The arguments passed to objc_msgSend() on an x86 binary generally
appear to be [ESP] for the recipient and [ESP+4] for the selector.
This throws a brutal monkey wrench into scripts designed to rename
variables to something more sensible where the stack offset changes
part of the way through a subroutine.
Assuming I'm not too worried about porting my IDA scripts to ARM
easily, is it safe to assume that:
[ESP] => Selector
[ESP+4] => Recipient
for all non *_stret msgSend calls?
Anyways, if you're doing anything similar to what I'm doing, just keep
in mind that the function's frame as defined by IDA is the largest
frame, and not necessarily accurate at all portions of the function as
variables come in and out of scope.
</braindump>
| 