Open w1282 opened 1 year ago
@w1282 I am kind of confused by this. I do see that the format string of printf is asking for 10 arguments, but I only see that arguments r3-10 (which are 8 in total) are passed as arguments. Where are the other two arguments? Sorry I am not very good at ppc arch.
@xusheng6 They're being stored on to the stack by the instructions between 0x100005b8 - 0x100005cc (in main
) and then copied onto the stack again by my_func
between 0x10000530 and 0x1000054c.
This is being presented in the MLIL at main.mlil[0]
and my_func.mlil[0]
as var_[30|50] = &arg_0
which is passed as the final argument to each call.
Version and Platform (required):
Bug Description: When analyzing PPC32 binaries with functions that take a relatively large number of arguments (sometimes as low as 8, sometimes not until the 10th argument) the output fails to properly present the function call.
Steps To Reproduce: Please provide all steps required to reproduce the behavior:
my_func
should have 10 arguments, but instead it has 8Expected Behavior: Please provide a clear and concise description of what you expected to happen.
Screenshots:
Additional Information: My initial thought was that it was stumbling when parsing arguments passed on the stack, but it occasionally falters on register arguments and also occasionally identifies some but not all arguments on the stack.
test.zip