MIssing size for tbyte operand in DTYPE_TO_SIZE

Question

MIssing size for tbyte operand in DTYPE_TO_SIZE

Closed this issue 3 years ago · 4 comments

Hi.

I've been using Sark for some years, since I saw your demo at Recon, and it's made my life a whole lot easier. Thanks for that!

I've just noticed that there's no entry for a tbyte operand in base.DTYPE_TO_SIZE. I have a database with the line:

fstp tbyte ptr [ebp-9Eh]

If I use the following commands in IDA:

Python>import sark
Python>sark.Line().insn.operands[1].size

I get:

Traceback (most recent call last):
  File "<string>", line 2, in <module>
  File "C:\Python38\lib\site-packages\sark-7.4.0-py3.8.egg\sark\code\instruction.py", line 252, in size
    return base.dtype_to_size(self._operand.dtype)
  File "C:\Python38\lib\site-packages\sark-7.4.0-py3.8.egg\sark\code\base.py", line 28, in dtype_to_size
    return DTYPE_TO_SIZE[dtyp]
KeyError: 5

I note that:

Python>import ida_ua
Python>ida_ua.dt_tbyte

gives:

0x5

I'm using Sark 7.4.0-py3.8 with IDA 7.6.210319.

Thanks.

Answer 1 · 2021-04-20T09:46:00.000Z

I'm so happy to hear you've been using Sark for this long. It's great to get this kind of feedback 😄

I created a PR with a possible fix - let me know that it works for you.

Answer 2 · 2021-04-20T20:31:36.000Z

Thanks for looking at this so quickly. Your fix works for me, although I see that the command above now returns a size of 12 bytes. Instead of idaapi.sizeof_ldbl(), I think perhaps you should use ida_idp.ph_get_tbyte_size(), which returns 10 bytes?

Answer 3 · 2021-04-21T07:31:39.000Z

Ha, you're right! Fixed now, let me know it works for you and I'll merge it.

Answer 4 · 2021-04-22T17:06:53.000Z

Thanks, that's perfect.