As it stands, the RemillArgumentRecovery pass relies on a static table for information about register aliasing (i.e. RAX aliases RAX, EAX, AX, AH, AL). This approach isn't very flexible and fcd+Remill would definitely benefit from an analysis that would provide information like this (and potentially more) from analyzing the State structure present in all functions lifted by Remill. This would also allow to refactor the RemillArgumentRecovery pass to work before and after passes like LLVM's mem2reg.
As it stands, the
RemillArgumentRecoverypass relies on a static table for information about register aliasing (i.e. RAX aliases RAX, EAX, AX, AH, AL). This approach isn't very flexible and fcd+Remill would definitely benefit from an analysis that would provide information like this (and potentially more) from analyzing theStatestructure present in all functions lifted by Remill. This would also allow to refactor theRemillArgumentRecoverypass to work before and after passes like LLVM'smem2reg.