Merge pull request #17 from Br3nnabee/main

Added manual pointer scanning for .NET 7/10+

Author: Washi1337

src/main/java/nativeaot/NativeAotAnalyzer.java

@@ -23,6 +23,8 @@
 import ghidra.app.util.importer.MessageLog;
 import ghidra.framework.options.Options;
 import ghidra.program.model.address.Address;
+import ghidra.program.model.address.AddressOutOfBoundsException;
+import ghidra.program.model.address.AddressRangeImpl;
 import ghidra.program.model.address.AddressSet;
 import ghidra.program.model.address.AddressSetView;
 import ghidra.program.model.listing.Program;
@@ -145,8 +147,13 @@ private void processModule(Program program, Address moduleHeader, TaskMonitor mo
         PointerScanResult pointerScan;
         var section = directory.getSectionByType(ReadyToRunSection.DEHYDRATED_DATA);
         if (section == null) {
-            // TODO: determine pointer scanning range for .NET 7.0 binaries.
-            throw new UnsupportedOperationException("No dehydrated data found. This is likely .NET 7.0 metadata which is not supported at the moment.");
+            // Fallback for .NET 7.0 / 10.0+: Scan memory for pointers manually.
+            log.appendMsg(Constants.TAG, "No dehydrated data found. Attempting manual pointer scan.");
+            try {
+                pointerScan = scanForPointers(program, moduleHeader, monitor, log);
+            } catch (Exception ex) {
+                throw new Exception("Manual scan failed.", ex);
+            }
         } else {
             try {
                 // NOTE: Metadata rehydrators should be changed if the file format changes per rtr version.
@@ -221,4 +228,66 @@ private PointerScanResult rehydrateData(Program program, ReadyToRunSection rehyd
 
         return result;
     }
+
+    private PointerScanResult scanForPointers(Program program, Address moduleHeader, TaskMonitor monitor, MessageLog log) throws CancelledException {
+        var memory = program.getMemory();
+        var validAddresses = memory.getLoadedAndInitializedAddressSet();
+        var pointers = new java.util.ArrayList<Address>();
+
+        var moduleBlock = memory.getBlock(moduleHeader);
+        if (moduleBlock == null) {
+            log.appendMsg(Constants.TAG, "Could not find memory block for module header at " + moduleHeader);
+            return new PointerScanResult(new AddressRangeImpl(moduleHeader, moduleHeader), new Address[0]);
+        }
+        
+        // We use the block containing the module header as the scanning range
+        var scanningRange = new AddressRangeImpl(
+            moduleBlock.getStart(), 
+            moduleBlock.getEnd()
+        );
+
+        monitor.setMessage(Constants.TAG + ": Scanning for pointers...");
+        monitor.setMaximum(moduleBlock.getSize());
+        monitor.setProgress(0);
+
+        var start = moduleBlock.getStart();
+        var end = moduleBlock.getEnd();
+
+        // Align start to 8 bytes
+        long offset = start.getOffset();
+        if (offset % 8 != 0) {
+            start = start.add(8 - (offset % 8));
+        }
+
+        while (start.compareTo(end) <= 0) {
+            monitor.checkCancelled();
+            monitor.setProgress(start.getOffset() - moduleBlock.getStart().getOffset());
+            
+            // Read 64-bit value
+            try {
+                long value = memory.getLong(start);
+                
+                // Simple heuristic: If the value is an address that exists in memory, it's a candidate pointer.
+                // This includes pointers to code (VTable slots) and pointers to data (RelatedType, Interfaces).
+                if (validAddresses.contains(start.getNewAddress(value))) {
+                    pointers.add(start);
+                }
+            } catch (MemoryAccessException e) {
+                // Ignore read errors
+            }
+            
+            try {
+                start = start.add(8);
+            } catch(AddressOutOfBoundsException e) {
+                break; 
+            }
+        }
+        
+        log.appendMsg(Constants.TAG, "Found " + pointers.size() + " candidate pointers.");
+
+        return new PointerScanResult(
+            scanningRange,
+            pointers.toArray(Address[]::new)
+        );
+    }
 }