Decompile - Function not passing RET xx to snowman #1465

Closed
Rourke101 opened this Issue Feb 14, 2017 · 3 comments

Projects

None yet

2 participants

@Rourke101

x32dbg - Feb 5 2017
Windows 7 64bits

Description: When using snowman with a function, the final instructions is not passed to snowman sometimes.

I have a code like this:
PUSH ESI
....
POP ESI
RET 20

If I select the instructions manually and use Decompile - Selection, it works well.
However, now I use Analysis - Analyze single function. x64dbg marks the whole function correctly. Then I use Decompile - Function and the last instruction RET 20 is not sent to snowman. This has an impact because snowman acts differently without that instruction. I have tried with other functions and the problem replicates (I think once I even got the INT3 after a RET 1C)

I also think the problem is that the analysis function is not accounting the parameter of RET. I suspect this is the case because when I try to fold one function with RET 20, it doesn't work - meaning that I see an animation of folding and then unfolding all in milliseconds. And when I fold a function with RET 1C, it folds and I get as the following instruction:
XXXXXXX | 1C 00 | SBB AL, 0 |
XXXXXXX | CC | INT3 |
...
So clear indicator.


How to replicate:

  1. Select 1st instruction of a procedure.
  2. Right click - Analysis - Analyze single function.
  3. Right click - Decompile - Function
  4. In snowman tab check instructions on the left
@Rourke101 Rourke101 referenced this issue in yegord/snowman Feb 15, 2017
Open

Return values #111

@mrexodia mrexodia added a commit that closed this issue Feb 18, 2017
@mrexodia mrexodia GUI: correctly report function size to snowman (closes #1465) e760af2
@mrexodia mrexodia closed this in e760af2 Feb 18, 2017
@mrexodia
Member
@Rourke101

Sorry, I deleted my comment almost as I posted it, when I realised I was using v 13th February, which does not include the change. I will check it again with the new version

@Rourke101

It works, bug fixed! gj

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment