# PLT/IAT Resolution and Dynamic Loading Detection for Binary Analysis

## Module
Scanner

## Status
IMPLEMENTED

## Description
Enhanced binary call graph extraction using x86 and ARM64 disassembly to resolve PLT stubs to GOT entries and IAT thunks to actual import targets, plus heuristic detection of dynamic loading patterns (dlopen/LoadLibrary) for more complete binary reachability analysis.

## Implementation Details
- **Disassembly Engines**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/Disassembly/X86Disassembler.cs` - `X86Disassembler` disassembles x86/x64 code to resolve PLT stubs to GOT entries and extract call targets
  - `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/Disassembly/Arm64Disassembler.cs` - `Arm64Disassembler` disassembles ARM64 code for PLT/IAT resolution
  - `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/Disassembly/DirectCallExtractor.cs` - `DirectCallExtractor` extracts direct call targets from disassembled instruction streams
  - `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/Disassembly/BinaryTextSectionReader.cs` - Reads .text sections for disassembly
  - `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/Disassembly/BinaryDisassemblyModels.cs` - Models for disassembly results
- **Dynamic Loading Detection**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/Analysis/BinaryDynamicLoadDetector.cs` - `BinaryDynamicLoadDetector` detects dlopen/LoadLibrary/dlsym patterns for dynamic library loading
  - `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/Analysis/BinaryStringLiteralScanner.cs` - `BinaryStringLiteralScanner` scans string literals to identify dynamically loaded library names
- **Binary Call Graph Integration**:
  - `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/BinaryCallGraphExtractor.cs` - `BinaryCallGraphExtractor` integrates disassembly and dynamic load detection into call graph extraction
  - `src/Scanner/__Libraries/StellaOps.Scanner.CallGraph/Extraction/Binary/FunctionBoundaryDetector.cs` - Detects function boundaries for accurate call graph construction

## E2E Test Plan
- [ ] Scan a container with ELF binaries containing PLT stubs and verify PLT-to-GOT resolution identifies the actual imported functions
- [ ] Scan a container with PE binaries and verify IAT thunk resolution maps to actual import targets
- [ ] Verify x86/x64 disassembly correctly extracts direct call instructions and their targets
- [ ] Verify ARM64 disassembly correctly handles ADRP+ADD patterns for PLT resolution
- [ ] Verify dynamic loading detection identifies `dlopen`/`LoadLibrary` calls and extracts library name strings
- [ ] Verify the binary call graph includes both statically linked and dynamically loaded library references