Skip to content

ghidra help

Jump to bottom
Xele02 edited this page Feb 16, 2025 · 5 revisions

Tips for ghidra weird reverse code or bugs

Float comparison error

Asm :

013905bc c0 8a b5 ee     vcmpe.f32  s16,#0
013905c0 00 50 a0 e1     cpy        r5,r0
013905c4 10 fa f1 ee     vmrs       apsr,fpscr
013905c8 05 00 00 da     ble        LAB_013905e4

Ghidra C code :

if (animTime < 0.0) {

Marked as < instead of <= (ble)

Callback switch error

01541be8 00 60 a0 e1     cpy        r6,r0
01541bec 01 00 77 e3     cmn        r7,#0x1
01541bf0 02 00 00 0a     beq        LAB_01541c00
01541bf4 54 00 9f e5     ldr        r0,[DAT_01541c50]                                = 025D7EF4h
01541bf8 00 00 9f e7     ldr        r0,[pc,r0]=>->Method$XeApp.Game.Menu.ListSortB   = 03ba1dd4
01541bfc 01 00 00 ea     b          LAB_01541c08
                             LAB_01541c00                                    XREF[1]:     01541bf0(j)  
01541c00 4c 00 9f e5     ldr        r0,[DAT_01541c54]                                = 025D7ECCh
01541c04 00 00 9f e7     ldr        r0,[pc,r0]=>->Method$XeApp.Game.Menu.ListSortB   = 03ba1dd8
                             LAB_01541c08                                    XREF[1]:     01541bfc(j)  
01541c08 00 20 90 e5     ldr        r2,[r0,#0x0]=>Method$XeApp.Game.Menu.ListSortB   = ??
01541c0c 06 00 a0 e1     cpy        r0,r6
01541c10 04 10 a0 e1     cpy        r1,r4
01541c14 00 30 a0 e3     mov        r3,#0x0
01541c18 f5 78 e4 eb     bl         XeApp.Game.Common.ButtonBase.OnClickCallback$$   void XeApp.Game.Common.ButtonBas

image c code reverted :

  pXVar1 = (__this->fields).m_sortListButton;
  OnClickEvent = (XeApp_Game_Common_ButtonBase_OnClickCallback_o *)
                 thunk_FUN_0087e91c(XeApp.Game.Common.ButtonBase.OnClickCallback_TypeInfo);
  XeApp.Game.Common.ButtonBase.OnClickCallback$$.ctor();
  if (pXVar1 == (XeApp_Game_Common_ActionButton_o *)0x0) {
                    /* WARNING: Subroutine does not return */
    FUN_0086eea0(0);
  }
  XeApp.Game.Common.ButtonBase$$AddOnClickCallback
            ((XeApp_Game_Common_ButtonBase_o *)pXVar1,OnClickEvent,(MethodInfo *)0x0);

Ghidra completely miss the test at address 01541bf0 and so the callback switch.

int64 number comparison

Ghidra c :

bVar13 = local_28 < (uint)iVar15;
bVar13 = (int)(local_2c - (iVar4 + (uint)bVar13)) < 0 !=
         (SBORROW4(local_2c,iVar4) != SBORROW4(local_2c - iVar4,(uint)bVar13));
if (bVar13) {

Important part :

  • The bool before the SBORROW (this is the operation)
  • The comparison before the SBORROW. == : Inverse the bool, != : Keep the same.

Sample result : local_28 < iVar15

ldivmod

aiVar35 = __aeabi_ldivmod(CONCAT44(iVar31,v3),(longlong)v2);
iVar7 = SUB164((undefined  [16])aiVar35 >> 0x40,0);

>>60 = div >>40 = div

Clone this wiki locally