Incorrect IL from PEB Load Instruction #7647
Description
Version and Platform (required):
- Binary Ninja Version: 5.3.8622-dev Ultimate, 62a8cd21
- OS: macos
- OS Version: 15.7
- CPU Architecture: arm64
Bug Description:
This assembly is not accurately lifted to IL:
18001b53d 65488b03 mov rax, qword [gs:rbx]
Here is the resulting LLIL:
45 @ 18001b53d rax = [gsbase + rbx {_TEB::ProcessEnvironmentBlock+3.q}].q
And HLIL:
18001b53d TEB* gsbase
18001b53d rax_4.b = gsbase->ProcessEnvironmentBlock.b
18001b53d rax_4:1.b = gsbase->ProcessEnvironmentBlock:1.b
18001b53d rax_4:2.b = gsbase->ProcessEnvironmentBlock:2.b
18001b53d rax_4:3.b = gsbase->ProcessEnvironmentBlock:3.b
This causes more problems downstream because rax_4 is not of type PEB*
Steps To Reproduce:
Open the database or binary and look at 0x18001b53d
BNDB: dense atom prunes validly
Binary: dual yard releases fractally
Expected Behavior:
HLIL should be:
rax_4 = gsbase->ProcessEnvironmentBlock
Screenshots:
Setting rax_4 manually to type PEB* fixes most of the downstream problems (remaining problems listed below):
Even after manually setting the type of PEB*, this instruction is missing an annotation. Downstream instructions do get correct annotations, but this one is still missing:
