arm_pe : Doesn't discover and decompile main method

uxmal / reko

Reko is a binary decompiler.

https://uxmal.github.io/reko

GNU General Public License v2.0

2.14k stars 253 forks source link

arm_pe : Doesn't discover and decompile main method #1291

Closed rfalke closed 1 year ago

rfalke commented 1 year ago

The crack-me https://github.com/rfalke/decompiler-subjects/tree/master/from_internet/ioli_crackmes/crackme0x00 is available in 3 binaries. Reko (0.11.4.0-931ca7d) only outputs the real main for ia32_elf and ia32_pe but not for arm_pe.

Expected output:

void main()
{
    char bLoc1C[something];
    printf("IOLI Crackme Level 0x00\n");
    printf("Password: ");
    scanf("%s", &bLoc1C);
    if (strcmp(&bLoc1C, "250382") != 0x00)
        printf("Invalid Password!\n");
    else
        printf("Password OK :)\n");
}

uxmal commented 1 year ago

Reko now produces:

void fn00011050()
{
    char bLoc1A;
    fn000113A0();
    puts("IOLI Crackme Level 0x00");
    printf("Password: ");
    scanf("%s", &bLoc1A);
    if (strcmp(&bLoc1A, "250382") != 0x00)
        puts("Invalid Password!");
    else
        puts("Password OK :)");
}

Note how the compiler has converted the parameterless, \n-terminated calls to printf to equivalent calls to puts. It's not possible for Reko or any other decompiler to undo this conversion without serious oracular knowledge.