FunctionID: Add option to disable namespace stripping #7228
+40
−11
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #5858
Overview
The linked issue isnt tracked or assigned but it has been getting a lot of attention. I also run into this namespace stripping problem all the time when reversing Rust binaries and using function IDs.
When we create function ID database (.fidb) files, the populate functions strip the function namespaces. This is a well documented limitation/feature of the FID implementation.
The linked issue describes the problem: C++ (and Rust) code often has simple names that clash when you remove the namespace. I added a checkbox under
Tools -> Function ID -> Populate FidDb from programs...
which can be used to disable namespace stripping. This checkbox is disabled by default so it does not affect the original behavior if left unchecked. Here is the key change inFidServiceLibraryIngest.java
at this line:before:
after:
where
function
is of typeFunction
which is an interface extendingNamespace
so this method is available:Using that we get the full symbol names including namespaces. The rest of the changes make sure the checkbox is added to the panel under
Tools -> Function ID -> Populate FidDb from programs...
and the setting gets passed through the code properly. I also updatedCreateMultipleLibraries.java
for headless mode.Testing
Before:
Note that the namespaces of
drop_slow
are stripped.After:
Note that the namespaces of
drop_slow
are not stripped.Known issue
After running a FID analysis and applying symbols from a .fidb file (containing function names with namespaces), the namespaces end up getting embedded in the function name:
This is why I marked this feature as experimental for now. I think this is a small issue compared to the huge gain we can achieve with keeping the namespaces.
I intend to improve/fix this in the future.