Allow use of symbol() function in variable address field

Question

Allow use of symbol() function in variable address field

pascalwerz opened this issue 2 years ago · 5 comments

Some target apps contain some debug symbols, being able to use symbol() in the address field when adding a variable would ease .slice documents to be more independent of these target apps version updates.

Answer 1 · 2023-03-21T15:07:06.000Z

More symbolic address expressions are a real plus for sharing .slice files by less depending on target’s version.
read[U]Int[8|16|32|64] in address expressions would make BitSlicer even more versatile by e.g. allowing to access an array element by its index read from target’s memory, such as in:
symbol("arrayName")+4*readUInt32(base()+0x12345678)

Answer 2 · 2023-03-22T03:36:26.000Z

It seems good to have. One reason it's disabled is that it can take a long time to compute and the code would have to be re-arranged in a more async manner. It might also need to require an exact string match. I guess like the scripting API, it would only return one (or no) result. Optionally you may also care about caching symbol results if the expression is dynamic (e.g, uses pointers for example)..

Answer 3 · 2023-03-22T08:42:11.000Z

it can take a long time to compute + re-arrange in a more async manner: as far as I noticed, CoreSymbolication private framework takes some time on the first call only (at least for each symbol owner). Following requests seem fast, so I‘m not sure it would be worth an async lookup. BTW, doesn’t getting an image base address exhibit the same timing issue?
require an exact string match: yes for the symbol.
return one (or no) result: yes, e.g. returning NULL for "symbol not found".

Answer 4 · 2023-03-23T02:12:58.000Z

BTW, doesn’t getting an image base address exhibit the same timing issue?

I think there's some optimizations / caching involved there.

I had to move symbolication to be async for searching some few releases ago as I was bitten by it taking some time. Maybe it was only for the first time, I don't remember, but it was enough where I had to adjust that bit of code.

Answer 5 · 2023-03-26T00:57:31.000Z

So I added being able to use symbol("foo") on top of main but I didn't add any optimizations to prevent any potential main-thread hangs. I figure this is better than not having it at least and with the small game samples I have, I haven't hit a beach ball yet. The function also takes an optional 2nd argument for the symbol owner (similar to the scripting interface https://github.com/zorgiepoo/Bit-Slicer/wiki/Debug-symbols)