Closed 0x410c closed 11 months ago
Modifications of KoiVM will always result in problems with either the disassembly or recompilation process.
This error stems from a few instructions not being decoded properly. Specifically, it is trying to emulate a CALL instruction. For binaries protected by vanilla KoiVM this should never happen (see InstructionEmulator).
This is indicative of either:
Double check your cross-references with the opcode handlers and your config.json. I also added some simple safety guards in the latest commit (56fc436807c46f94ffc1c790b9d8426dae7be047, build should appear on AppVeyor soon), that should at least produce some results, and should enable you to use --salvage
and --dump-il
and/or --dump-cfg
to help debugging which of the two hypotheses is the case.
im mostly sure that the call opcode is correct, i also rechecked, i am sure later is the case as if i even skip the first function there are more changes which deter devirtualisation
i was wrong, there was an ambiguity in opcodes i found, as the opcode handlers of 2 opcodes are exactly same and oldrod assumes end of function when opcode is recieved. thanks, devirtualisation works great! thanks for the aweosme work!
Describe the bug Bug in devirtualisation of code
To Reproduce use attached binary and config
Expected behavior a devirtualised output
Additional context
dec.zip