Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tailjmps to reloc targets are decompiled until infinity #312

Open
dmknght opened this issue Jan 19, 2023 · 2 comments
Open

Tailjmps to reloc targets are decompiled until infinity #312

dmknght opened this issue Jan 19, 2023 · 2 comments

Comments

@dmknght
Copy link

dmknght commented Jan 19, 2023
edited
Loading

Linux Kernel Modules has no ret in functions. Rizin is able to detect them. However, the decompiler failed to parse data of each function, causing very long function in decompiler widget which is totally wrong, or causing decompile time out
Step to reprocedure (with cutter)

  1. Open kernel module (soundcore.ko in this very case)
  2. Show the function sym.register_sound_dsp
  3. See the wrong output in decompiler widget

Screenshots

  1. List of functions
    image
  2. Function in Graph widget
    image
  3. Function in Decompiler widget
    image

The function sym.register_sound_special is even worse
image
image

Click on the .text.unlikely makes Decompiler shows totally wrong function from function name
image

The output is the same in rizin -> the problem is the plugin ghidra
image

And other issue relates to #229. sym.register_sound_dsp showed function __fentry__ is called. However, Decompiler widget failed to show function name.
image
image

Tested binary
issue312_ghidra_failed_to_detect_functions.zip
thestr4ng3r added a commit that referenced this issue Jan 20, 2023
@thestr4ng3r
Register functions from reloc targets
ca28f78 
Rizin shows calls to reloc targets as their function names in
disassembly. We do the same in the decompiler.
Addresses #312
@thestr4ng3r thestr4ng3r mentioned this issue Jan 20, 2023
Merged
thestr4ng3r added a commit that referenced this issue Jan 20, 2023
@thestr4ng3r
Register functions from reloc targets
d371317 
Rizin shows calls to reloc targets as their function names in
disassembly. We do the same in the decompiler.
Addresses #312
@thestr4ng3r
Copy link
Member

Function names from reloc targets work now.

The __x86_return_thunk is handled in ghidra because it applies a flow override to the respective jmp instructions:
Bildschirm­foto 2023-01-20 um 13 50 49

There are ways to address this in rizin/rz-ghidra too, but currently none that is trivial or straightforward. As a quick and dirty workaround for this bin, you can do e io.cache=1; wa ret @ reloc.target.__x86_return_thunk

@thestr4ng3r thestr4ng3r changed the title Decompiler can't detect functions properly as showed in disasm and function widgets Tailjmps to reloc targets are decompiled until infinity Jan 22, 2023
@dmknght
Copy link
Author

dmknght commented Feb 3, 2023

Hello! This method worked for me. Hope it will be fixed by default soon.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@thestr4ng3r @dmknght