0x90.org

[XSO] IDA stack delta weirdness

nummish nummish at 0x90.org
Wed Apr 2 19:50:29 EDT 2008 

This is more of an IDA question, but before I go to openrce I figured
I'd check here first. I'm working on a variable traceback function. It
is simplistic and doesn't have delusions of grandeur, so when it sees
the stack pointer has changed, it bails. On going back through the
points where it bails (it conveniently adds a marked position until
all 1024 slots are full) I noticed something strange about the spd.

At 0x0016A282, the stack offset is 0x4C and drops to 0x48 after the
call (technically rises, but let's not be pedantic) but then later to
another call to msgSend at 0x0016A294 it doesn't modify the stack
offset. Is this some IDA weirdness that's correctable/preventable?
Does IDA know something about some unnamed class's superview property?
If so, how can I get these same psychic powers?

__text:0016A26A     sub_16A26A      proc near               ; DATA
XREF: __inst_meth:002A753C
__text:0016A26A
__text:0016A26A     msgSend_recipient= dword ptr -48h
__text:0016A26A     msgSend_selector= dword ptr -44h
__text:0016A26A     var_40          = dword ptr -40h
__text:0016A26A     var_3C          = dword ptr -3Ch
__text:0016A26A     var_2C          = dword ptr -2Ch
__text:0016A26A     var_28          = byte ptr -28h
__text:0016A26A     var_1C          = dword ptr -1Ch
__text:0016A26A     var_C           = dword ptr -0Ch
__text:0016A26A     arg_0           = dword ptr  8
__text:0016A26A
__text:0016A26A 000                 push    ebp
__text:0016A26B 004                 mov     ebp, esp
__text:0016A26D 004                 sub     esp, 48h
__text:0016A270 04C                 mov     eax, [ebp+arg_0]
__text:0016A273 04C                 mov     edx, [eax+8]
__text:0016A276 04C                 mov     eax, ds:off_2878C8
__text:0016A27B 04C                 mov     [esp+48h+msgSend_recipient], edx
__text:0016A27E 04C                 mov     [esp+48h+msgSend_selector], eax
__text:0016A282 04C                 call    _objc_msgSend   ; [[eax+8]
superview]
__text:0016A287 048                 mov     edx, ds:off_2878C8
__text:0016A28D 048                 mov     [esp+44h+var_40], edx
__text:0016A291 048                 mov     [esp+44h+msgSend_selector], eax
__text:0016A294 048                 call    _objc_msgSend
__text:0016A299 048                 mov     edx, ds:off_28819C
__text:0016A29F 048                 lea     ecx, [ebp+var_28]
__text:0016A2A2 048                 mov     [esp+44h+msgSend_selector], ecx
__text:0016A2A5 048                 mov     [esp+44h+var_3C], edx
__text:0016A2A9 048                 mov     [esp+44h+var_40], eax
__text:0016A2AD 048                 call    _objc_msgSend_stret
__text:0016A2B2 048                 mov     eax, [ebp+var_1C]
__text:0016A2B5 048                 mov     [ebp+var_C], eax
__text:0016A2B8 048                 movss   xmm0, [ebp+var_C]
__text:0016A2BD 048                 sub     esp, 4
__text:0016A2C0 04C                 subss   xmm0, ds:dword_26CAC0
__text:0016A2C8 04C                 movss   [ebp+var_2C], xmm0
__text:0016A2CD 04C                 fld     [ebp+var_2C]
__text:0016A2D0 04C                 leave
__text:0016A2D1 000                 retn
__text:0016A2D1     sub_16A26A      endp

More information about the XSO mailing list