How exactly do global registers work? #1661
-
|
My understanding of the "global registers" feature ( How is this fixed value discovered, and more to the point, how can I convince Binary Ninja that a global register has a certain value when it fails to automatically discover it and instead leaves it as the register with undetermined value in IL? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
It works in concert with the global pointer register (if any) specified in the calling convention. At present, a CC can only list a single global pointer register, and that should probably be expanded. Essentially, once a write to global pointer register is found in a function, it can be copied up as the global pointer value for the binaryview, and then substituted in for reads from the global pointer register when analyzing functions. As some ABIs include multiple global registers with fixed (or fixed within certain regions) values, it's going to be expanded further at some point. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the response. Am I understanding correctly that at the moment it is not possible to have more than one fixed register in any one function, since a calling convention has at most one global pointer register? And that My motivation here is that I have an architecture/ABI that has two such fixed registers in every function and I'm looking for a way for Binary Ninja to substitute both of them for their fixed value, and not just one of them as it does now; however it sounds like that may not be possible right now unfortunately. |
Beta Was this translation helpful? Give feedback.
-
|
You are correct in that a BinaryView right now will have one global register value. For calling conventions there’s another option though: they have a callback for providing the initial value of registers, which is how we handle |
Beta Was this translation helpful? Give feedback.
It works in concert with the global pointer register (if any) specified in the calling convention. At present, a CC can only list a single global pointer register, and that should probably be expanded. Essentially, once a write to global pointer register is found in a function, it can be copied up as the global pointer value for the binaryview, and then substituted in for reads from the global pointer register when analyzing functions.
As some ABIs include multiple global registers with fixed (or fixed within certain regions) values, it's going to be expanded further at some point.