On lines 67, 70 and 77 ghidra makes a call to what I assume is a member function, but it does not show me which member function. Why is that?
Example from line 70:
(**(code **)(*(longlong *)metaStream + 0xd8))(metaStream)
Call in assembly:
qword ptr [RAX + 0xd8]
How can I make ghidra show me which function is being called?
The problem is that Ghidra for whatever reason cannot determine what the actual target of this call is. This might just be a limitation of the C++ support in Ghidra. There are plugins that try to support this better:
but you can also do this manually if you already know the target function via manual reverse engineering:
ref = program.referenceManager.addMemoryReference(
callsite, # FROM, the address of the call instruction
func_address, //TO, the address of the function being called
RefType.UNCONDITIONAL_CALL,
SourceType.USER_DEFINED,
0)
program.referenceManager.setPrimary(ref, true)
