Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
[9.1 beta] Demangling VS C++ functions not working in autoanalysis
See original GitHub issueDescribe the bug After autoanalisys of a .exe win executable (demangle enabled, importing PDB with debug symbols), one can see that all the mangled C++ symbols are not demangled. The exe was compiled with Visual Studio. I’ve tried to run the demangler separately after, but no luck - it doesn’t work and does show this message:
Demangle Symbol> Unable to demangle symbol at 007caf60; name: ??_C@_0BJ@JOACEOKL@Fri?5Dec?5?57?516?314?334?52012?$AA@. Message: Symbol name matches possible default symbol name: s_Fri_Dec__7_16:14:34_2012
Demangle Symbol> Unable to demangle symbol at 007db9a4; name: ??_C@_04KIACLCF@1280?$AA@. Message: Symbol name matches possible default symbol name: s_1280
Demangle Symbol> Unable to demangle symbol at 007db9ac; name: ??_C@_04MJHCKDHM@1024?$AA@. Message: Symbol name matches possible default symbol name: s_1024
Demangle Symbol> Unable to demangle symbol at 007e9454; name: ??_C@_04GGHKDNGG@4000?$AA@. Message: Symbol name matches possible default symbol name: s_4000
Demangle Symbol> Unable to demangle symbol at 007e945c; name: ??_C@_04FLBKBENG@5000?$AA@. Message: Symbol name matches possible default symbol name: s_5000
Demangle Symbol> Unable to demangle symbol at 007e9464; name: ??_C@_04BMLKGOAG@6000?$AA@. Message: Symbol name matches possible default symbol name: s_6000
Demangle Symbol> Unable to demangle symbol at 007e946c; name: ??_C@_04CBNKEHLG@7000?$AA@. Message: Symbol name matches possible default symbol name: s_7000
Demangle Symbol> Unable to demangle symbol at 007e9474; name: ??_C@_04KDIKNAGH@8000?$AA@. Message: Symbol name matches possible default symbol name: s_8000
Demangle Symbol> Unable to demangle symbol at 007e947c; name: ??_C@_04JOOKPJNH@9000?$AA@. Message: Symbol name matches possible default symbol name: s_9000
Demangle Symbol> Unable to demangle symbol at 007e9484; name: ??_C@_05CLDMBJBA@10000?$AA@. Message: Symbol name matches possible default symbol name: s_10000
Demangle Symbol> Unable to demangle symbol at 007e948c; name: ??_C@_05BGFMDAKA@11000?$AA@. Message: Symbol name matches possible default symbol name: s_11000
Demangle Symbol> Unable to demangle symbol at 007e9494; name: ??_C@_05FBPMEKHA@12000?$AA@. Message: Symbol name matches possible default symbol name: s_12000
Demangle Symbol> Unable to demangle symbol at 007e949c; name: ??_C@_05GMJMGDMA@13000?$AA@. Message: Symbol name matches possible default symbol name: s_13000
Demangle Symbol> Unable to demangle symbol at 007e94a4; name: ??_C@_05NOLMLPNA@14000?$AA@. Message: Symbol name matches possible default symbol name: s_14000
Demangle Symbol> Unable to demangle symbol at 007fd4f0; name: ??_C@_04ECAGGAOJ@defb?$AA@. Message: Symbol name matches possible default symbol name: s_defb
Params are named correctly, but their type is not right - should be inferred from the signature I guess.
So, I’ve separately run the DemangleAllScript.java script and it worked. Same error messages as above.
Expected behavior Function names demangled during autoanalysis.
Environment (please complete the following information):
- OS: Windows 10 latest update
- Java Version: 11
- Ghidra Version: 9.1 beta - 24/09
Issue Analytics
- State:
- Created 4 years ago
- Comments:8 (5 by maintainers)
Top Results From Across the Web
Ghidra Change History
Critical Ghidra 10.1-BETA Issue: Corrected external function bug introduced in Ghidra 10.1-BETA which caused new functions to not be marked as primary.
Read more >iOS Hacker's Handbook - IT-DOCS
The built apps can run in an iOS simulator or can be put on real devices for testing. The apps are then sent...
Read more >https://raw.githubusercontent.com/NationalSecurity...
Fixed issues with Debugger when dbgeng/dbgmodel connectors load/debug crash dumps. ... C-Parser handles arrays of function pointers and anonymous function ...
Read more >Section #1 (List of General Commands) - Linux: Man Pages
apport-unpack - extract the fields of a problem report to separate ... cproto - generate C function prototypes and convert function
Read more >CentOS 7.9.2009 for x86_64 - RPMFind
active · modules · 100 · abrt · accountsd · acct · afs · aiccu · aide · ajaxterm · alsa · amanda...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Just talked to @ghizard. The issue is assigned internally, but not yet resolved.
This got fixed in 9.2, but the ticket never got closed out properly. The release note will show up in Ghidra 9.2.1 under GT-3185.