Closed irfan-eternal closed 1 year ago
Set the type of GetSecurityInfo
to GetSecurityInfo *
Thanks @astrelsky that was a great tip Now the parameters of the Windows API functions are correctly identified and correctly typed.
I have one more concern which is resolving the Stack Depth change for calls to Windows API's which leads into not identifying Stack variable reuse in the above image you can see [ESP + 0xb4] is being identified as 2 separate Stack Variables due to the stack depth Change
I know that we Can change stack depth by going to Function > Set Stack Depth Change but here there are a lot of Windows API call using Registers. Changing Stack Depth at the every Windows API call using Registers is not a viable solution. Is there a way to resolve this?
@astrelsky Sorry I know that my comment was too long. What I need now in short is indirect calls to Windows API using registers in Disassembly should use __stdcall calling convention. so that the stack depth are changed automatically
@astrelsky Sorry I know that my comment was too long. What I need now in short is indirect calls to Windows API using registers in Disassembly should use __stdcall calling convention. so that the stack depth are changed automatically
This should already occur automatically. Usually when I see this the issue is elsewhere.
Thanks @astrelsky . My Decompiled code is much better now
Is your feature request related to a problem? Please describe. An other Paid decompiler has this very useful feature i.e. when a function name matches a windows API it automatically applies it's function signature. I searched in the web if Ghidra has something like this. But I was not able to find. If this feature is there, It will help in many ways like identifying stack depth, stack variable reuse, better decompiled code etc..
Describe the solution you'd like If a function name matches a windows API Ghidra should automatically apply it's function signature. Above image is an Example here the Label GetSecurityInfo is a Windows API. it will be great if we can apply Function Signature for this
Describe alternatives you've considered I checked if this Feature is already existing using Multiple Search Engines and also posted in Reddit's Ghidra community. But i was not able to find an answer. Which let me here to post it as a feature request
Additional context Another Example