Implement a Pseudo Objective-C language representation #6807
+634
−104
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bdash
force-pushed
the
objc-pseudo-language
branch
from
7240294 to
487602f
Compare
bdash
added a commit
to bdash/workflow_objc
that referenced
this pull request
May 8, 2025
…ementations The setting is on by default to preserve the current experience. It should likely be revisited as related changes are merged. I find this to be confusing as often as it is helpful since it picks the first implementation of the selector it sees without consideration for the type of the receiver. This is particularly annoying if the binary being analyzed implements a method with the same name as a commonly-used method on a system type (`-description` or `-path`, for instance), or has methods with generic names (`-initWithURL:`) on many types. Explicit cross-references from selectors to method implementations make it possible to see the potential implementations without rewriting the call, and an Objective-C pseudo-language (Vector35/binaryninja-api#6807) provides an even more natural representation of Objective-C message sends without these downsides.
bdash
force-pushed
the
objc-pseudo-language
branch
2 times, most recently
from
50a7b54 to
a20a8b8
Compare
This is implemented in the Pseudo C plug-in as it shares 99% of the logic. The Objective-C support is implemented in a subclass of `PseudoCFunction`. The handling of instruction types that the Objective-C representation needs to customize is extracted into virtual functions that the Objective-C subclass overrides. This currently supports: * Rewriting `objc_msgSend` / `objc_msgSendSuper2` with constant selectors to `[receiver message]` notation. * Rewriting calls to `objc_alloc` / `objc_alloc_init` / `objc_new` to the equivalent message send notation. * Rewriting `objc_retain` / `objc_release` and friends to the equivalent message send notation. * Displaying Objective-C class references as their class names rather than `_OBJC_CLASS_$_` symbol names. * Displaying Objective-C string literals as `@"..."`. This works best when used in conjunction with https://github.com/bdash/bn-objc-extras as the reference counting runtime calls add so much clutter.
…an implementation These are detected by their function names having the characteristic `-[ClassName methodName:]` format. Calls to functions with this naming pattern that accept a selector as a second argument are assumed to be `objc_msgSend` calls that the Objective-C workflow rewrote. These calls are formatted identically to other `objc_msgSend` calls with the exception that the selector tokens reference the address of the call target rather than the selector string, so double-clicking on them takes you to the fixed destination of the rewritten call.
bdash
force-pushed
the
objc-pseudo-language
branch
from
a20a8b8 to
dabc917
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is implemented in the Pseudo C plug-in as it shares 99% of the logic. The Objective-C support is implemented in a subclass of
PseudoCFunction. The handling of instruction types that the Objective-C representation needs to customize is extracted into virtual functions that the Objective-C subclass overrides.This currently supports:
objc_msgSend/objc_msgSendSuper2with constant selectors to[receiver message]notation.objc_alloc/objc_alloc_init/objc_newto the equivalent message send notation.objc_retain/objc_releaseand friends to the equivalent message send notation._OBJC_CLASS_$_symbol names.@"...".This works best when used in conjunction with bdash/bn-objc-extras as it supports eliminating the reference counting runtime calls that add so, so much clutter.