it needs to produce the array indexing pattern, but it doesn't.

Steps To Reproduce:
Open test.o from the following archive: test.o.zip and go to _start:

image

Now go to 0x3C (array) and set its type to uint32_t[2]:

image

Back at 0x14 in _start, it should show an array access, but it doesn't:

image

Select the 0x3C in the line *(0x3c + (index << 2)) = r0 and make it a pointer (hotkey "o") and you get:

image

Expected Behavior:
Binja should show the array indexing pattern once the type of the base of the access is set to an array type. It should not require users to additionally hint the base address is a pointer.

Screenshots:
(see above)

Additional Information:
I think this is due to the 2-step indirection of retrieving the array base for literal pool loads:

image

The first load is from [pc, #0x18] within pool, which resolves to address 0x28, which contains the pointer to the array contents at 0x3C.
@lwerdna lwerdna added Component: Architecture Issue needs changes to an architecture plugin Core: LLIL Issue involves Low Level IL Core: MLIL Issue involves Medium Level IL Arch: ARM/Thumb Issues with the ARM/Thumb architecture plugin labels Jan 19, 2024
@lwerdna lwerdna added this to the Dorsai milestone Jan 19, 2024
@lwerdna lwerdna self-assigned this Jan 19, 2024
@lwerdna
Copy link
Contributor Author

lwerdna commented Jan 19, 2024

Test fix is on branch test_ssa_reg_deref_const_ptr and awaiting code review.

@bpotchik bpotchik added the Effort: Trivial Issue should take < 1 day label Jan 19, 2024
@lwerdna
Copy link
Contributor Author

lwerdna commented Jan 21, 2024

Fixed in https://github.com/Vector35/binaryninja/commit/6fc1329433f04badfca6057c13401a19cd3add4f

@lwerdna lwerdna closed this as completed Jan 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lwerdna lwerdna

Labels
Arch: ARM/Thumb Issues with the ARM/Thumb architecture plugin Component: Architecture Issue needs changes to an architecture plugin Core: LLIL Issue involves Low Level IL Core: MLIL Issue involves Medium Level IL Effort: Trivial Issue should take < 1 day
Projects
None yet
Milestone
Dorsai
Development

No branches or pull requests
2 participants
@lwerdna @bpotchik