4

IDA Pro's idaapi.BasicBlock objects returned by idaapi.FlowChart() can be of the following types (see gdl.hpp in the SDK sources):

// flow chart block types
enum fc_block_type_t
{
  fcb_normal,    // normal block
  fcb_indjump,   // block ends with indirect jump
  fcb_ret,       // return block
  fcb_cndret,    // conditional return block
  fcb_noret,     // noreturn block
  fcb_enoret,    // external noreturn block (does not belong to the function)
  fcb_extern,    // external normal block
  fcb_error,     // block passes execution past the function end
};

I was able to find examples for all types except fcb_cndret. What does

conditional return block

mean? Could somebody give an example?

langlauf.io
  • 1,560
  • 1
  • 19
  • 36

2 Answers2

5

I don't know it either so I put together this small script in order to do some empirical analysis. 

import idaapi
import idc
import idautils

for f in Functions():
    fc = idaapi.FlowChart(idaapi.get_func(f))
    for bb in fc:
        if bb.type == 3:
            print "%x type: %d" % (bb.startEA, bb.type)

print "Done"

I throw it to several x86 and x86_64 binaries without results.

So, it could be that:

  • This kind of block appears very rarely
  • It appears only in other architectures (I didn't have any ARM or MIPS in this computer to test, sorry)
  • The enum field is reserved for future use

Just my two cents.

Update

I tried it with an ARM binary and found a couple of them. Apparently these are blocks in which a conditional instruction modifies the PC register (see screenshot)

fcb_cndret basic blocks in ARM binary

Cheers

Carlos Garcia
  • 1,041
  • 1
  • 7
  • 15
1

Conditional returns are found in some instruction set architectures.

For example, the 8085 has instructions which will action a subroutine return if a status flag is set/clear:

RZ   ... return if Z flag set
RC   ... return if C flag set
RNZ  ... return if Z flag clear
...
e-Wolf
  • 11
  • 1