Reverse Engineering Asked by adg on November 27, 2020
When disassembling ARM binaries in Ghidra, I often see these warnings:
/* WARNING: Could not recover jumptable at 0x0747c198. Too many branches */
/* WARNING: Treating indirect jump as call */
What do they mean? What’s the underlying architectural concept I should learn about to understand the cause of these issues?
Here’s an example from a real program, seen in Ghidra’s disassembly:
if (param_2 == 0x78) {
/* WARNING: Could not recover jumptable at 0x0747c198. Too many branches */
/* WARNING: Treating indirect jump as call */
uVar3 = (*DAT_0747c19c)();
return uVar3;
}
From Ghidra.re:
Sometimes you will see warnings in the decompiler view stating that there are too many branches to recover a jumptable. One reason for this is that there actually is a jump table, but the decompiler can’t determine bounds on the switch variable
For your example, this is saying there may a jump table (which is really just an array of pointers), but the decompiler can't figure out what the different possibilities for param2 are.
Ghidra recommends:
In such cases, you can add the jump targets manually and then run the script SwitchOverride.java. Note: To find such locations in a program, run the script FindUnrecoveredSwitchesScript.java.
Answered by Shane Reilly on November 27, 2020
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP