Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Decompiler: Vararg parameters not always handled
See original GitHub issueDescribe the bug In quite some cases the decompiler does not identify parameters to vararg functions such as printf/sprintf correct.y
To Reproduce Steps to reproduce the behavior:
- Get a wannacry sample, for example https://www.virustotal.com/gui/file/24d004a104d4d54034dbcffc2a4b19a11f39008a575aa614ea04703480b1022c
- Go to function
FUN_00407ce0 - Scroll down to the sprintf calls at offset
407e18 - See that three arguments are pushed to
sprintfbut only two are identified.
Expected behavior
The call should look like
sprintf(&local_104,s_C:\%s\qeriuwjhrf_00431344,"WINDOWS")
Screenshots
Environment (please complete the following information):
- OS: macOS 10.14.3
- Java Version: 11.0
- Ghidra Version: 9.0
Issue Analytics
- State:
- Created 5 years ago
- Reactions:7
- Comments:6 (1 by maintainers)
Top Results From Across the Web
Java varargs method param list vs. array - Stack Overflow
Assuming the above is true/correct, why not always use varargs instead of single array param? Seems to add a touch of caller flexiblity...
Read more >Improved Compiler Warnings When Using Non-Reifiable ...
The advantage of generating a warning when a compiler encounters a varargs method that has a non-reifiable varargs formal parameter at the declaration...
Read more >Varargs in Java - Baeldung
Varargs were introduced in Java 5 and provide a short-hand for methods that support an arbitrary number of parameters of one type.
Read more >Failures and troubleshooting - Hex Rays
In short, this message means that the decompiler could not determine the calling convention and the call parameters. If this is a direct...
Read more >Kotlin's vararg and spread operator | by Tibi Csabai
While in Kotlin, the vararg parameter doesn't have to be the last one in ... Now let's see how the decompiled corresponding Java...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Yep, that was my workaround, but in this case the call on the assembly-side is pretty clear (and handled fine by other decompiler), that’s why I think it might be a bug
Varargs can sometimes be difficult to tell apart from local stack variables on many processors. It is possible to provide a function signature override at the calling site. This can specify the appropriate types for the various arguments on this particular call. It helps the decompiler understand what’s going on elsewhere in the function as well.