You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm trying to understand how the decompiler (C++) code is supposed to work with segments. To this end, I've added a warningHeader message within int4 ActionSegmentize::apply(Funcdata &data) to see what's going on, and I've discovered that out of 4 userops.numSegmentOps() only 1 seems to be defined. It is the last, has the segdef->getName() of "segment" and belongs to to address space "ram" (using the x86-16.cspec).
To me, this seems wrong. I say this because in this cspec file there are actually 6 segment registers (DS, CS, ES, FS, GS & SS) and when the decompiler dereferences a segment op, it always seems to use the DS (therefore as its default). I see this (although this example shouldn't even be referencing any segment, it does) when a simple PUSH 0x1305 is being treated as an address, and by changing the value in DS to 0 enables the decompiler to realise it as a number and show its appropriate enum value. Other situations occur when a function address is placed upon the stack, and the DS value is used instead of the value in CS (or whichever segment was recently pushed).
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I'm trying to understand how the decompiler (C++) code is supposed to work with segments. To this end, I've added a
warningHeadermessage withinint4 ActionSegmentize::apply(Funcdata &data)to see what's going on, and I've discovered that out of 4userops.numSegmentOps()only 1 seems to be defined. It is the last, has thesegdef->getName()of "segment" and belongs to to address space "ram" (using thex86-16.cspec).To me, this seems wrong. I say this because in this cspec file there are actually 6 segment registers (DS, CS, ES, FS, GS & SS) and when the decompiler dereferences a segment op, it always seems to use the
DS(therefore as its default). I see this (although this example shouldn't even be referencing any segment, it does) when a simplePUSH 0x1305is being treated as an address, and by changing the value inDSto0enables the decompiler to realise it as a number and show its appropriate enum value. Other situations occur when a function address is placed upon the stack, and theDSvalue is used instead of the value inCS(or whichever segment was recently pushed).Does anyone have insight they can share here???
Beta Was this translation helpful? Give feedback.
All reactions