Skip to content

noreturn

Jump to bottom Edit New page
plasma-disassembler edited this page Nov 14, 2017 · 3 revisions

The noreturn flag

Detecting if a function returns or not could be very important for the pseudo-decompilation. The output can be very different (hard to read) or wrong if a function was not detected correctly.

Actually infinite loops are correctly detected. For imports there is a list of known symbols in lib.consts.py, but the list is incomplete.

Here is an example why the output can differs :

_start:
    jmp next

    do_call:
    call exit

    next:
    mov eax, 1337
    jz do_call
    ret

The pseudo decompilation should normally print this :

jmp next
next:
eax = 1337
# 0x4000e2: je 0x4000d8
if != {
    ret
}
do_call:
0x4000d8: call exit

But if the exit is not detected as a noreturn function, it prints :

jmp next
loop {
    next:
    eax = 1337
    je 0x4000d8
    if !=  goto 0x4000e4   
    do_call:
    0x4000d8: call exit
}
0x4000e4: ret

As you can see, a loop is detected. Here the output is still right, but the algorithm can be completely lost on harder binaries.

The only solution currently is to use the api. The flag is only changed for the moment, functions are not re-analyzed but the decompilation will check this flag to build the flow graph each time.

>>> py
api.set_noreturn(api.get_addr_from_symbol("my_function"), True)
Add a custom footer
Add a custom sidebar
Clone this wiki locally