nummish wrote:
>
> mov [esp+3C218h+var_3C214], arg2
> mov [esp+3C218h+var_3C218], arg1
> call function
>
> I'm sure you've seen this all over the place, as this is how
this construction is quite common in ARM binaries, what i do there, is
rename
the top stack vars to arg4, arg5, arg6, etc.. ( with ARM R0..R3 are
always the first 4 parameters )
register argument passing also is used quite often with objective-C code.
hex-rays will discover this automatically.
> What ended up happening is that in some functions the
> stack offset changed part way through the function, causing the names
> to be off about half the time.
a better solution would be to fix the sp-difference ( alt-k )
on the function calls which ida missed that change the ESP value.
usually these are calls to a function ptr ( for instance virtual method
calls )
where the called function ends with 'retn <number>'.
> note: GetSpd() gives you the stack offset. It's not easy to google for
> if you didn't know that offhand.
google? why not search path-to-ida\idc\idc.idc ?
that is where it is documented.
willem
| 