Join GitHub today
Snowman handling x86-16bit as 32bit in IDA Plugin #161
I'm working on the disassembly of a 16-bit NE file using IDA Pro (6.9) and noticed the Snowman plugin appears to be treating the disassembly as 32-bit.
This is leading to very strange decompilation.
IDA Disassembly of the start of a subroutine:
cseg02:8236 enter 60h, 0 cseg02:823A push si cseg02:823B push di cseg02:823C push ds cseg02:823D mov ax, seg dseg28 cseg02:8240 mov ds, ax cseg02:8242 mov [bp+var_4], 0
What Snowman plugin says are the 'Instructions':
8ee6: enter 0x60, 0x0 8eea: push esi 8eeb: push edi 8eec: push ds 8eed: mov eax, 0xd88e6ffb 8ef2: mov dword [esi-0x4], 0xe99a0000
Probably something goes wrong here: https://github.com/yegord/snowman/blob/master/src/ida-plugin/IdaFrontend.cpp#L219 (instead of "8086" something else is returned; maybe you do not have .text section).
Would you like to debug further or provide a minimal example?
Also I would like to note that 16-bit code decompilation was never really tested. So, even if disassembling goes fine, you will likely come across other problems.