|
| 1 | +## Microcode optimizers |
| 2 | + |
| 3 | +### "Magic" call replacement. |
| 4 | +C++ optimizing compiler may reuse code of simple class methods like `member_t* CMyClass::GetMember() { return &member;}` for different classes. |
| 5 | +So in a usual way the reverser should create union for the classes were used to call this method and apply it to the `this` argument of the call and one more union for all possible returning types. |
| 6 | +However the such a simply call might be replaced to micro-code that directly access class member, so type casting of argument and return value will be automatically resolved by the decompiler. |
| 7 | +You just need to set right size of returning type and argument (like `_QWORD` or `_DWORD`) and rename the destination proc of the call to the "magic" name and the plugin does code substitution automatically. |
| 8 | + |
| 9 | +>⚠️ **Warning:** Currently these "magic" call optimizers do not care about registers were spoiled by the original call and stack balance in case of __stdcall. So please remember it before using. |
| 10 | +
|
| 11 | +For the following calls where `NN` is a number in hex and `x` is an any expression: |
| 12 | + * `LDX_0xNN(x)` will be replaced to `[x + NN]`. The size of memory accessed by new expression will be equal to the size was used in original call expression. |
| 13 | + * `RET_0xNN()` ==> `NN` |
| 14 | + * `ADD_0xNN(x)` replaced to `x + NN` |
| 15 | + * `SUB_0xNN(x)` ==> `x - NN` |
| 16 | + * `AND_0xNN(x)` ==> `x & NN` |
| 17 | + * `OR__0xNN(x)` ==> `x | NN` |
| 18 | + * `XOR_0xNN(x)` ==> `x ^ NN` |
| 19 | + |
| 20 | +One more optimizer watches calls that do simple arithmetic operation and receive two numbers as arguments then replaces call expression to the result of arithmetic operation. |
| 21 | +Size of resulting number is set equal to the returning type size of original call. |
| 22 | + * `ADD(n1, n2)` ==> result of `n1 + n2` |
| 23 | + * `SUB(n1, n2)` ==> result of `n1 - n2` |
| 24 | + * `AND(n1, n2)` ==> result of `n1 & n2` |
| 25 | + * `OR_(n1, n2)` ==> result of `n1 | n2` |
| 26 | + * `XOR(n1, n2)` ==> result of `n1 ^ n2` |
| 27 | + |
| 28 | +### Opaque Predicates removers mostly derived from HexRaysDeob plugin by Rolf Rolles and Takahiro Haruyama |
| 29 | + |
| 30 | +Below `x` and `y` are expressions. `a`, `b`, `c`, `d` - numbers |
| 31 | + * `(x & 1) | (y & 1)` ==> `(x | y) & 1` |
| 32 | + * `(x & 1) ^ (y & 1)` ==> `(x ^ y) & 1` |
| 33 | + * `(x-a)+b` or `(x+a)+b` ==> `x+(b-a)` or `x+(b+a)` |
| 34 | + * `(x-a)-b` or `(x+a)-b` ==> `x-(b+a)` or `x-(b-a)` |
| 35 | + * `(x * (x-1)) & 1` ==> `0` |
| 36 | + * `~(x * (x - 1)) | -2` ==> `-1` |
| 37 | + * `(x & y) | (x ^ y)` ==> `x | y` |
| 38 | + * `x | !x` ==> `1` |
| 39 | + * `(x & c) | ( ~x & d)` ==> `x ^ d` (where c and d are numbers such that c == ~d) |
| 40 | + * `!(!x || !y)` ==> `x && y` |
| 41 | + * `~(~x | n)` ==> `x & ~n` |
| 42 | + * `x ^ a == b` ==> `x == a ^ b` |
| 43 | + |
0 commit comments