Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to decompile push ret as jmp #148

Open
ljn917 opened this issue Feb 3, 2018 · 1 comment
Open

Unable to decompile push ret as jmp #148

ljn917 opened this issue Feb 3, 2018 · 1 comment
Labels
C-bin2llvmir enhancement P-output

Comments

@ljn917
Copy link

ljn917 commented Feb 3, 2018

It looks like RetDec cannot decompile push+ret as a jump or call. Do I need some command line options to enable it? A sample code is attached.

BTW, I guess this is not really decompilation as compilers usually do not generate push ret sequence. But it is useful to analyze obfuscated code.

# gcc -g push-ret.S -m32 -o push-ret

	.section	.data
.STR0:
	.string	"print"

	.section	.text
	.globl	myprint
myprint:
	pushl	%ebp
	movl	%esp, %ebp
	pushl	$.STR0
	call	puts
	subl	$4, %esp
	leave
	ret

	.globl	main
main:
	pushl	%ebp
	movl	%esp, %ebp
	#call	myprint
	pushl   $retaddr
	pushl   $myprint
	ret
retaddr:
	xorl	%eax, %eax
	leave
	ret
@PeterMatula
Copy link
Collaborator

Yes, this is currently true and it can not be enabled by command line options. I think that ret gets translated to return no matter what was pushed to stack. We need a better dataflow analysis. I will add this to the list of problems that should be solved by the new decoder in #116. I hope I will get to work on the new decoder shortly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
C-bin2llvmir enhancement P-output
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ljn917 @PeterMatula