Decompilation fails on assertion error in bin2llvmir::StaticCodeAnalysis::getAddressFromRef_x86()

[0xBEEEF]

First of all, many thanks for the release of the new version! The performance and memory usage is now significantly better than on the first released version. You just made some changes when reading PE and ELF files. But now I have my problems with some programs. Somehow these PE files don't seem to be standard, or have content that isn't standard-compliant. I'm afraid I haven't been able to figure out exactly what it is yet. I only know that these files were created with the Visual C++ compiler, and also have a signature. But with e.g. the decompiler Snowman I can read the files without any problems. So I assume you still have some mistake here. Now I have a problem with the binaries themselves. I am not allowed to pass them on directly to you, I was forbidden to do so. Would it be possible to activate a kind of protocol to find out where something goes wrong? I would like to help you here, so that these files are also readable. That's a bit hard if I'm not allowed to share the files. Or maybe you know a program that allows you to analyze the PE files and find out exactly what is different about these files?

[s3rvac]

Hi. If you were able to process the files with the previous version of RetDec and via other tools, then there indeed seems to be a bug in the current implementation of the PE parser in RetDec. As you have said, we have made several changes in the PE parser, so this seems to be a regression.

A couple of things to get started:

• Could you please provide us the output from retdec-fileinfo -v FILE in the previous version of RetDec? If this is not possible, please at least include the output from retdec-fileinfo FILE (without the -v parameter). You can safely remove the path to the input file from the output.
• When you run retdec-fileinfo FILE with the current RetDec version, what does it actually print? Error: File format of the input file is not supported.?
• Would you be able to analyze the files via pefile and send us the output? Like this:

  $ pip install pefile
  $ pefile FILE > pefile-output.txt
  

  If you are unable to give us the complete output, at least send us everything from the ----------Parsing Warnings---------- section.

[ladislav-zezula]

What operating system do you use?
Also: you wrote But now I have my problems with some programs. What does that exactly mean? Does retdec crash? Hang? Write an error message? If yes, then what error message?

Please, provide answers to the questions above, then we can start investigating the problem.

[0xBEEEF]

OK, here's more information. RetDec crashes completely in different places. This is just an example. I already had an example of a crash in the "Providers initialization" step. But this error is occurring now.

retdec-bin2llvmir: /home/test/retdec/src/bin2llvmir/analyses/static_code/static_code.cpp:723: retdec::utils::Address retdec::bin2llvmir::StaticCodeAnalysis::getAddressFromRef_x86(retdec::utils::Address): Assertion `false' failed.
./retdec-decompiler.sh: line 1264:  3783 Aborted                 (core dumped) "$BIN2LLVMIR" "${BIN2LLVMIR_PARAMS[@]}" -o "$OUT_BACKEND_BC"
Error: Decompilation to LLVM IR failed

[s3rvac]

Incorrect C++/CLI detection has already been reported (by you) in #233, so in this issue, let's just focus on the assertion error that you are getting. @PeterMatula will take a look at it and will let you know.

[0xBEEEF]

Yeah, that's right. It's not important here. I just wanted to mention it.

[PeterMatula]

I removed the assert that caused this. It was mostly useful during writing that module, but I still do not know how to properly handle the case that assert was guarding. I was unable to find a binary in our testing suite that would trigger it.