On C project I currently work at there is much code that uses goto and break for error handling. Break and goto are usually found inside
if (error_occured) {
LOGGER_REPORT_ERROR();
goto cleanup;
}
I tried extracting code that includes chunks like this with Eclipse CDT refactoring but it did not work automatically.
This should be theoretically possible to do this automatically if additional error code variable is created in original function and extracted function returns error code somehow.
Is there an IDE or IDE plugin for automatic refactoring that supports such function extractions already?
Related
when I reverse the binary with IDA gui, all the functions get decompiled without a problem.
but when I am running an automatic script on ida without gui, there is always the same function, that refuses to be decompiled. (when I am openning the same IDB that the automation script worked on, the function get decompiled without a problem)
I am using bip. and using BipFunc.can_decompile to check if a function can get decompiled.
EDIT:
according to an answer bellow, I have tried to add the following:
if not func.can_decompile:
print(f"can't decompile function 0x{func.ea:04x}, trying again")
decomp_all()
if not func.can_decompile:
print(f"can't decompile function 0x{func.ea:04x}, trying again")
decomp_all_twice_cacheclear()
if not func.can_decompile:
print(f"can't decompile function 0x{func.ea:04x}, skipping...")
return
sadly it did not work, I get all 3 prints every time, even on different binaries
it seems to be fixed on IDA Pro 7.6
There is several reason you can get an error on the decompilation from IDA. If it works on some case and other it does not it is probably because of the call analysis. When decompiling a function IDA will try to gather information on the function called by this one and in some case fail to get those information which will make the decompilation fail. But once that function has been decompiled, the information fetched by IDA will be updated, and so the decompilation of the caller function might now work. So basically it means you have to decompile the function in an order, which is a pain, for fixing that the simplest way is to just decompile everything twice, but it can take quite some time if you do it on "big" binaries.
I though I put that in the Bip repository somewhere but I can't find it, so here is a small plugin/code which should allows to do that:
from bip import *
class DecompileAll(BipPlugin):
"""
Plugin for decompiling all the function in the binary.
"""
#menu("Bip/DecompileAll/", "Invalidate hexrays caches")
def clear_hxcCache(self):
HxCFunc.invalidate_all_caches()
#menu("Bip/DecompileAll/", "Decompile all func")
def decomp_all(self):
count = 0
for f in HxCFunc.iter_all():
count += 1
print("0x{:X} functions decompiled".format(count))
#menu("Bip/DecompileAll/", "Decompile twice with cache clear")
def decomp_all_twice_cacheclear(self):
HxCFunc.invalidate_all_caches()
self.decomp_all()
self.decomp_all()
Just for information the basic reason for decompilation error, is that it is not able to make a correct translation of some piece of code because it does not understand the assembly, this is typically true if there is a problem during the analysis and the code is not correctly detected (also happens a lot if you are dealing with obfuscation). You can typically view this case by an error telling you "failed analysis at ADDR" in the IDAPython console, and then look at the problem. Probably not your case but might still help.
Glad to hear you are using bip. So about the BipFunc.can_decompile function: like indicated in the documentation (https://synacktiv.github.io/bip/build/html/base/func.html#bip.base.BipFunction.can_decompile) it will just try to decompile the function and see if an error occurs. The code is pretty straight forward (https://github.com/synacktiv/bip/blob/master/bip/base/func.py#L372), this is mostly written for being done while using one-liner, its the same thing as catching the exception when trying to decompile.
I'm trying to use Graphics32 package. Graphics32 was compiled and installed without any issue.
When I try to execute (debug) following code under C++ Builder XE3
TBitmap32* bmp = new TBitmap32();
bmp->LoadFromFile("d:\\sample.bmp");//This calls SaveToStream instead of LoadFromFile
...
it calls another member function SaveToStream which I can trace into and step while debugging until AV rises.
I have never encountered such behavior before.
Is there any compiler directive I'm missing or some workaround to make proper function call?
Update: I use the Graphics32 source from SVN. Everything works good if I use code prior to revision 2122.
I built a console app to find all the *.ts files in my project and then compile them using tsc.exe.
Everything was working fine, but as I converted my JavaScript files to TypeScript, I eventually ran into the following error:
ytsc.js(21053, 17) Microsoft JScipt runtime error: 'window' is undefined
Each time this happened when I was trying to extend window:
window['prop'] = "something";
I tested the code until I found the answer, which had little to do with my code...
The fault was my build tool.
I had declared the -e (execute) command line option when calling tsc.exe:
I did this because I thought I might add some automated testing code in the modules.
The cause for the error:
Most of my code is in functions.
However, there were a few places that I wanted to extend 'window' (for example if a built in function is missing from an old browser, I was shimming those calls). The code to shim the window object was running as the file loaded:
if (window.fun == null) {
window.fun = function(){...};
}
Anyway, because of the -e option, the tsc.exe was attempting to run the code (outside of a browser environment). This caused the above error.
1. Compiled Assembly from JSC
I've compiled what is intended to be client-side JavaScript using the JScript compiler (jsc.exe) on the server side in an attempt to make something that can be tested from a unit testing project, and maybe even something that can be debugged on the server side.
The compiled file contains only functions as follows (just for example) and it compiles fine into BitField.exe. Notice, no wrapper class or package in the source code.
------ BEGIN FILE (BitField.js) -------
function BitField(){
this.values = [];
}
// more functions ...
------- END FILE -------
jsc /fast- /out:BitField.exe Bitfield.js
Results in a BitField.exe assembly.
Success! Well, kind of ....
2. Testing Assembly / Access Point?
Secondly I've created a test project (in C#) and referenced in the BitField.exe assembly successfully. (The type of project is irrelevant but I'm providing more description to paint a full picture.)
The problem seems to be: I cannot find the namespace or a point at which I can access the BitField functions inside the BitField.exe assembly from my C# test project. The assembly doesn't seem to be a "normal".
In other words I need in C#
using ???WHAT???
Note: I don't want to use JScript "extensions", meaning keywords that won't run client-side (in a web browser), for example, class, package etc because I want the code to be clean as possible for copy & paste back into client side script environment (Regardless said "clean" code compiles fine by jsc.exe without use of those extensions). When I try to wrap the functions in package and class it starts producing compile errors so that's another reason not to use them - because they appear to make me alter my code.
Any suggestions as to how I can use the functions of the compiled JScript assembly (by having it referenced into another assembly) when there are no explicit containers in it?
Update / Proof
.NET Reflector view
After playing around with it for a while, and trying various combinations of command-line switches for jsc.exe, I'm pretty sure that what you're trying to do won't work as you'd wish it to. If you try to compile a js file that contains functions into a .Net library assembly, you get an error:
BitField.js(1,1) : error JS1234: Only type and package definitions are allowed inside a library
But, there is hope, yet! Here's what I would do...
I would keep your "clean" BitField.js file just as it is, and then create a batch file that wraps it in a JScript class and writes it out to a "dirty" js file. It's pretty clean if you think of it as part of the compilation of the code into the DLL. The code to wrap the BitField.js into BitFieldClass.js would look like this:
merge-into-class.js
var fso = new ActiveXObject("Scripting.FileSystemObject");
var ForReading = 1;
var inputFile = fso.OpenTextFile("BitField.js",ForReading, false);
var outputFile = fso.CreateTextFile("BitFieldClass.js", true);
outputFile.write("class BitFieldClass{\n");
while (!inputFile.AtEndOfStream)
{
var textLine = inputFile.ReadLine();
outputFile.write (textLine + "\n");
}
outputFile.write("}");
outputFile.close();
Then the batch file to wrap it and compile it is really simple:
compile-js.bat
cscript merge-into-class.js
jsc /t:library /out:BitFieldClass.dll bitFieldClass.js
Of course, if you wanted to do multiple files, you'd have to parameterize things a bit, but hopefully this is enough to demonstrate the idea.
I am using VBA (in Access 2003) and I'd like to use the IFilter mechanism to extract the textual contents of files. I found some some nice C++ sample code which makes it look relatively easy, but at the moment I can't even get the DLL call to LoadIFilter to work:
Declare Function LoadIFilter Lib "query.dll" (ByVal pwcsPath As String, _
ByVal pUnkOuter As Object, ByRef ppIFilter As Object) As Integer
Public Sub DocEx()
Dim ifilter As Object
Dim hresult As Integer
hresult = LoadIFilter("C:\temp\test.txt" & Chr(0), Nothing, ifilter)
Debug.Print hresult
End Sub
hresult is always E_FAIL (= 16389).
Is it my syntax for the DLL that is incorrect, or something else?
EDITED TO ADD: In the end I didn't solve this problem. But since my only purpose is to hack up an internal script, it is sufficient for me to to just call the FiltDump.exe tool that comes bundled with the Microsoft Platform SDK and parse its output. (A bit clunky though, especially since FiltDump.exe insists on printing error messages to stdout instead of stderr!)
LoadIFilter() is meant to do a lot of work - it looks up the registry to find which IFilter to load, then loads it (most likely calls CoCreateInstance() for just found class id). Anything could go wrong - there could be no mapping in the registry from .txt extension to the class id or the COM server for that class id could fail to load.
Your best bet is to use Process Monitor to see if it finds what IFilter to load and if at least it tries to load it.