<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 70.85pt 2.0cm 70.85pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="DE" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span lang="EN-US">Hi,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">during a reverse engineering challenge I used clang/llvm optimizations to minimiz some code and I found some strange behavior that I can’t reproduce with GCC or CL (visual studio compiler).
<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">The C code function contains some code that operates on a data array and an supplied password from ARGV. The compiled binary works as long as I don’t activate any optimizations. When I activate the optimization (>= -O1)
then the code will be optimized into some constants which sounds great at the beginning but this is not right. I can reproduce this with clang 3.9 and 4.0. GCC 5.4 and VS CL >=2015 do not show this behavior.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">.text:0000000000400570 ; __int64 __fastcall DecryptBlock(unsigned __int8 *)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">.text:0000000000400570 public DecryptBlock(unsigned char *)<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">.text:0000000000400570 DecryptBlock(unsigned char *) proc near ; CODE XREF: main+5p<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">.text:0000000000400570 mov cs:byte_60106F, 54h<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">.text:0000000000400577 mov cs:byte_60106E, 0CDh<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">.text:000000000040057E mov cs:byte_60106D, 0BFh<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">.text:0000000000400585 mov cs:byte_60106C, 1Bh<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">.text:000000000040058C mov cs:byte_60106B, 0E4h<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">.text:0000000000400593 mov cs:byte_60106A, 28h<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">.text:000000000040059A mov cs:byte_601069, 56h<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">.text:00000000004005A1 mov cs:byte_601068, 0ACh<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">.text:00000000004005A8 mov rax, 0F61EA263E1103088h<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">.text:00000000004005B2 mov cs:Plaintext, rax<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">.text:00000000004005B9 retn<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">.text:00000000004005B9 DecryptBlock(unsigned char *) endp<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Any idea if this is a bug or why clang does show this behavior ?<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Thanks,<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">Peter Garba<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="EN-US">I’ve attached the sample code to the mail. Please ignore the comments and the style of the code ;)
<o:p></o:p></span></p>
</div>
<hr>
<span lang="EN-US" style="font-style:italic;font-size:10.0pt;font-family:
"Arial","sans-serif";color:maroon;mso-ansi-language:EN-US">This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized
use or disclosure, either whole or partial, is prohibited.<br>
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.<br>
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.</span>
</body>
</html>