Vector35
Stack variable accessed with `lea` + `add` not resolved properly
Version and Platform (required):
- Binary Ninja Version: [e.g. 4.0.4000-dev] (if version is stable, please also test the latest development build via the "Update Channel" option)
- OS: Manjaro Linux
- OS Version: 6.6.30-2-MANJARO
- CPU Architecture: x64
Bug Description: I have a Rust binary that uses this sequence of instructions to access an array of 8 pointers (at stack - 0x58 -> stack - 0x20):
movzx ecx, byte [rbx+r15]
lea rax, [rsp+r15*8] {var_88}
add rax, 0x30
However, this is lifted to HLIL as
void var_88
result = &var_88 + (r15 << 3) + 0x30;
Steps To Reproduce: Please provide all steps required to reproduce the behavior:
- Download the attached binary demo.zip
- Navigate to 0x88de
- Open HLIL, see above output
Expected Behavior: The actual variable/array to be displayed, i.e.
result = var_50[r15];
Looks to be the same issue as https://github.com/Vector35/binaryninja-api/issues/5315
<HighLevelILAdd: &var_88 + (r15 << 3) + 0x30> : <HighLevelILAdd: &var_88 + (r15 << 3)> & <HighLevelILConst: 0x30>
Yeah this is actually a duplicate of https://github.com/Vector35/binaryninja-api/issues/5315. However, I am keeping this issue open because it involves a x64 binary which is more accessible
Here's a minimized case: lea_add.bndb.zip
Note that there's a stack variable var_20 that should be referenced but instead we're basing off of var_50
The fundamental issue here is that we don't have in the MLIL Translator a path that simplifies AddressOf(SomeVariable) + Offset to AddressOf(SomeOtherVariable)
