Open XVilka opened 3 years ago
Also happens on filetime.c-clang-x64-O0.o
:
i] ℤ rizin filetime.c-clang-x64-O0.o 12:03:55
Warning: run rizin with -e io.cache=true to fix relocations in disassembly
-- Setup dbg.fpregs to true to visualize the fpu registers in the debugger view.
[0x08000040]> aaa
[x] Analyze all flags starting with sym. and entry0 (aa)
[x] Analyze function calls (aac)
[x] Analyze len bytes of instructions for references (aar)
[x] Check for vtables
[x] Type matching analysis for all functions (aaft)
[Fail to load 32 bytes of data at 0x08000820
Fail to load 32 bytes of data at 0x0800080e
Fail to load 32 bytes of data at 0x08000811
Fail to load 32 bytes of data at 0x0800081c
[x] Propagate noreturn information
[x] Use -AA or aaaa to perform additional experimental analysis.
[0x08000040]> s sym.showVersion
[0x08000610]> pdf
; CALL XREF from sym.main @ 0x80000b0
╭ sym.showVersion ();
│ 0x08000610 push rbp
│ 0x08000611 mov rbp, rsp
│ 0x08000614 mov edi, 1
│ 0x08000619 movabs rsi, 0 ; RELOC 64 .rodata.str1.1 @ 0x08000636 + 0xd1
│ 0x08000623 mov eax, 0x11d ; 285
│ 0x08000628 mov edx, eax
│ 0x0800062a call sym.Vwrite
│ 0x0800062f xor edi, edi
╰ 0x08000631 call exit ; RELOC 32 exit
[0x08000610]> pdg
zsh: terminated rizin filetime.c-clang-x64-O0.o
First and second case (harp-utils.c-gcc-arm64-O0.o
, s_ceill.c-gcc-x86-O2.o
): Both of these also happen in Java Ghidra, please report to them primarily.
Third and fourth case (sv_bot.c-gcc-x64-O1.o
, filetime.c-clang-x64-O0.o
): Only happen in rz-ghidra, but both quite deep in the Ghidra code, so not sure yet where the issue is there.
@thestr4ng3r opened a bug for the first two then: https://github.com/NationalSecurityAgency/ghidra/issues/2851
First two are fixed by https://github.com/NationalSecurityAgency/ghidra/commit/636102a409d0e34507de69d216a1b5736776ea6a, second two still present.
s_ceil
Was fixed:
[0x08000040]> pdg
// WARNING: Could not reconcile some variable overlaps
unkfloat10 sym.ceill_long_double(unkfloat10 param_1)
{
uint8_t uVar1;
uint8_t uVar2;
uint32_t uVar3;
int32_t extraout_EDX;
double *pdVar4;
uint16_t uVar5;
uint32_t uVar6;
int32_t iVar7;
unkfloat10 Var8;
int32_t var_f4h;
int32_t var_f0h;
int32_t var_e8h;
int32_t var_d8h;
int32_t var_c3h;
int32_t var_bch;
int32_t var_a3h;
int32_t var_9ch;
int32_t var_88h;
int32_t var_73h;
int32_t var_6ch;
int32_t var_58h;
int32_t var_44h;
int32_t var_3ch;
int32_t var_38h;
int32_t var_34h;
// [02] -r-x section size 785 named .text
// ceill(long double)
sym.__x86.get_pc_thunk.dx();
pdVar4 = (double *)(extraout_EDX + 2);
_var_3ch = param_1;
var_34h._0_2_ = (uint16_t)((unkuint10)param_1 >> 0x40);
uVar5 = (uint16_t)var_34h & 0x7fff;
iVar7 = uVar5 - 0x3fff;
var_3ch = SUB104(param_1, 0);
var_88h = (int32_t)((unkuint10)param_1 >> 0x20);
if (iVar7 < 0x1f) {
if (iVar7 < 0) {
if (((unkfloat10)0 < param_1 + (unkfloat10)*pdVar4) &&
((((unkuint10)param_1 & 0x7fff) != 0 || ((var_88h | var_3ch) != 0)))) {
if ((unkint10)param_1 < 0) {
param_1 = -(unkfloat10)0;
} else {
param_1 = (unkfloat10)1;
}
}
} else {
uVar3 = uVar5 - 0x3ffe;
uVar1 = (uint8_t)uVar3;
uVar2 = uVar1 & 0x1f;
uVar6 = 0xffffffffU >> uVar2 | 0 << 0x20 - uVar2;
if ((uVar3 & 0x20) != 0) {
uVar6 = 0 >> (uVar1 & 0x1f);
}
if ((uVar6 & var_88h | var_3ch) != 0) {
if (-1 < (unkint10)param_1) {
uVar2 = 0x1f - (char)iVar7;
uVar6 = 1 << (uVar2 & 0x1f);
if ((uVar2 & 0x20) != 0) {
uVar6 = 0;
}
_var_3ch = (uint64_t)(uint32_t)var_3ch;
if (CARRY4(uVar6, var_88h)) {
_var_3ch = (unkfloat10)
(CONCAT28((uint16_t)var_34h & 0x8000 | uVar5 + 1 & 0x7fff,
(uint64_t)(uint32_t)var_3ch) | 0x8000000000000000);
}
}
Var8 = param_1 + (unkfloat10)*pdVar4;
param_1 = _var_3ch;
if ((unkfloat10)0 < Var8) {
_var_3ch = (unkfloat10)((unkuint10)_var_3ch & 0xffffffff00000000);
param_1 = _var_3ch;
}
}
}
} else if ((iVar7 < 0x3f) && (uVar6 = 0xffffffff >> ((char)uVar5 + 2U & 0x1f), (var_3ch & uVar6) != 0)) {
if (-1 < (unkint10)param_1) {
if (iVar7 == 0x1f) {
_var_3ch = CONCAT44(var_88h + 1, var_3ch);
if (0xfffffffe < (uint32_t)var_88h) {
_var_3ch = CONCAT44(0x80000000, var_3ch);
_var_3ch = (unkfloat10)CONCAT28((uint16_t)var_34h & 0x8000 | uVar5 + 1 & 0x7fff, _var_3ch);
}
} else {
uVar3 = 1 << ((uint8_t)(0x3fU - iVar7) & 0x1f);
if ((0x3fU - iVar7 & 0x20) != 0) {
uVar3 = 0;
}
iVar7 = uVar3 + var_3ch;
_var_38h = (unkbyte6)((unkuint10)param_1 >> 0x20);
_var_3ch = (unkfloat10)CONCAT64(_var_38h, iVar7);
if (CARRY4(uVar3, var_3ch)) {
_var_3ch = CONCAT44(var_88h + 1, iVar7);
if (0xfffffffe < (uint32_t)var_88h) {
_var_3ch = CONCAT44(0x80000000, iVar7);
_var_3ch = (unkfloat10)CONCAT28(uVar5 + 1 & 0x7fff | (uint16_t)var_34h & 0x8000, _var_3ch);
}
}
}
}
Var8 = param_1 + (unkfloat10)*pdVar4;
param_1 = _var_3ch;
if ((unkfloat10)0 < Var8) {
_var_3ch = (unkfloat10)CONCAT64(_var_38h, var_3ch & ~uVar6);
param_1 = _var_3ch;
}
}
return param_1;
}
[0x08000040]>
sv_bot
Was fixed:
[0x08000739]> pdg
// WARNING: Could not reconcile some variable overlaps
// WARNING: [rz-ghidra] Detected overlap for variable var_8cch
// WARNING: [rz-ghidra] Detected overlap for variable var_8c8h
// WARNING: [rz-ghidra] Removing arg arg_858h because it doesn't fit into ProtoModel
void sym.BotImport_Print(int64_t arg7, int64_t arg8, int64_t arg9, int64_t arg10, int64_t arg11,
undefined8 placeholder_5, undefined8 placeholder_6, undefined8 placeholder_7, int64_t arg1,
int64_t arg2, int64_t arg3, int64_t arg4, int64_t arg5, int64_t arg6, int64_t arg_8h)
{
char in_AL;
undefined8 in_XMM0_Qb;
undefined8 in_XMM1_Qb;
undefined8 in_XMM2_Qb;
undefined8 in_XMM3_Qb;
undefined8 in_XMM4_Qb;
undefined8 in_XMM5_Qb;
undefined8 in_XMM6_Qb;
undefined8 in_XMM7_Qb;
int64_t var_8d0h;
int64_t *var_8c8h;
int64_t var_8c0h;
int64_t var_8b8h;
int64_t var_b8h;
int64_t var_a8h;
int64_t var_a0h;
int64_t var_98h;
int64_t var_90h;
undefined auStack136 [16];
int64_t var_78h;
int64_t var_68h;
int64_t var_58h;
int64_t var_48h;
int64_t var_38h;
int64_t var_28h;
int64_t var_18h;
if (in_AL != '\0') {
auStack136 = CONCAT88(in_XMM0_Qb, arg7);
_var_78h = CONCAT88(in_XMM1_Qb, arg8);
_var_68h = CONCAT88(in_XMM2_Qb, arg9);
_var_58h = CONCAT88(in_XMM3_Qb, arg10);
_var_48h = CONCAT88(in_XMM4_Qb, arg11);
_var_38h = CONCAT88(in_XMM5_Qb, placeholder_5);
_var_28h = CONCAT88(in_XMM6_Qb, placeholder_6);
_var_18h = CONCAT88(in_XMM7_Qb, placeholder_7);
}
var_8d0h._0_4_ = 0x10;
var_8d0h._4_4_ = 0x30;
var_8c8h = &arg_8h;
var_8c0h = (int64_t)&var_b8h;
var_a8h = arg3;
var_a0h = arg4;
var_98h = arg5;
var_90h = arg6;
__vsnprintf_chk(&var_8b8h, 0x800, 1, 0x800, arg2, &var_8d0h);
// switch table (6 cases) at 0x80011c0
switch(arg1 & 0xffffffff) {
case 1:
Com_Printf(reloc.target..LC7, &var_8b8h);
break;
case 2:
Com_Printf("^3Warning: %s", &var_8b8h);
break;
case 3:
Com_Printf("^1Error: %s", &var_8b8h);
break;
case 4:
Com_Printf("^1Fatal: %s", &var_8b8h);
break;
case 5:
Com_Error(1, "^1Exit: %s", &var_8b8h);
default:
Com_Printf("unknown print type\n");
}
return;
}
[0x08000739]>
The only remaining is the filetime
one.
Since all below binaries are unlinked object files, be sure to use https://github.com/rizinorg/rizin/pull/799 for the Rizin
First case
And it stuck forever
harp-utils.c-gcc-arm64-O0.o.zip
Second case
Then it stuck forever
s_ceill.c-gcc-x86-O2.o.zip
Third case
Then it stuck forever
sv_bot.c-gcc-x64-O1.o.zip