Different results between Ghidra and RzGhidra

[WhattaSkilL]

Hello guys!
I got truble when try to decompile my example programm/
When i use ghidra i got result:

void FUN_00401d90(void)

{
  HMODULE hModule;
  FARPROC pFVar1;
  undefined local_9;
  uint local_8;
  
  local_8 = DAT_00407008 ^ (uint)&stack0xfffffffc;
  hModule = LoadLibraryA("ntdll.dll");
  if (hModule != (HMODULE)0x0) {
    pFVar1 = GetProcAddress(hModule,"RtlAdjustPrivilege");
    (*pFVar1)(0x13,1,0,&local_9);
  }
  FUN_0040229b();
  return;
}

But when i use rz-ghidra that looks like:

void main(void)
{
    int32_t iVar1;
    code *pcVar2;
    char *arg_8h;
    int32_t var_18h;
    undefined4 var_14h;
    undefined4 var_10h;
    undefined4 lpProcName;
    undefined var_5h;
    int32_t var_4h;
    
    var_4h = uRam00407008 ^ (uint32_t)&stack0xfffffffc;
    arg_8h = "ntdll.dll";
    iVar1 = (*_sym.imp.KERNEL32.dll_LoadLibraryA)();
    if (iVar1 != 0) {
        pcVar2 = (code *)(*_sym.imp.KERNEL32.dll_GetProcAddress)(iVar1, "RtlAdjustPrivilege");
        (*pcVar2)(0x13, 1, 0, &var_5h);
    }
    fcn.0040229b((int32_t)arg_8h);
    return;
}

Source:

int main(){
    BOOLEAN bEnabled;
    HMODULE RtlAdjustPrivilegeHModule = LoadLibraryA("ntdll.dll");
    if (!RtlAdjustPrivilegeHModule)
    {
         return 0;
    }
    LPVOID lpFuncAddress = GetProcAddress(RtlAdjustPrivilegeHModule, "RtlAdjustPrivilege");
    pdef_RtlAdjustPrivilege NtCall = (pdef_RtlAdjustPrivilege)lpFuncAddress;
    NTSTATUS NtRet = NTCall(19, TRUE, FALSE, &bEnabled);
    return 0;
}

So main problem here is argument for "KERNEL32.dll_LoadLibraryA". I try use files from ghidra for sleighhome but no matter. Some one hit that problem?

[Anutrix]

This is happening to me often.
An example test file.
pro.zip
Ghidra:

R2Ghidra-Dec:

[bazuchan]

Happens to me too. For example binary https://github.com/csivitu/CTF-Write-ups/blob/master/CSAW%20Quals%202020/Rev/not_malware/not_malware

in ghidra main have this:
dVar4 = pow(16.00000000,0.50000000);

but in r2ghidra it looks like this:
sym.imp.pow(0x4030000000000000);

in ghidra main have this:

  if (local_a8[11] != local_7d) {
                    /* WARNING: Subroutine does not return */
    exit(1);
  }
  if (local_a8[3] != local_88[3]) {
                    /* WARNING: Subroutine does not return */
    exit(1);
  }
  if (local_a8[7] != local_81) {
                    /* WARNING: Subroutine does not return */
    exit(1);
  }

in r2ghidra:

    if (var_95h != var_75h) {            
    // WARNING: Subroutine does not return
        sym.imp.exit(1);
    }
    if (var_a0h._3_1_ != var_80h._3_1_) {
    // WARNING: Subroutine does not return
        sym.imp.exit(1);
    }
    if (var_a0h._7_1_ != var_80h._7_1_) {
    // WARNING: Subroutine does not return
        sym.imp.exit(1);
    }

[XVilka]

It would be amazing if you could help to convert this into the test here: /test.

[thestr4ng3r]

Well right now, most of these differences are expected and consequences of rizin's type system. So not sure if tests make sense yet.