x86's mov [reg*8+const] does not use LLIL_CONST_POINTER if the const is a symbol #3830
Description
Version and Platform (required):
- Binary Ninja Version: 3.3.4008-dev
- OS: macOS
- OS Version: 12.4
- CPU Architecture: M1
Bug Description:
When a pointer is loaded at an offset using mov rax, qword [rax*8+0x603120], the lifted expr for the constant is an LLIL_CONST (non _POINTER) even if a symbol exists at that constant (also even if that symbol type is an array). LLIL's renderer displays the const token as the symbol, but higher ILs do not treat it as a pointer or lookup the symbol.
Steps To Reproduce:
Please provide all steps required to reproduce the behavior:
- Open the attached: shmoocon2023.bndb.zip
- Navigate to 0x401800
- Observe offset load from 0x603120, which is rendered in LLIL as
&colors - Run
current_il_instruction.src.src.right.operation - Observe operation of that pointer is
<LowLevelILOperation.LLIL_CONST: 16> - Change to MLIL/HLIL
- Observe pointer no longer references the symbol and is just treated as a big constant
Expected Behavior:
I expected the constant expr to be of a const pointer type, considering there is a valid symbol at its value and it is being used in a dereference.
Screenshots:
Additional Information:
Similar to #3717 which also has issues with this [reg*n+const] addressing mode.