dewolf icon indicating copy to clipboard operation
dewolf copied to clipboard

Published 20 hours ago verified publisher icon fkie-cad

[Expression Propagation] Propagating global variables

Open fnhartmann opened this issue 11 months ago • 0 comments

Proposal

We are currently skipping global variables in the Expression Propagation stages. But for example in extractme.zip it would be better for the readability to propagate them.

For the example, consider this block:

ecx_1#2 = *(i#2 + shellcode#2)
*(i#2 + shellcode#2) = ecx_1#2 ^ 0x13
shellcode#5 -> shellcode#2
eax_3#6 = i#2 + 0x1

ecx_1#2 should be propagated like this:

ecx_1#2 = *(i#2 + shellcode#2)
*(i#2 + shellcode#2) = (*(i#2 + shellcode#2)) ^ 0x13
shellcode#5 -> shellcode#2
eax_3#6 = i#2 + 0x1

(The example was decompiled with the changes made in #397.)

The restriction should be checked and maybe removed.

Used Binary Ninja version: 3.5.4526

Approach

A problem with global variables can be the memory version of the variable in the expression. So we could implement a check if the memory versions are matching. If so, the global variables can be propagated.

Afterwards, this should be tested in detail.

fnhartmann avatar Mar 14 '24 12:03 fnhartmann