Open nemerle opened 9 years ago
ProcedureCharacteristics
class has the property Terminates
. No UI for editing it yet.Procedure_v1
has a Decompile
flag that is intended to control decompilation. No UI for editing it yet, and I don't think it is respected by the scanner. Should be easy enough to implementTextView
class (see #30 for details)call 0x1234
instruction, the scanner scans the procedure at 0x1234. If you then mark the code at 0x1234 as undecoded, what should happen to that call in procedure 0x1200?ad 7. Ah. 'fun' part -> we'd need a 'todo list' of conflicts :
- instruction at 0x1200 is a control transfer but target address (0x1234) is marked as unknown
- instruction at 0x1204 is a control transfer but target expression (ax+0x12) cannot be computed
- function (fun_1020) at (0x1022: call fun_1000), tried to assume (ds==0x5000) on (fun_1000) but it was already set to different value by a previous call from (fun_1010) at (0x1016: call fun_1000).
call [eax+020]
the user should be able to mark that as (function __cdecl (int, int) => float)
to indicate the type of the virtual function being called.Unless we can mark eax as a pointer to vtable struct which has something like :
offset 0x20: -> float (*__cdecl virt_member_20)(int, int);
in it's typedef, and can handle this kind of things :smile:
Yep, that would also work. Still depends on #30, i.e. being able to select a line of code and or register and give it an annotation.
Decompile
should probably require that the user enter the function signature.
Considering that heuristics are used in many places, and the fact that sometimes humans actually "know better" :smile: what would be a good way of passing usable additional information to the engine ?
Non-exhaustive list of things we might want to do manually:
This should help solving #9