IRDst is erroneous in some cases about miasm HOT 4 CLOSED

Hi,

Actually, this is the expected behaviour. You should have a second block, named lbl_gen_00000000:None, with:

EAX = (loc_0000000008048086:0x08048086 call_func_ret ESP)
ESP = (loc_0000000008048086:0x08048086 call_func_stack ESP)

The call_func_* are the way to represent functions side effects. By adding specific simplifications or modifying ir_a_x86_32.call_effects, you can handle specific functions.

For instance, this is used to link the result of a function with the stack before the call in a transparent and arch-independent manner (the algorithm has not to handle specific cases).

But if you want the affectation IRDst = loc_0000000008048086:0x08048086, you should use IR instead of IRA (A stands for "analysis"). That's what jitters do.

Please have a try with from miasm2.arch.x86.sem import ir_x86_32 as ir.

It seems that the Machine API does not provide a direct access to theses classes. I will patch it soon.

from miasm.

Hi,

Thanks for the tip, I'll try this ASAP, but I think it can be marked as resolved.
Since ir_a_x86_32 inherits from both ira and ir, and ira has no inheritance relation with ir, I would have expected ir_a_x86_32 it to be an ir with extended features. It would be nice to document the difference of behaviour/purpose between these two classes.

from miasm.

You can simulate a call with arguments as well:

EAX = (loc_0000000008048086:0x08048086 call_func_ret ESP, @32[ESP+4], @32[ESP+8])
ESP = (loc_0000000008048086:0x08048086 call_func_stack ESP)

from miasm.

Yes, the inheritance graph is not straightforward. We may work on it a day.

Regarding the Machine export of ir, it is bring by #88. In addition, the full.py will now print both block outputs to limit the API misunderstanding.

from miasm.