Hex-Rays' blog

Igor’s Tip of the Week #117: Reset pointer type – Hex Rays

Written by Igor Skochinsky | Dec 1, 2022

While currently (as of version 8.1) the Hex-Rays decompiler does not try to perform full type recovery, it does try to deduce some types based on operations done on the variables, or using the type information for the API calls from type libraries.

One simple type deduction performed by the decompiler is creation of typed pointers when a variable is being dereferenced, for example:

_QWORD *__fastcall sub_140006C94(_QWORD *a1)
{
  a1[2] = 0i64;
  a1[1] = "bad array new length";
  *a1 = &std::bad_array_new_length::`vftable';
  return a1;
}

Unfortunately, such conversions are not always correct, as can be seen in the example: we have a mix of integer and pointer elements in one array, so it’s more likely a structure. Also, due to C’s array indexing rules, the array indexes are multiplied by the element size (so, for example, a1[2] actually corresponds to  the byte offset 16). If you prefer seeing “raw” offsets, you can  change the variable’s type to a plain integer. This can, of course, be done by manually changing the variable’s type but there is a convenience command in the context menu which can be used to do it quickly:

After resetting, the variable becomes a simple integer type and all dereferences now use explicit byte offsets and casts:

Now you can, for example, create a structure corresponding to these accesses, or choose an existing one.

See also: 

Hex-Rays Decompiler: Interactive operation