When working with pseudocode in the decompiler, you may have noticed that variable declarations and hints have comments with somewhat cryptic contents. What do they mean?
While meaning of some may be obvious, others less so, and a few appear only in rare situations.
The fist part of the comment is the variable location. For stack variables, this includes its location relative to the stack and frame pointers. For register variables — the register(s) used for storing its value.
In some cases, you may also see the scattered argloc syntax. For example:
struct12 v78; // 0:r2.8,8:^0.4
This denotes a 12-byte structure stored partially in registers (8 first bytes, beginning at
r2), and on stack (4 last bytes, starting from stack offset 8).
After the location, there may be additional attributes printed as uppercase keywords. Here are the most common possibilities:
BYREF: address of this variable is taken somewhere in the current function (e.g. for passing to a function call);
OVERLAPPED: shown when the decompiler did not manage to separate all the variables so some of them ended up being stored in intersecting locations. Usually functions with such variables are also marked with the comment:
// local variable allocation has failed, the output may be wrong!
MAPDST: another variable has been mapped to this one;
FORCED: this is an explicitly forced variable.
ISARG: shown for function arguments (in mouse hint popups);
Local variables may also have additional, user-defined comments which can be added using the / shortcut or the context menu:
If present, it will be printed at the end of the variable comment, after the annotations.
In addition to local variables, decompiler can also show annotations in the hints for:
- Structure and union fields. Offset and type is shown.
- Global variables. Only the type is shown.
- functions and function calls. The list of arguments as well as their locations is printed: