I've been messing around with a program in Ghidra, and I came across these four lines of code. I found something about CONCAT11 meaning a concatenation between two one-byte operands, but I don't understand what part of the input user_input._2_1_
and (undefined)user_input
represent.
The code in C:
read(0,&user_input,5);
uVar1 = user_input;
uVar2 = user_input._1_1_;
local_16._0_2_ = CONCAT11(user_input._2_1_,(undefined)user_input);
CONCAT11(x, y)
Performs
( ((uint16_t)x) << 8 ) | (uint8_t)y
on bytesx
andy
.user_input._2_1_
user_input
is a variable. That fact that you can use the.
operator on it makes it a some kind of structure._2_1_
would be one of its fields. Obviously, it's a generated name. I presume the two numbers are an offset and a size. So it would be a one byte field found at the third byte of the structure.(undefined)user_input
I don't think this is valid code.
We know that
CONCAT11
will be provided a byte. So(undefined)user_input
must refer to an operation that reads a byte. This byte must surely be the first byte ofuser_input
. So that would make it a reference touser_input._0_1_
.Well, it could be the first byte of a multi-byte field (
*(char*)&user_input._0_?_
), but that seems unlikely.I think
(undefined)
is used because of the lack of information needed to resolve this ambiguity.This is all guesswork.