Description
Version and Platform (required):
- Binary Ninja Version: 4.2.6405-dev Ultimate (79461eba)
- OS: macOS
- OS Version: 15.1
- CPU Architecture: arm64
Bug Description:
When analyzing Objective-C code in a framework extracted from the macOS dyld shared cache using a third-party tool, the high-level IL of a function is often collapsed to a single jump(…). The majority of the logic is missing. The low-level IL also terminates at what appears to be the first call to objc_msgSend, inlined from within an direct messaging stub function.
Steps To Reproduce:
- Use a tool like https://github.com/keith/dyld-shared-cache-extractor to extract frameworks from the macOS shared cache.
- Load /System/Library/Frameworks/AppKit.framework/Version/C/AppKit from the directory you extracted the shared cache to.
- Search for
_NSFullScreenMenuBarCompanionController disposein the symbol list. - Observe that in any of the IL or pseudo-code views, most of the function body is missing compared to the disassembly.
Expected Behavior:
Branches whose destinations cannot be resolved should not result in the entire function being collapsed.
Screenshots/Video Recording:
Low level IL, showing truncated IL
High level IL, showing body as a single jump(…)
First part of the disassembly
Binary:
See steps to reproduce.
Additional Information:
This is not specific to this particular function. Most/all functions within AppKit show this behavior.
The new built-in dyld shared cache extractor does not have this problem. Sadly its performance and memory use make it hard to use for quick analysis.