1 |
|
output result as following (pcode-refined)
1 | (ram, 0x114d4, 4) INDIRECT (ram, 0x114d4, 4) , (const, 0x15, 4) |
M4rsuri’s explanation(INDIRECT pcode op, input1 misunderstood · Issue #2744 · NationalSecurityAgency/ghidra · GitHub)
I think that INDIRECT just indicates the varnode in output can be affected by the pcode indicated by it's input1.So it's impossible for a varnode to be affected when it's both not the output of an instruction and it's not associated with the instruction through an INDIRECT.
In other words, the varnodes being the output of all INDIRECTs associated with an instruction is the over-approximation of all varnodes that may be affected by the execution of this instruction. Only CALL/CALLIND instructions can have side affects because we need to take the execution of their corresponding subroutines into consideration. So INDIRECT instructions only appear before CALL/CALLIND instructions.
I wonder if my understanding is proper.
Thank you.
INDIRECT pass input0 to output, but output be affected by some pcode indicated by input1 possibly.
Affect means “be changed” and so on in a narrow sense.
because we don’t know what the subroutine indicated by subsequent CALL pcode that take out our parameter’s address will do .Isn’t it? Maybe it can modify the content in the corresponding address. So it’s value is indirected when machine is executed to the next COPY pcode and pass it to other varnode.(so INDIRECT meaning - varnode passed through other subroutine before reaching its destination)
A special address space indicates input1's use as an internal reference encoding simply means the Seqnum which indicates the sequence number of anyone pcode.
if u print out above CALL pcode’s seqnum, u will find it exactly is 0x15 (const, 0x15, 4).
1 | (ram, 0x114c8, 67, 0) |
Thanks M4tsuri for his help.