Global pointer value not updated during re-analysis

[toolCHAINZ]

Steps to duplicate

Paste the following hex into binja's hex view and make an x86 function at 0:

31c985db7e01c3c3

Now patch the first instruction to be xor ebx, ebx, causing ebx to be evaluated by dataflow to be ConstantValue: 0.

Now, you can undo that, patch in another one, nop it out, whatever, but binja will now think that ebx is ConstantPointerValue: 0 (not even ConstantValue: 0). You can even undefine/recreate the function at 0 and it will still happen.

---

I first saw this issue pop up in an x68 PE (it manifested without any patching), but the end result of the above example is the same.

[plafosse]

I've confirmed the issue, thanks for the report.

[chinmaydd]

On the reanalysis which triggers after the undo/patching, ebx is identified as a constant (global) pointer value due to our heuristic. Unfortunately, we dont have an immediate fix for this yet.

[DanielAdolfsson]

"Immediate" fix, surely not. I just ran into this problem. What's the workaround here?

[xusheng6]

"Immediate" fix, surely not. I just ran into this problem. What's the workaround here?

Try to re-analyze the offending function and it should fix it. You can right click and find the action to update the analysis (cannot remember its name)

[xusheng6]

I just realized the even re-analyzing the function would not fix the issue -- the analysis result from dataflow are stuck and not going away even when the function bytes are restored to its origin.

This might even be related to #4288

[xusheng6]

Oh this is a much more specific issue, our analysis fails to update the value for the global pointer register during re-analysis. And ebx happens to be that register. If the code has been test edx, edx, then we would have noticed the bug at all