Open llebout opened 7 months ago
llebout
commented
7 months ago Seems I was able to get it to run for longer by modifying the decompiler.exe stack size in its headers, like so in CFF Explorer:
So its crashing due to running out of stack space?
Will post an update if it finishes after this stack space increase. EDIT: consuming 19GB of RAM and still going through it.
llebout
commented
7 months ago 73GB of memory usage and still going. Should it ever consume that much memory? Either way I only have 32GB so it probably swapped by now either way my system still running OK.
EDIT: Computer died, so I guess it can't run.
ryanmkurtz
commented
7 months ago I am reproducing
Describe the bug sample.txt (Rename as .DLL)
In this sample, the function at 0x180138aa0 fails to decompile, its a huge function that initializes a lot of stack strings in part using SSE instructions. The CFG could compute and shows a very vertical graph, but everything indicates me that this function is a real one and not just added for anti-analysis. Another detail is that the stack for this function is very big, and as a side note, trying to emulate this function with Ghidra emulator seems to fail because the emulator doesnt allocate enough stack and there seems to be no option to customize it. https://github.com/NationalSecurityAgency/ghidra/blob/33f90ba1c168cf4fa2b7631c7f0787d774c25c1d/Ghidra/Debug/Debugger/src/main/java/ghidra/app/plugin/core/debug/service/emulation/ProgramEmulationUtils.java#L470
To Reproduce Load the sample and analyze
Go to.. 0x180138aa0 then create a function there because auto analysis doesnt seem to create it, watch decompiler crash
I tried modifying various options/limits of the decompiler, nothing worked
Expected behavior Decompiled function showing right
Environment (please complete the following information):
Additional context When the process dies I can see a WerFault.exe process which means it crashed