search

rizinorg / rizin

UNIX-like reverse engineering framework and command-line toolset.
https://rizin.re
GNU Lesser General Public License v3.0
2.64k stars 352 forks source link

MSVC 32bit COFF & demangle issues #2145

Open XVilka opened 2 years ago

XVilka commented 2 years ago

Work environment

Questions Answers
OS/arch/bits (mandatory) Fedora 35 x86_64
File format of the file you reverse (mandatory) COFF
Architecture/bits of the file (mandatory) x86/32 (MSVC Windows)
rizin -v full output, not truncated (mandatory) rizin 0.4.0-git @ linux-x86-64

commit: 5b11e887360d153d1e56113858b539e0c8d6962b, build: 2021-12-28__11:46:35

Expected behavior

It should show:

int __stdcall func_stdcall(int x) 
int __fastcall func_fastcall(int x)
int __cdecl func_cdecl(int x)

See documentation at https://docs.microsoft.com/en-us/cpp/build/reference/decorated-names?view=vs-2019#FormatC

Actual behavior

[i] ℤ rizin example.obj                                                                                                                                                                                                           17:18:35 
../librz/bin/format/coff/coff.c:58:7: runtime error: member access within misaligned address 0x6110000aea36 for type 'union <unknown>', which requires 4 byte alignment
0x6110000aea36: note: pointer points here
 00 00 03 00 2e 64  72 65 63 74 76 65 00 00  00 00 01 00 00 00 03 01  2a 00 00 00 00 00 00 00  00 00
             ^ 
../librz/bin/format/coff/coff.c:59:23: runtime error: member access within misaligned address 0x6110000aea36 for type 'union <unknown>', which requires 4 byte alignment
0x6110000aea36: note: pointer points here
 00 00 03 00 2e 64  72 65 63 74 76 65 00 00  00 00 01 00 00 00 03 01  2a 00 00 00 00 00 00 00  00 00
             ^ 
../librz/bin/format/coff/coff.c:61:80: runtime error: member access within misaligned address 0x6110000aeaa2 for type 'union <unknown>', which requires 4 byte alignment
0x6110000aeaa2: note: pointer points here
 00 00  00 00 00 00 00 00 04 00  00 00 00 00 00 00 03 00  20 00 02 00 00 00 00 00  14 00 00 00 0d 00
              ^ 
 -- Change the graph block definition with graph.callblocks, graph.jmpblocks, graph.flagblocks
[0x000000a0]> afl
[0x000000a0]> aaa
[x] Analyze all flags starting with sym. and entry0 (aa)
[x] Analyze function calls (aac)
[x] Analyze len bytes of instructions for references (aar)
[x] Check for classes
[x] Type matching analysis for all functions (aaft)
[x] Propagate noreturn information
[x] Use -AA or aaaa to perform additional experimental analysis.
[x] Applied 0 FLIRT signatures via sigdb
[0x000000a0]> afl
0x000000a0    1 13           sym._func_stdcall_4
0x000000ad    1 17           sym._func_fastcall_4
0x000000be    1 11           sym._func_cdecl
[0x000000a0]>

Additional Logs, screenshots, source code, configuration dump, ...

example.zip

C0unt-0 commented 7 months ago

I'm working on this.

XVilka commented 7 months ago

@C0unt-0 for the reference, if you will need also to change the demangler code, it's here: https://github.com/rizinorg/rz-libdemangle