Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rewrite msgSend calls with known receiver type #16

Open
fmagin opened this issue Aug 1, 2024 · 0 comments
Open

Rewrite msgSend calls with known receiver type #16

fmagin opened this issue Aug 1, 2024 · 0 comments
Milestone
Better Objective-...

Comments

@fmagin
Copy link
Collaborator

fmagin commented Aug 1, 2024

With the types injected by #15 Ghidra's regular type analysis will then run and should propagate these types forward to msgSend callsites.

This means we can write another analysis that uses the decompiler, to now check for the type of the first argument to a msgSend call which will not always be just ID anymore. It can then look up the class_t struct for that type and search for the function implementing the selector (from the second argument).

Ghidra can then be told to rewrite this msgSend call to a call to the actual implementing function:

val reference = program.referenceManager.addMemoryReference(
                    msgSendCallsiteAddress, implementationAddress,
                    RefType.COMPUTED_CALL, SourceType.ANALYSIS, 0)
program.referenceManager.setPrimary(reference, true)

Should run as AnalysisPriority.DATA_TYPE_PROPOGATION.after(), unclear as which AnalysisType.FUNCTION_* exactly
@fmagin fmagin added this to the Better Objective-C Analysis milestone Aug 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Better Objective-C Analysis
Development

No branches or pull requests
1 participant
@fmagin