Using the name "binary" for a program is confusing when there is a file format in IDA named "binary file" #189
Replies: 4 comments
-
That code that you've linked isn't the same as what you've pasted? You linked line #79, but lines 72-94 looks like: Lines 72 to 94 in af07f16 But, to clarify. This is just aesthetic and is only to display some status of the inf structure once the processor module has been determined. Other than the function assigning an instance of the inf structure, it is unable to be interacted with by the user. This is is why it's only fetching attributes from the structure and not attempting to do anything with real purpose. If the inf structure cannot return these attributes, it should produce an exception along with a bug report. |
Beta Was this translation helpful? Give feedback.
-
Line 79 is the line I think is wrong (or rather wanted to be changed into the code I proposed) format = 'library' if information.lflags & idaapi.LFLG_IS_DLL else 'binary' should be format = "Unknown"
if ida_idaapi.get_inf_structure().is_dll():
format = "Shared object"
elif ida_loader.get_file_type_name() == "Binary file":
format = "Binary"
else: # This might not be a good idea since we might have somethine else that DLL/Binary/Program that can be returned?
format = "Program" |
Beta Was this translation helpful? Give feedback.
-
So, the reason why I'm not sure about this is because this hook is not related at all to the loader whatsoever. It's actually just acting on information about the database and not what loaders/processors write into the database. The logging it emits is mostly for distinguishing what "type" of a database was created by the disassembler and is only a courtesy when running multiple instances of the disassembler in parallel. The other thing is that doing an explicit comparison for the file type name would mean that I would need to add checks for every file type name to ensure it's formatted properly rather than just distinguish this as a boolean. If you have a better name for "not a shared object", I'd consider that instead...But, one thing to keep in mind is that not everything is a "Program", it could be firmware, it could be random bytes, etc. But it always can be considered binary data. Another thing is that I'm unsure about the casing because of how it gets plugged into its sentence that gets pasted when the hook executes. Despite the logger suckage (I am just one man after all and can't fix _everything_), it is a proper sentence that doesn't attempt to detract you from its intent.
|
Beta Was this translation helpful? Give feedback.
-
Converting to a discussion under "Ideas". |
Beta Was this translation helpful? Give feedback.
-
When checking if the file is a DLL/SO or a program, the name "binary" is used and can easily be confused with a file type that is pure data (such as shellcode)
ida_loader.get_file_type_name() # returns "Binary file" on shellcode
The code do not make a difference on "binary file" and "runnable program"
https://github.com/arizvisa/ida-minsc/blob/af07f167a0992aed3f3a2a1670593880baa57820/base/database.py#L79C16-L79C16
Beta Was this translation helpful? Give feedback.
All reactions