anvill icon indicating copy to clipboard operation
anvill copied to clipboard

Published 20 hours ago verified publisher icon lifting-bits

State structure isn't eliminated

Open pgoodman opened this issue 4 years ago • 2 comments

Also, basic block addresses can be observed. Also, this function uses a retn, which is not recognized correctly in IDA.

{"functions": [{"return_stack_pointer": {"register": "ESP", "type": "I", "offset": 4}, "return_values": [{"register": "EAX", "type": "i"}], "return_address": {"type": "I", "memory": {"register": "ESP", "offset": 0}}, "parameters": [{"type": "i", "memory": {"register": "ESP", "offset": 4}}, {"type": "i", "memory": {"register": "ESP", "offset": 8}}, {"type": "i", "memory": {"register": "ESP", "offset": 12}}], "address": 6622921}, {"return_stack_pointer": {"register": "ESP", "type": "I", "offset": 4}, "return_values": [{"register": "EAX", "type": "i"}], "return_address": {"type": "I", "memory": {"register": "ESP", "offset": 0}}, "parameters": [{"type": "i", "memory": {"register": "ESP", "offset": 4}}, {"type": "i", "memory": {"register": "ESP", "offset": 8}}, {"type": "i", "memory": {"register": "ESP", "offset": 12}}, {"type": "i", "memory": {"register": "ESP", "offset": 16}}, {"type": "i", "memory": {"register": "ESP", "offset": 20}}, {"type": "i", "memory": {"register": "ESP", "offset": 24}}], "address": 6595488}], "arch": "x86", "variables": [{"type": "o", "address": 7436608}], "memory": [{"is_writeable": false, "data": "9081ec0c01000089ac240001000089b4240401000089bc24080100008bec83e4f08b8d240100008b85100100008b952001000083f9047d428bb51801000083f9000f84d901000083ec0c8904248974240489542408e8d06a00000385140100008bb51801000003b51c01000089b518010000ff8d24010000ebc7f30f1002f30f104a04f30f105208f30f105a0c0fc6c0000fc6c9000fc6d2000fc6db00f30f106210f30f106a14f30f107218f30f107a1c0fc6e4000fc6ed000fc6f6000fc6ff000f2904240f294c24100f295424200f295c24300f296424400f296c24500f297424600f297c2470f30f104230f30f104a34f30f105238f30f105a3c0fc6c0000fc6c9000fc6d2000fc6db000f298424c00000000f298c24d00000000f299424e00000000f299c24f00000008b95180100008bb51c0100008bbd1401000083f9040f8cb10000000f12020f120c168d14720f14c10f12220f122c160f14e50f28c80f16c40f12e18d14720f28c80f28e80f5904240f594c24100f596c24300f28d40f28fc0f596424400f595424500f597c24700f58c40f58ca0f58ef0f2815407971000f588424c00000000f588c24d00000000f58ac24f00000000f53e50f59ec0f5cd50f59e20f59c40f59cc0f28d00f14c10f15d10f13000f12c00f1304078d04780f13100f12d20f1314078d047883e904e946ffffff83f900742383e9040faff90faff103d603c7b9040000008bb51c0100008bbd14010000e91effffff8b85100100008be58bac24000100008bb424040100008bbc240801000081c40c010000c218008da424000000008da424000000008da424000000008d9b00000000", "is_executable": true, "is_readable": true, "address": 6595487}], "os": "windows", "stack": {"size": 24576, "start_offset": 4096, "address": 1344647168}}

pgoodman avatar Jan 10 '20 15:01 pgoodman

@pgoodman is this still reproducable? if we have the original binary we can try giving it a shot, since it asks about IDA recognition?

artemdinaburg avatar Apr 22 '21 20:04 artemdinaburg

I see the following error reporting on a missing semantic, which triggers a call to __remill_sync_hyper_call, which causes the State structure to escape.

E0422 16:53:50.833514 93060608 InstructionLifter.cpp:110] Missing semantics for instruction (X86 64a55a (BYTES 0f 53 e5) RCPPS_XMMps_XMMps (WRITE_OP (REG_128 XMM4)) (READ_OP (REG_128 XMM5)))

pgoodman avatar Apr 22 '21 20:04 pgoodman