0x90.org

[XSO] Argument naming

nummish nummish at 0x90.org
Thu Apr 10 14:57:06 EDT 2008 

On Thu, Apr 10, 2008 at 12:32 PM, itsme <itsme at xs4all.nl> wrote:
> nummish wrote:
>  > What about when the stack offset changes legitimately? It happens all
>  > over the place in Mail.app.
>  can you show some examples of what you mean exactly?
>
>  i have Mail.app  from tiger 10.4.11
>  size:  4101940
>  md5sum: 80a4ad9b8ed6af6efdbdc884f68c0c98

StationaryAnimator.endAnimation for example.

I'm working with Mail.app V3.2 (919/919.2)
MD5 (Mail) = ebd5dd7da7f1853ef3d46fa4a34ddc54

I'll paste part of the IDA dump to save time

__text:001DEB48     endAnimation    proc near               ; DATA
XREF: __inst_meth:002B01B4 o
__text:001DEB48
__text:001DEB48     msgSend_recipient= dword ptr -6Ch
__text:001DEB48     msgSend_selector= dword ptr -68h
__text:001DEB48     var_64          = dword ptr -64h
__text:001DEB48     var_60          = dword ptr -60h

...

__text:001DEB48 000                 push    ebp
__text:001DEB49 004                 mov     ebp, esp
__text:001DEB4B 004                 push    esi
__text:001DEB4C 008                 push    ebx
__text:001DEB4D 00C                 sub     esp, 60h
__text:001DEB50 06C                 mov     esi, [ebp+arg_0]
__text:001DEB53 06C                 mov     eax, ds:off_28769C
__text:001DEB58 06C                 mov     edx, [esi+0Ch]
__text:001DEB5B 06C                 mov     [esp+68h+var_64], eax
__text:001DEB5F 06C                 mov
[esp+68h+msgSend_selector], edx ; Note that this is [esp]
__text:001DEB62 06C                 call    _objc_msgSend   ; a =
[[esi+0Ch] window]
__text:001DEB67 06C                 mov     edx, [esi+10h]

...

__text:001DEC57 06C                 mov     eax, [ebp+var_34]
__text:001DEC5A 06C                 sub     esp, 4
__text:001DEC5D 070                 mov     [ebp+var_24], eax
__text:001DEC60 070                 mov     eax, [ebp+var_30]
__text:001DEC63 070                 mov     [ebp+var_20], eax
__text:001DEC66 070                 mov     eax, [ebp+var_2C]
__text:001DEC69 070                 movss   xmm0, [ebp+var_20]
__text:001DEC6E 070                 mov     [ebp+var_1C], eax
__text:001DEC71 070                 mov     eax, ds:off_28819C
__text:001DEC76 070                 movss   [ebp+var_3C], xmm0
__text:001DEC7B 070                 mov     edx, [esi+0Ch]
__text:001DEC7E 070                 mov     [esp+6Ch+msgSend_recipient], ebx
__text:001DEC81 070                 mov     [esp+8], eax
__text:001DEC85 070                 mov     [esp+6Ch+msgSend_selector], edx
__text:001DEC89 070                 call    _objc_msgSend_stret


.. I wonder if it's because this is a stret call, or if it's just a
bad example. I'll take a look for a better example later tonight.

More information about the XSO mailing list