(the manual describes the build 180227)
In some cases the decompiler can not produce nice output because the variable
allocation fails. It happens because the input contains overlapped variables
(or the decompiler mistakenly lumps together memory reads and writes).
Overlapped variables are displayed in red so they conspicuously visible.
Let us consider some typical situations.
There are read/write accesses that involve two or more variables
For example, consider the following output:
__int64 v1; // [email protected] OVERLAPPED
int v2; // [email protected] OVERLAPPED
__int64 result; // [email protected]
if ( *(_BYTE *)(a1 + 5) & 1 )
The last assignment to v1 reads beyond v1 boundaries. In fact, it also reads
v2. See the assembly code:
HIDWORD(v1) = *(_DWORD *)(a1 + 7);
v2 = *(_DWORD *)(a1 + 11);
HIDWORD(v1) = 0;
v2 = 0;
v1 = *(__int64 *)((char *)&v1 + 4);
// ODD ASSIGNMENT!
test byte ptr [eax+5], 1
jz short loc_409521
mov edx, [eax+7]
mov ecx, [eax+0Bh]
jmp short loc_409525
xor edx, edx
xor ecx, ecx
mov eax, edx
mov edx, ecx
Unfortunately the decompiler can not handle this case and reports overlapped variables.
There is an array function argument
Arrays can not be passed to functions by value, so this will lead to a warning.
Just get rid of such an array (embed it into a structure type, for example)
There are too many function arguments
The decompiler can handle up to 64 function arguments. It is very unlikely to encounter
a function with a bigger number of arguments. If so, just embed some of them into a structure
passed by value.
The corrective actions include:
- Check the stack variables and fix them if necessary. A wrongly variable can easily
lead to a lvar allocation failure.
- Define a big structure that covers the entire stack frame or part of it. Such a big variable
will essentially turn off variables lumping (if you are familiar with compiler jargon, the decompiler builds a web of lvars during lvar allocation and some web elements become too big, this is why variable allocation fails).
Instead, all references will be done using the structure fields.
- Check the function argument area of the stack frame and fix any wrong variables. For example,
this area should not containt any arrays (arrays can not be passed by value in C). It is ok to pass structures by value, the decompiler accepts it.