search

uxmal / reko

Reko is a binary decompiler.
https://uxmal.github.io/reko
GNU General Public License v2.0
2.16k stars 253 forks source link

Error when rewriting and structure analysis stopped making progress #171

Closed ghost closed 6 years ago

ghost commented 8 years ago

error3 error Looks like either the decompiler still has a ways to go or my .EXE is corrupt.

uxmal commented 8 years ago

Your exe is fine. The Decompiler is stumbling over the start function of your executable. I will peek at this later today.

uxmal commented 8 years ago

the reason why reko derails is the instruction at address 0800:0250: call B39E The function at B39E may terminate the program or not. Reko isn't smart enough to determine whether B39E will terminate, and the halting problem guarantees that it never can be. What is needed here is a little help from the user (or "oracle") to indicate that control never returns from the function call.

It's Easter weekend so it may be a little tricky for me to schedule a fix, but stay tuned.

uxmal commented 8 years ago

Status: a bunch of features went in to make decompilation of this binary smoother. The important one is a new command "Mark call as terminating", accessible by right-clicking on the offending call statement (in this case, at address 0800:0250) and checking the appropriate checkbox.

Clicking on the "x86 real mode" node in the project browser will show the x86 properties screen. Here you should check the "8087 emulation" checkbox. If you don't do this, reko will not translate the 8087 emulation calls in the binary and again, go off its rails.

Despite these fixes, however, reko doesn't actually make it to the code that is doing all the interesting floating point computations. The reason is again an indirect call, which makes it hard for the decompiler engine to make progress. You can always help reko along by telling it what are procedures. Follow these steps:

  1. Choose Edit > Find... and entering the hexadecimal byte values 55 8B EC. This will find all code sequences in the binary that look like the stereotypical push bp; mov bp,sp sequence. Some of these will be false positives, but the majority will be the real entry points of procedures in the binary.
  2. Select the desired functions
  3. Right-click in the search results window and select "Mark procedure entry".

Reko will then use the selected procedure entries as "roots" to discover more functions.

ghost commented 7 years ago

It does work smoother now, which has helped me actually match some formulas to a paper I found related to it.

2016-11-13 1

uxmal commented 7 years ago

Because of the large number of indirect calls in your code, you will miss the majority of the procedures in it. You need to mark some of the unreachable procedures manually. Did you try searching for 55 8B EC and then right-clicking and selecting the "Mark as Procedure" command?