Closed speachy closed 5 years ago
Take this decompiled line of code displayed in the Decompile window:
pvVar3 = _memset(&this->field_0xa,0,0x600);
Hovering the mouse over '0x600' shows this:
dword 0x60000 393216 \0 sdword 0x60000 393216 \0
It isn't just hex values that are incorrect:
bVar1 = iVar4 != 2;
Hovering the mouse over '2' shows this:
dword 0x200 512 \0 sdword 0x200 512 \0
It appears that the value is being shifted over by 8 bits before it's attempted to be decoded.
This is with Ghirda 9.0-PUBLIC, OpenJDK 11.0.2, working with a PowerPC:BE:64:VLE-32addr OS X executable.
(BTW, Ghirda is an awesome tool; I'm glad my tax dollars helped fund something so useful)
Maybe it's a Big endian thing? I'm also seeing '0x80000000' decoded as '0x80 128'
Oh, I'm running this on Fedora 29, x86_64.
Take this decompiled line of code displayed in the Decompile window:
pvVar3 = _memset(&this->field_0xa,0,0x600);
Hovering the mouse over '0x600' shows this:
dword 0x60000 393216 \0 sdword 0x60000 393216 \0
It isn't just hex values that are incorrect:
bVar1 = iVar4 != 2;
Hovering the mouse over '2' shows this:
dword 0x200 512 \0 sdword 0x200 512 \0
It appears that the value is being shifted over by 8 bits before it's attempted to be decoded.
This is with Ghirda 9.0-PUBLIC, OpenJDK 11.0.2, working with a PowerPC:BE:64:VLE-32addr OS X executable.
(BTW, Ghirda is an awesome tool; I'm glad my tax dollars helped fund something so useful)