Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

unnecessarily convoluted handling of "double" input param #3945

Open
wothke opened this issue Jan 30, 2022 · 0 comments
Open

unnecessarily convoluted handling of "double" input param #3945

wothke opened this issue Jan 30, 2022 · 0 comments

Comments

@wothke
Copy link

wothke commented Jan 30, 2022

Describe the bug
The below example code passes 3 doubles and one int as params to the FUN_0040bd20. The two middle params are read from the same double-array. But while one of the params
is properly passed 1:1, the other is first artificially cut up into words and int sections that are then reassembled using CONCAT without any actual need for those operations.

      fVar14 = FUN_0040bd20(this,(double)this->someFloatArray_0x14[iVar11],
                               (double)CONCAT26((short)((uint)*(undefined4 *)((int)param_2 + 0x24)
                                                       >> 0x10),
                                                CONCAT24((short)*(undefined4 *)((int)param_2 + 0x24)
                                                         ,*(undefined4 *)(param_2 + 4))),param_2[5],
                               this->someFlag_0xcd);

as far as I can tell the straight forward decompilation of that code should have read:

      fVar14 = FUN_0040bd20(this,(double)this->someFloatArray_0x14[iVar11],
                               param_2[4], param_2[5],
                               this->someFlag_0xcd);

The decompiled code here suggests complexity in a place where there is actually none. Also it is inconsistent that the two doubles that originate from the same array are treated so differently.

Here the respective ASM code:

                             LAB_0040c82b                                    XREF[1]:     0040c890(j)  
        0040c82b 8a 8b cd        MOV                           CL,byte ptr [EBX + 0xcd]
                 00 00 00
        0040c831 8b 56 2c        MOV                           EDX,dword ptr [ESI + 0x2c]
        0040c834 8b 46 28        MOV                           EAX,dword ptr [ESI + 0x28]
        0040c837 51              PUSH                          ECX
        0040c838 8b 4e 24        MOV                           ECX,dword ptr [ESI + 0x24]
        0040c83b 52              PUSH                          EDX
        0040c83c 8b 56 20        MOV                           EDX,dword ptr [ESI + 0x20]
        0040c83f 50              PUSH                          EAX
        0040c840 8b 43 14        MOV                           EAX,dword ptr [EBX + 0x14]
        0040c843 51              PUSH                          ECX
        0040c844 52              PUSH                          EDX
        0040c845 8b cb           MOV                           ECX,EBX
        0040c847 d9 04 b8        FLD                           dword ptr [EAX + EDI*0x4]
        0040c84a 83 ec 08        SUB                           ESP,0x8
        0040c84d dd 1c 24        FSTP                          qword ptr [ESP]
        0040c850 e8 cb f4        CALL                          FUN_0040bd20 
                        ff ff

Expected behavior
The same 1:1 translation already correctly used for the param_2[5] should also be used for the param_2[4].

Environment (please complete the following information):

  • OS: Win10
  • Ghidra Version: 10.1.1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@wothke