RTTI / vtables not discovered in images loaded from dyld shared cache

[bdash]

Version and Platform (required):

• Binary Ninja Version: 5.0.7189-dev (79570147)
• OS: macOS 15.4
• CPU Architecture: arm64

Bug Description:
RTTI and vtables are discovered and annotated in regular Mach-O binaries, but this does not appear to work in images loaded from the shared cache.

Steps To Reproduce:

1. Open a macOS 15.x shared cache and load /System/Library/Frameworks/Metal.framework/Versions/A/Metal
2. Search for typeinfo or vtable in the symbols pane and click around.

Expected Behavior:
Glorious structs!

[emesare]

To do this we need a way to queue a module level activity. Currently this is managed through AddAnalysisOption, we do this for linearsweep, but that is currently special-cased in the core (same goes for pointer sweep and the signature matcher).

I can otherwise just modify the rtti and vft activities to run always? I am not sure, will have to double check.

[WeiN76LQh]

A workaround would probably be to hold auto analysis initially, load all the desired images and then let analysis run.

To do this we need a way to queue a module level activity. Currently this is managed through AddAnalysisOption, we do this for linearsweep, but that is currently special-cased in the core (same goes for pointer sweep and the signature matcher).

I can otherwise just modify the rtti and vft activities to run always? I am not sure, will have to double check.

My experience with module activities are that they can be triggered alot so if the activity is doing anything remotely expensive it might not be the best solution.