Function typinfo issue

[Pirulax]

The issue at hand is that, stack arguments and return value are messed up, the mangled name is used, and calling convention is "unknown (or incorrect, eg.: __fastcall instead of __thiscall).

Example:

"start_rva": 1689872,
"name": "_ZN7CVector9NormaliseEv",
"is_public": false,
"is_autonamed": false,
"calling_convention": "unknown",
"return_type": "int",
"arguments": [],
"labels": [
    {
        "offset": 52,
        "name": "loc_59C944",
        "is_public": false,
        "is_autonamed": true
    }
]

I'd expect the above to be:

"start_rva": 1689872,
"name": "CVetor::Normalise",
"is_public": false,
"is_autonamed": false,
"calling_convention": "__fastcall",
"return_type": "void",
"arguments": [],
"labels": [
    {
        "offset": 52,
        "name": "loc_59C944",
        "is_public": false,
        "is_autonamed": true
    }
]

I presume this is the offending line: https://github.com/Mixaill/FakePDB/blob/85a0351203dbb741f0c7bfc2e158eee23cdf66e2/src_plugins/ida/fakepdb/dumpinfo.py#L165-L168

[Mixaill]

Please try fb02fc741fa0c72c69c9d0de04c6d1bf06f42c54

[Pirulax]

Could you please provide me with the necessary files? build.ps1 doesn't seem to work as intended. I tried just copying the modified IDA Plugin sources, but it yielded the same output.

[Mixaill]

fakepdb_6356b3.zip

[Pirulax]

FakePDB/dumpinfo:
Traceback (most recent call last):
  File "fakepdb\command_dumpinfo.py", line 46, in activate
    dumper.dump_info(filepath_json)
  File "fakepdb\dumpinfo.py", line 309, in dump_info
    'pe'        : self.__process_pe(),
  File "fakepdb\dumpinfo.py", line 647, in __process_pe
    for sec in pedebug:
TypeError: 'NoneType' object is not iterable

It worked a the last time I tested with.

[Mixaill]

Should be fixed in ecf1a3ab8da5cb7896d3aeeb71bbe693a50a77f5

fakepdb_ecf1a3.zip

[Pirulax]

I can provide you my idb if that helps. Here's the output now:

            "start_rva": 1689872,
            "name": "_ZN7CVector9NormaliseEv",
            "is_public": false,
            "is_autonamed": false,
            "calling_convention": null,
            "return_type": "void",
            "arguments": [
                {
                    "name": "this",
                    "type": "CVector *",
                    "argument_location": "register_one"
                }
            ],
            "labels": [
                {
                    "offset": 52,
                    "name": "loc_59C944",
                    "is_public": false,
                    "is_autonamed": true
                }
            ]

The arguments are what I expect them to be now. But CC and name is still bad.

[Mixaill]

Demangled name added in ce73d6c2af58692efa346d479ff600f262dc59f1 fakepdb_ce73d6.zip

For return type issue the .idb will be very useful.

[Pirulax]

idb Thank you very much for your time! Appreciate it.

[Mixaill]

Calling convention fixed in 6fb33c12edeac5a50cb663a36df27ea2b3734e50 fakepdb_6fb33c.zip

---

@Pirulax Calling convention is not used by PDB generator itself, so can you describe your usecase a little? :)

[Pirulax]

Yes, I'm working on a GTASA reversing project, and we often have to generate stubs (which basically just call the original function). So I have made this stub generator. Currently it uses some exporter a friend of mine has found, but it's sub optimal (as its very buggy, it only work if I manually go to the function, and retype it (Y button)).

So I figured out I could make use of this.

Curiously enough, I still get "calling_convention": "invalid", but I assume at this point it's IDA's fault.

[Mixaill]

yep, there is a difference between invalid and null. null was a bug which is fixed, invalid is value which dumpinfo gets from IDA.

[Pirulax]

Okay, so I think the issue can be closed. Thank you!