Analysis creates new stack variable despite the offset belongs to a structure on the stack / Ghost stack variable not in the variable list

[xusheng6]

We can see that analysis creates var_210 which appears to be not otherwise initialized before its usage.

lppe is at ebp-0x230, and ebp-0x20c is being var_210:

However, if we look at the stack, we can see it is actually the szExeFile field of struct PROCESSENTRY32W lppe:

Binary: proud wizard dances cheerfully (malware sample, zip passwd infected)

[xusheng6]

Here is another example: quick tiger dances eagerly

When we select var_c and press Y, the change type dialog pops up with the type of the function:

This happens because it cannot find the var var_c in the variable list -- current_function.vars also do not contain var_c, which is quite surprising. The same situation can be observed in the previous binary as well

[xusheng6]

Compare with stable 4.2 we can see that the variable has a void before it, and pressing Y on it works as expected

This is a regression introduced between stable 4.2 and stable 5.0