What does _0_4_ mean in ghidra?
Asked
Active
Viewed 2,833 times
5
-
Did you look at the disassembly that related to this line? – macro_controller Jan 13 '20 at 14:47
-
iirc ghidra uses the split notations to indicate bitmasks i might be mistaken since you accepted pavels answer and it has been upvoted also dont have ghidra at hand so cant confirm – blabb Jan 13 '20 at 16:25
1 Answers
4
It is being used when there's a mismatch between type sizes in the decompiled code and Ghidra cannot show you that the whole variable is being modified.
Your PUCHAR - since it is a pointer and this is (probably) 64-bit is 8 bytes. But analyzing the disassembly Ghidra sees that only 4 bytes are being set to 0 in this line (for example a 32 bit register is used).
One of the fix you can apply is by correcting the type of local_res8 (CTRL+L) but it might be the case that the type is ok, and in fact only lower 32-bits are being set..
Paweł Łukasik
- 4,912
- 1
- 14
- 27