Unused parameter is given to functions that have variable arguments for `__thiscall` functions

[kevre91]

Version and Platform (required):

• Binary Ninja Version: 3.1.3570-dev
• OS: Windows
• OS Version: 10
• CPU Architecture: x64

Bug Description: this parameter is given to functions that have variable arguments after PDB is loaded even if called function does not use this parameter.

Steps To Reproduce: Write a test binary that have a class with one virtual function. In that function, call a function that have variable arguments.

Screenshots:

Before PDB:

After PDB:

Before PDB but sub_401040 (which is printf) type edited from int32_t sub_401040(int32_t arg1) to int32_t sub_401040(int32_t arg1, ...):

I think it only happens when the first called function have variable arguments and function that calls it uses __thiscall convention. I was unable to reproduce it with function like this:

void test_func(int a)
{
	printf("Hello3!\n");
}

[fuzyll]

This looks like it may be a more general problem with variadic functions, rather than something specific to how the PDB is being applied. If the PDB is setting the calling convention of the printf wrong somehow, then it could be the PDB's fault. But, otherwise, it's probably a more general issue.

Are you able to share the binary that you made the above tests with?

[kevre91]

I guess it's general issue. Here I attached the binary I used.

Retype sub_401040 (which is printf) as int32_t sub_401040(int32_t arg1, ...) and then you will see at sub_401180 it gives arg1 as parameter to sub_401040 (printf).

classtest.zip

[plafosse]

I just created an issue to address the root cause of this issue: #3916