FunctionID and inlined strcpy #3543
-
|
I have noticed when decompiling certain binaries that Ghidra cannot recognize strcpy and other functions, especially if they have been inlined. Does anybody know of a method to overcome this? I'm thinking it might be something in my analysis options or possibly needing to run a custom script. (I do notice that IDA can detect these functions when I run the two side-by-side). So far I have tried clearing the bytes and re-disassembling, creating a new function (with and without the "inline" option set), and running a variety of ported signatures and FIDBs. Attached is two pictures, one of a very simple, inlined program, and the other a more complex example wherein the decompiled code between the two uVar9 = 0xFFFFFFFFs is supposed to be strcpy
Basic strcpy of one buffer to another which has been inlined.
Function which compares the first 4 bytes of a user command (i.e. "USER") and then if correct, prints "Hello USER X" (where X is a username). I apologize if this has already been submitted, I am new to Ghidra and the associated terminology! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
There is no way to overcome this yet. |
Beta Was this translation helpful? Give feedback.
There is no way to overcome this yet.