binaryninja-api icon indicating copy to clipboard operation
binaryninja-api copied to clipboard
verified publisher icon Vector35

Incorrect HLIL lifting of overloaded functions

Open xusheng6 opened this issue 3 years ago • 1 comments

In the given crackme, for the following code snippet:

00001b89  lea     rdx, [rbp-0x60 {const_str}]
00001b8d  lea     rax, [rbp-0x40 {input}]
00001b91  mov     rsi, rdx {const_str}
00001b94  mov     rdi, rax {input}
00001b97  call    std::string::string

The HLIL becomes

00001b97      std::string::string(this: &input)

Which is wrong, because we can see from the disassembly that is calling the copy constructor of std::string. If we open the split view and see the corresponding disassembly instructions mapping to the HLIL, we can see the line 00001b91 mov rsi, rdx {const_str} is not highlighted.

Screen Shot 2022-08-21 at 11 44 24 AM

I suspect this is caused by the fact that the string ctor is overloaded and there are two versions of it, i.e., one with one parameters, and one with two parameters.

xusheng6 avatar Aug 21 '22 03:08 xusheng6

Are there type libraries for that call in this binary? I suspect not. If so there likely isn't much we can to about it other than fix the typelibrary.

plafosse avatar Aug 29 '22 18:08 plafosse