search

avast / retdec

RetDec is a retargetable machine-code decompiler based on LLVM.
https://retdec.com/
MIT License
7.96k stars 939 forks source link

Some Thumb functions in raw binary decoded as ARM despite specifying -a thumb #1012

Open dogtopus opened 3 years ago

dogtopus commented 3 years ago

I am using retdec to decompile some Cortex-M0 firmware images in raw binary format. One thing I noticed is that sometimes retdec will mistakenly treat some valid Thumb functions as ARM functions and output nonsensical disassembly and decompilation results despite specifying -a thumb. Also when this happens, there's no way I know to manually override them as Thumb functions (e.g. by tweaking the .config.json file).

The command I used was roughly like:

retdec-decompiler -m raw -a thumb -b 32 -e little \
    --raw-section-vma <flash mapping address> \
    --raw-entry-point <reset vector address> \
    <firmware>

For confidentiality reasons the binary cannot be shared, but I can try to replicate the behavior with a minimal test case.

xkubov commented 2 years ago

If you replicate the behavior with a minimal test case that would be awesome. I may then look if the problem is in the decoder and perhaps try to fix it.