Vector35
Analysis creates new stack variable despite the offset belongs to a structure on the stack / Ghost stack variable not in the variable list
We can see that analysis creates var_210 which appears to be not otherwise initialized before its usage.
lppe is at ebp-0x230, and ebp-0x20c is being var_210:
However, if we look at the stack, we can see it is actually the szExeFile field of struct PROCESSENTRY32W lppe:
Binary: proud wizard dances cheerfully (malware sample, zip passwd infected)
Here is another example: quick tiger dances eagerly
When we select var_c and press Y, the change type dialog pops up with the type of the function:
This happens because it cannot find the var var_c in the variable list -- current_function.vars also do not contain var_c, which is quite surprising. The same situation can be observed in the previous binary as well
Compare with stable 4.2 we can see that the variable has a void before it, and pressing Y on it works as expected
This is a regression introduced between stable 4.2 and stable 5.0