Microcode Explorer generation generates different microcode under different ida views
Closed this issue · 5 comments
IDA Version: 7.2
For example, we can write this simple code
#include <stdio.h>
int main(int argc, char **argv) {
if (argc == 2) {
printf("2\n");
return 1;
}
printf("1\n");
return 0;
}When compiled and thrown into ida, when using IDA under text view, with MMAT_LOCOPT, we get
However, if we switch to graph view with the same function under same optimization, we get
As we see here, the microcode at Block 2, after puts has an extra mov rdi at the end of the block. This repeated extra instruction almost appears in every single block.
The other consequence is that under graph view, no matter how many times I try regenerating the microcode, the line number will never show up.
Although I wonder if this is a bug in the hexray SDK's print function rather than the plugin itself.
I'll try to take a closer look at this tomorrow. To make my life easy, can you attach the raw executable you're using? See e.g. https://help.github.com/articles/file-attachments-on-issues-and-pull-requests/
Did you compile the plugin with the 7.1 SDK, and are you now using it in 7.2? That might be problematic. Ilfak was kind enough to warn me ahead of the 7.2 SDK release that I would need to update a few things to port the plugin to 7.2, but I haven't done that yet.
I compiled the plugin using 7.2 SDK, and used it under 7.2, so I don't think that should be an issue? I only used the MicroCodeExplorer part, nothing with the CFunflattener or the ObfCompilerOptimizer, so I only changed 1 line to port it to 7.2.
And I have attached the binary sample and the sample test code. However, the issue happens on all the binaries I'm analyzing, so there's nothing special about the sample
Thanks. And which line of the source code did you change to get it to compile for 7.2?
I changed Line 277 in MicroCodeExplorer.cpp
- display_widget(tw, WOPN_TAB | WOPN_MENU);
+ display_widget(tw, WOPN_TAB);I ported everything to 7.2 and recompiled. The first time I ran the plugin, I noticed both missing line numbers in the textual viewer as well as the duplicated instructions. Then I closed the "Microcode Explorer - 63A - MMAT_LOCOPT" window and ran it again. After that, I did not notice either issue in either the textual output or the graph view.
I did notice that I had different outcomes depending on whether the Microcode Explorer window, when initially spawned, appeared as its own window or as a new tab under an existing window (in my case, the "Execute Script" window). If it spawned as a tab, what I said above about closing the tab and trying again worked. If it spawned as its own window, then no amount of closing it and trying again would help.
It's like I originally suspected: an IDA/Hex-Rays issue that I don't have control over, sorry. I'm going to mark this as WONTFIX unless you can localize the issue to an error in my code. If you want to raise it with Hex-Rays as a support issue, that might lead to a resolution.