Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possible sleigh misrepresentation for indirect memory operations #5806

Open
Wall-AF opened this issue Sep 19, 2023 · 0 comments
Open

Possible sleigh misrepresentation for indirect memory operations #5806

Wall-AF opened this issue Sep 19, 2023 · 0 comments
Assignees
@caheckman
Labels
Feature: Decompiler Status: Triage Information is being gathered

Comments

@Wall-AF
Copy link

Wall-AF commented Sep 19, 2023

Is there a bug/missing/incorrect sleigh specifications here?

In the assembly statement below, the address from which the register (AX) is populated is recognised as a member of the global structure (defined at location DS:9e86 of length 0x47a bytes):

Address DS:a2dc = g_Obj0x47a_DS_9e86.nElemsIn0x472And0x476_0x456

11a0:1511 a1 dc a2           MOV AX,DS:[g_Obj0x47a_DS_9e86.nElemsIn0x472And0x476_0x456]
Constructor Line #'s:
   MOV(ia.sinc:3074), moffs16(ia.sinc:930), seg16(ia.sinc:767)

3074	:MOV AX,moffs16        is vexMode=0 & opsize=0 & byte=0xa1; AX & moffs16 { AX=moffs16; }
930	moffs16: seg16^[imm16] is addrsize=0 & seg16 & imm16 { tmp:$(SIZE) = segment(seg16,imm16:2); export *:2 tmp; }
767	seg16: DS:             is segover=0 & DS	     { export DS; }

Whereas in the following assembly (which uses a more complex statement) the address 0xa0ac isn't converted into the structures field it represents:

Address DS:a0ac = g_Obj0x47a_DS_9e86.field20_0x226

11a0:1547 8a 87 ac a0        MOV AL,byte ptr DS:[BX + 0xa0ac]
Constructor Line #'s:
   MOV(ia.sinc:3065), rm8(ia.sinc:986), Mem(ia.sinc:785), Mem16(ia.sinc:783),
   seg16(ia.sinc:767), addr16(ia.sinc:703), Reg8(ia.sinc:629)

3065	:MOV Reg8,rm8         is vexMode=0 & byte=0x8a; rm8 & Reg8 ... { Reg8 = rm8; }
986	rm8: "byte ptr" Mem   is Mem                                   { export *:1 Mem; }
785	Mem: Mem16            is addrsize=0 & Mem16                    { export Mem16; }
767	seg16: DS:            is segover=0 & DS	                       { export DS; }
703	addr16: [BX + imm16]  is mod=2 & r_m=7 & BX; imm16             { local tmp=BX+imm16; export tmp; }
629	Reg8:   reg8          is reg8                                  { export reg8; }

It should be:
11a0:1547 8a 87 ac a0 MOV AL,byte ptr DS:[BX + g_Obj0x47a_DS_9e86.field20_0x226]

I've noticed elsewhere that if the MOV statement just uses the indirection [BX] and BX is the result of what seems an arbitrary complex address calculation, the structures' field is shown.

Could this also be a reason for #5720 (comment)?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@caheckman caheckman

Labels
Feature: Decompiler Status: Triage Information is being gathered
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ryanmkurtz @caheckman @Wall-AF