The upcoming 5.1 version of Cerbero Suite Advanced introduces improvements in the output of the decompiler.
One of the improvements is the detection and display of indirect string literal references. These type of references are already correctly handled by our ultra-fast Carbon disassembler.
Let’s take for instance the following code example:
#include <stdio.h>
void foo(const char **ref)
{
puts(*ref);
}
int main ()
{
static const char *s = "Referenced string";
foo(&s);
return 0;
}
Our Carbon disassembler already detects the indirect reference:
RefString:.text:0x140001000 sub_140001000 proc start
RefString:.text:0x140001000 ; CODE XREF: 0x14000128E
RefString:.text:0x140001000 ; DATA XREF: 0x140004000
RefString:.text:0x140001000 ; unwind {
RefString:.text:0x140001000 sub rsp, 0x28
RefString:.text:0x140001004 mov rcx, qword ptr [0x140003020] ; ptr:"Referenced string"
RefString:.text:0x14000100B call qword ptr [0x140002118] -> puts
RefString:.text:0x140001011 xor eax, eax
RefString:.text:0x140001013 add rsp, 0x28
RefString:.text:0x140001017 ret
RefString:.text:0x140001017 ; } // starts at sub_140001000
RefString:.text:0x140001017
RefString:.text:0x140001017 sub_140001000 proc end
However, up until now the decompiler would produce the following output:
undefined64 __fastcall sub_140001000(void)
{
(*_puts)(*(undefined64 *)0x140003020);
return 0;
}
While, in the upcoming version the output is:
undefined64 __fastcall sub_140001000(void)
{
(*_puts)(*(undefined64 *)&"Referenced string");
return 0;
}
More decompiler improvements will be introduced in the upcoming version!