P0: Typed reads (int/string/struct) + consistent address semantics#207
Closed
mahaloz wants to merge 1 commit into
Closed
P0: Typed reads (int/string/struct) + consistent address semantics#207mahaloz wants to merge 1 commit into
mahaloz wants to merge 1 commit into
Conversation
Two related P0 gaps: DecLib only exposed raw bytes, and absolute addresses double-added the image base (Ghidra rejected 0x402320 but accepted the image-relative 0x2320). - New `decompiler read int|string|struct <addr>`: - `int` — decode N bytes (default pointer size), --signed/--endian. - `string` — NUL-terminated C string, --max-len/--encoding. - `struct <name>` — read a defined struct's bytes and decode each member. Decoding is client-side over read_memory, so all backends are supported. - Address normalization: every address argument now accepts lifted, absolute, or decimal. `_to_lifted_addr` rebases absolute addresses (>= image base) so `read_memory 0x402320` and `0x2320` hit the same byte. Applied to read_memory and the new typed reads. - Tests: read int (ELF magic, both endians), read string (Welcome), read struct (decode ELF header via a user struct), and an absolute-vs-lifted agreement regression — all pass on IDA, Ghidra, and angr. (Tests use isolated project dirs so a killed run can't poison the shared cache.) - SKILL.md / docs / CLI docstring updated. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01HfZHdprXg38re1XyKxzGg5
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What & why
Two related P0 gaps:
0x402320while accepting the image-relative0x2320, because the backend adds the base to whatever it's given.New capabilities
decompiler read int|string|struct <addr>— decoding happens client-side overread_memory, so every backend is supported:int— decode N bytes (default = pointer size);--size,--signed,--endian.string— NUL-terminated C string;--max-len,--encoding.struct <name>— read a defined struct's bytes and decode each member (offset, name, type, value, hex).read_memory,comment,global, ...) accepts lifted (0x2320), absolute (0x402320), or decimal._to_lifted_addrrebases absolute addresses (>=image base) to the backend's lifted form, so both refer to the same byte.read_memorynow normalizes too — fixing the double-base-add.Example
Tests
Backend-parametrized:
test_read_int_elf_magic(both endians),test_read_string,test_read_struct(decodes the ELF header through a user struct), andtest_read_memory_absolute_and_lifted_agree(the double-base-add regression). All pass on IDA, Ghidra, and angr. Tests use isolated project dirs so an interrupted run can't poison the shared Ghidra cache.CLI-only change — no per-backend code needed, since typed decoding is client-side and address normalization is in the CLI.
Fourth PR in the IDALib-parity series. Based on
feat/cli-globals-signatures(#206).🤖 Generated with Claude Code
https://claude.ai/code/session_01HfZHdprXg38re1XyKxzGg5