Skip to content

[SharedCache] Debug symbols found by IDA are not being found by Binary Ninja #6633

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
WeiN76LQh opened this issue Apr 13, 2025 · 4 comments
Closed

[SharedCache] Debug symbols found by IDA are not being found by Binary Ninja #6633

WeiN76LQh opened this issue Apr 13, 2025 · 4 comments
Assignees
@emesare
Labels
File Format: SharedCache Issue with the dyld_shared_cache plugin Impact: Medium Issue is impactful with a bad, or no, workaround
Milestone
Gallifrey

Comments

@WeiN76LQh
Copy link

Version and Platform (required):

  • Binary Ninja Version: 5.0.7218-dev (c480ce0c)
  • OS: macOS
  • OS Version: 15.2
  • CPU Architecture: M1

Bug Description:
I'm noticing debug symbols found by IDA are not being found by Binary Ninja. An example is provided in the steps below. Seems like there might be quite a number missing.

Steps To Reproduce:
Please provide all steps required to reproduce the behavior:

  1. Open the DYLD Shared Cache from the IPSW for iPhone17,2 iOS 18.1.1 22B91
  2. Load the image /usr/lib/libobjc.A.dylib.
  3. Go to 0x20b3aba80 and observe the function has no symbol. In IDA the function is called __xpc_connection_call_event_handler, and also the surrounding functions have symbols as well in IDA.

Expected Behavior:
All symbols in the DSC should be found and applied.

Additional Information:
Not 100% sure but maybe the solution is to use the .symbols file. If I remember correctly the reworked DSC plugin doesn't.
@emesare emesare added File Format: SharedCache Issue with the dyld_shared_cache plugin Impact: Medium Issue is impactful with a bad, or no, workaround labels Apr 13, 2025
@emesare
Copy link
Member

emesare commented Apr 13, 2025

Seems to be the .symbols file

I went ahead and made a preliminary branch that fixes this: b2d387f

Following your PR #6210 I made some improvements such as identifying the symbol table entry based off the image address, the comment here suggests this is fine, and I am inclined to initially limit this parsing to 64bit, with a TODO to add 32bit support later (if the image address is not a VM).

There is still some code cleanup on that branch but the diff is quite small so I will likely finish it up later tomorrow evening when i merge the fixes for your other issues, however its not a bug or regression so it might not be merged for the 5.0 release, we will see.

Thank you again for the contributions. I apologize I did not get to this earlier, I made some comments to in the code to add this but I guess I never got around to it.

@emesare emesare self-assigned this Apr 13, 2025
@emesare
Copy link
Member

emesare commented Apr 13, 2025

Also let me know if you want to be co-authored on the commit once it lands, seeing as the rework itself incorporated some of your changes prior to this, it only seems fair. I can otherwise leave you out of the commit, either works for me. Thanks.

@WeiN76LQh
Copy link
Author

Don't worry about co-authoring me. Appreciate the quick follow up on the DSC issues.

@emesare
Copy link
Member

emesare commented Apr 14, 2025

Added with ea47d4c, on dev with >7221. Thank you again!

@emesare emesare closed this as completed Apr 14, 2025
@emesare emesare added this to the Gallifrey milestone Apr 14, 2025
@emesare emesare mentioned this issue Apr 16, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@emesare emesare

Labels
File Format: SharedCache Issue with the dyld_shared_cache plugin Impact: Medium Issue is impactful with a bad, or no, workaround
Projects
None yet
Milestone
Gallifrey
Development

No branches or pull requests
2 participants
@emesare @WeiN76LQh