How to correctly use "Set call type"

IDA General
1

Hello, I’m working on some arm64 binary code that I dumped from memory. I know there’s a call to strstr from the C library, so I set its call type accordingly. However, Hex-Rays is still showing it as a shortened char array. It’s weird because when I set the type for sscanf, it shows up as a string literal. Can anyone help explain what the correct usage should be?

sscanf code from decompiler:

call type: __int64 (*sscanf)(_QWORD, const char *, ...)
              sscanf(v2, "%llx-%llx %s %*s %*s %*s %s", &v36, &v35, v3, v4);
data:00000074131C4999 aLlxLlxSSSSS    DCB "%llx-%llx %s %*s %*s %*s %s",0

strstr code from decompiler:

call type: char *strstr(const char *, const char *)
if ( !strstr(v4, aApex)
              && !strstr(v4, aSystem)
              && !strstr(v4, aVendor)

data:00000074131C4B7D aSystem         DCB "/system",0
data:00000074131C4B85 aVendor         DCB "/vendor/",0

Thanks for the help.

2

There are 3 ways to fix this:

  • declare these strings as const char []
  • declare the entire data segment as const by pressing Alt-S and removing the Write attribute (probably an overkill)
  • turn off the “Print only constant string literals” in the decompiler analysis options 1 (see Edit, Plugins, Hex-Rays Decompiler options)
3

wonderful, the const char works great, thanks!

Any idea about the inconsistency between the sscanf and strstr then? as they are both in the same data section and are both declared as char

4

We have special logic for sscanf and other functions with format strings…

1 Like