Version and Platform (required):
- Binary Ninja Version: 5.3.9434 & 5.4.9740-dev(although to a lesser extent)
- Edition: Commercial
- OS: Windows
- OS Version: 11
- CPU Architecture: x64
Bug Description:
when you load the example 32bit driver there are quite a few cases where types don't propagate back onto the stack. In the release notes you mentioned patterns so my guess is that these are not detected due to the eax/edx abi splits.
i noticed in dev return types are fixed a lot, but parameters still suffer (probably the pattern of double pushes for 64bit types)
Here are some examples, but there are many more, just go through the api xrefs to find more.
PLARGE_INTEGER typedef of _LARGE_INTEGER_1 as parameter not propagated back (dev fixed the return type)
stable
00010816 int32_t var_2c
00010816 int32_t eax_12
00010816 int32_t edx_3
00010816 eax_12, edx_3 = KeQueryPerformanceCounter(PerformanceFrequency: &var_2c)
dev
00010816 int32_t var_2c
00010816 LARGE_INTEGER_1 retvar_3 = KeQueryPerformanceCounter(PerformanceFrequency: &var_2c)
PUNICODE_STRING typedef of _UNICODE_STRING not propagated back onto stack
00010602 void var_14
00010602 RtlInitUnicodeString(DestinationString: &var_14, &SourceString)
divisor type LONGLONG not propagated back
00010816 int32_t var_2c
0001083e LONGLONG retvar_7 = _alldiv(Dividend: retvar_5.d, Divisor: var_2c)
builtin should probably create wchar16 array?
0001059b int16_t SourceString
0001059b __builtin_wcscpy(dest: &SourceString, src: u"\\DosDevices\\NTice")
Steps To Reproduce:
Please provide all steps required to reproduce the behavior:
files available with ref: concurrent method listens securely
first you have to install the 32bit ntoskrnl.exe.bntl and hal.dll.bntl types i made. i placed them into C:\Users\main\AppData\Roaming\Binary Ninja\typelib\x86
Expected Behavior:
stack variables are promoted to correct types
Binary:
concurrent method listens securely
Version and Platform (required):
Bug Description:
when you load the example 32bit driver there are quite a few cases where types don't propagate back onto the stack. In the release notes you mentioned patterns so my guess is that these are not detected due to the
eax/edxabi splits.i noticed in dev return types are fixed a lot, but parameters still suffer (probably the pattern of double pushes for 64bit types)
Here are some examples, but there are many more, just go through the api xrefs to find more.
PLARGE_INTEGER typedef of _LARGE_INTEGER_1 as parameter not propagated back (dev fixed the return type)
stable
dev
PUNICODE_STRING typedef of _UNICODE_STRING not propagated back onto stack
divisor type LONGLONG not propagated back
builtin should probably create wchar16 array?
Steps To Reproduce:
Please provide all steps required to reproduce the behavior:
files available with ref:
concurrent method listens securelyfirst you have to install the 32bit ntoskrnl.exe.bntl and hal.dll.bntl types i made. i placed them into C:\Users\main\AppData\Roaming\Binary Ninja\typelib\x86
Expected Behavior:
stack variables are promoted to correct types
Binary:
concurrent method listens securely