Describe the bug
In the attached test.zip there is an x86_32 Windows executable Test.exe compiled and linked with the Visual Studio 2005 Professional Edition toolchain. For the instruction at 0x00401029, MOVZX EDX,byte ptr [EAX + 0x4010d8], Ghidra generates a reference to 0x004010d3 when it should be to 0x4010d8. This instruction is a lookup into the value table for a switch statement. The reference to the jump table from the indirect jump instruction at 0x00401030 for the same switch statement is correctly marked.
To Reproduce
- Open
Test.exe in Ghidra and let the analysis complete.
- Jump to the instruction at
0x00401029
- Observe that the reference is to
0x004010d3
Expected behavior
The instruction at 0x00401029 references 0x004010d8.
Screenshots
Attachments
test.zip
Environment:
- OS: Windows 10 Home 22H2 19045.4529
- Java Version: 20.0.1
- Ghidra Version: 11.1.1
- Ghidra Origin: official GitHub distro releases
Additional Context
This was discovered in boricj/ghidra-delinker-extension#6.
Describe the bug
In the attached
test.zipthere is an x86_32 Windows executableTest.execompiled and linked with the Visual Studio 2005 Professional Edition toolchain. For the instruction at0x00401029,MOVZX EDX,byte ptr [EAX + 0x4010d8], Ghidra generates a reference to0x004010d3when it should be to0x4010d8. This instruction is a lookup into the value table for a switch statement. The reference to the jump table from the indirect jump instruction at0x00401030for the same switch statement is correctly marked.To Reproduce
Test.exein Ghidra and let the analysis complete.0x004010290x004010d3Expected behavior
The instruction at
0x00401029references0x004010d8.Screenshots
Attachments
test.zip
Environment:
Additional Context
This was discovered in boricj/ghidra-delinker-extension#6.