User Manual

(the manual describes the build 180227)

Overlapped variables

In some cases the decompiler can not produce nice output because the variable allocation fails. It happens because the input contains overlapped variables (or the decompiler mistakenly lumps together memory reads and writes). Overlapped variables are displayed in red so they conspicuously visible. Let us consider some typical situations.

  • There are read/write accesses that involve two or more variables

    For example, consider the following output:
    __int64 v1; // [email protected] OVERLAPPED int v2; // [email protected] OVERLAPPED __int64 result; // [email protected] if ( *(_BYTE *)(a1 + 5) & 1 ) { HIDWORD(v1) = *(_DWORD *)(a1 + 7); v2 = *(_DWORD *)(a1 + 11); } else { HIDWORD(v1) = 0; v2 = 0; } v1 = *(__int64 *)((char *)&v1 + 4); // ODD ASSIGNMENT!
    The last assignment to v1 reads beyond v1 boundaries. In fact, it also reads v2. See the assembly code:
    test byte ptr [eax+5], 1 jz short loc_409521 mov edx, [eax+7] mov ecx, [eax+0Bh] jmp short loc_409525 loc_409521: xor edx, edx xor ecx, ecx loc_409525: mov eax, edx mov edx, ecx
    Unfortunately the decompiler can not handle this case and reports overlapped variables.
  • There is an array function argument

    Arrays can not be passed to functions by value, so this will lead to a warning. Just get rid of such an array (embed it into a structure type, for example)
  • There are too many function arguments

    The decompiler can handle up to 64 function arguments. It is very unlikely to encounter a function with a bigger number of arguments. If so, just embed some of them into a structure passed by value.
The corrective actions include:
  • Check the stack variables and fix them if necessary. A wrongly variable can easily lead to a lvar allocation failure.
  • Define a big structure that covers the entire stack frame or part of it. Such a big variable will essentially turn off variables lumping (if you are familiar with compiler jargon, the decompiler builds a web of lvars during lvar allocation and some web elements become too big, this is why variable allocation fails). Instead, all references will be done using the structure fields.
  • Check the function argument area of the stack frame and fix any wrong variables. For example, this area should not containt any arrays (arrays can not be passed by value in C). It is ok to pass structures by value, the decompiler accepts it.