Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FunctionID: Add option to disable namespace stripping #7228

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

gemesa
Copy link
Contributor

@gemesa gemesa commented Nov 26, 2024

Fixes #5858

Overview

The linked issue isnt tracked or assigned but it has been getting a lot of attention. I also run into this namespace stripping problem all the time when reversing Rust binaries and using function IDs.

When we create function ID database (.fidb) files, the populate functions strip the function namespaces. This is a well documented limitation/feature of the FID implementation.

The linked issue describes the problem: C++ (and Rust) code often has simple names that clash when you remove the namespace. I added a checkbox under Tools -> Function ID -> Populate FidDb from programs... which can be used to disable namespace stripping. This checkbox is disabled by default so it does not affect the original behavior if left unchecked. Here is the key change in FidServiceLibraryIngest.java at this line:

before:

name = function.getSymbol().getName();

after:

name = function.getSymbol().getName(disableNamespaceStripping);

where function is of type Function which is an interface extending Namespace so this method is available:

	/**
	 * Returns the fully qualified name
	 * @param includeNamespacePath true to include the namespace in the returned name
	 * @return the fully qualified name
	 */
	public String getName(boolean includeNamespacePath);

Using that we get the full symbol names including namespaces. The rest of the changes make sure the checkbox is added to the panel under Tools -> Function ID -> Populate FidDb from programs... and the setting gets passed through the code properly. I also updated CreateMultipleLibraries.java for headless mode.

Testing

Before:

image

Note that the namespaces of drop_slow are stripped.

After:

image

image

Note that the namespaces of drop_slow are not stripped.

Known issue

After running a FID analysis and applying symbols from a .fidb file (containing function names with namespaces), the namespaces end up getting embedded in the function name:

image

This is why I marked this feature as experimental for now. I think this is a small issue compared to the huge gain we can achieve with keeping the namespaces.

I intend to improve/fix this in the future.

@gemesa
Copy link
Contributor Author

gemesa commented Nov 27, 2024

There is a simple solution for this known issue actually:

image

Select the function and press L (rename):

image

Do not change anything just click OK.

The namespace is registered:

image

@gemesa gemesa force-pushed the fid-namespace-stripping-exp branch from fcdf7e1 to de7cdae Compare November 29, 2024 19:43
@gemesa gemesa changed the title Function ID: Add option to disable namespace stripping FunctionID: Add option to disable namespace stripping Nov 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Function ID registration without stripping namespaces
2 participants