求助高手，我在IDAPRO函数堆栈窗口中删除了r和s，应该怎么恢复？

楼主^#

更多发布于：2009-12-27 11:12

我在IDAPRO函数堆栈窗口中删除了r和s，应该怎么恢复？
原来的栈是这样的，
-00000034 ; Ins/Del : create/delete structure
-00000034 ; D/A/* : create structure member (data/ascii/array)
-00000034 ; N : rename structure or structure member
-00000034 ; U : delete structure member
-00000034 ; Use data definition commands to create local variables and function arguments.
-00000034 ; Two special fields " r" and " s" represent return address and saved registers.
-00000034 ; Frame size: 34; Saved regs: 4; Purge: 10
-00000034 ;
-00000034
-00000034 db ? ; undefined
-00000033 db ? ; undefined
-00000032 db ? ; undefined
-00000031 db ? ; undefined
-00000030 db ? ; undefined
-0000002F db ? ; undefined
-0000002E db ? ; undefined
-0000002D db ? ; undefined
-0000002C db ? ; undefined
-0000002B db ? ; undefined
-0000002A db ? ; undefined
-00000029 db ? ; undefined
-00000028 var_28 dd ?
-00000024 var_24 dd ?
-00000020 var_20 dd ?
-0000001C var_1C dd ?
-00000018 var_18 db ?
-00000017 var_17 db ?
-00000016 db ? ; undefined
-00000015 db ? ; undefined
-00000014 db ? ; undefined
-00000013 db ? ; undefined
-00000012 db ? ; undefined
-00000011 db ? ; undefined
-00000010 db ? ; undefined
-0000000F db ? ; undefined
-0000000E db ? ; undefined
-0000000D db ? ; undefined
-0000000C db ? ; undefined
-0000000B db ? ; undefined
-0000000A db ? ; undefined
-00000009 db ? ; undefined
-00000008 db ? ; undefined
-00000007 db ? ; undefined
-00000006 db ? ; undefined
-00000005 db ? ; undefined
-00000004 var_4 dd ?
+00000000 s db 4 dup(?)
+00000004 r db 4 dup(?)
+00000008 arg_0 dd ?
+0000000C db ? ; undefined
+0000000D db ? ; undefined
+0000000E db ? ; undefined
+0000000F db ? ; undefined
+00000010 arg_8 dd ?
+00000014 arg_C dd ?
+00000018
+00000018 ; end of stack variables

我做了一些操作，把var_18指定为字符串数组，设置大小一类的，
还在变量上按d转换数据类型，

结果，先是s被冲掉了，一慌张，r也被冲掉了，

现在F5后显示
   Decompilation failure:
   FFFFFFFF: function frame is wrong

   Please refer to the manual to find appropriate actions

重新给0和4地址赋名字也不管用，
应该怎么调呀，

alt+k调SP，赋值0，也不行。

目前堆栈区如下，
------------------------------------------

-00000034 ; Ins/Del : create/delete structure
-00000034 ; D/A/* : create structure member (data/ascii/array)
-00000034 ; N : rename structure or structure member
-00000034 ; U : delete structure member
-00000034 ; Use data definition commands to create local variables and function arguments.
-00000034 ; Two special fields " r" and " s" represent return address and saved registers.
-00000034 ; Frame size: 34; Saved regs: 4; Purge: 10
-00000034 ;
-00000034
-00000034 db ? ; undefined
-00000033 db ? ; undefined
-00000032 db ? ; undefined
-00000031 db ? ; undefined
-00000030 db ? ; undefined
-0000002F db ? ; undefined
-0000002E db ? ; undefined
-0000002D db ? ; undefined
-0000002C db ? ; undefined
-0000002B db ? ; undefined
-0000002A db ? ; undefined
-00000029 db ? ; undefined
-00000028 db ? ; undefined
-00000027 db ? ; undefined
-00000026 db ? ; undefined
-00000025 db ? ; undefined
-00000024 db ? ; undefined
-00000023 db ? ; undefined
-00000022 db ? ; undefined
-00000021 db ? ; undefined
-00000020 db ? ; undefined
-0000001F db ? ; undefined
-0000001E db ? ; undefined
-0000001D db ? ; undefined
-0000001C db ? ; undefined
-0000001B db ? ; undefined
-0000001A db ? ; undefined
-00000019 db ? ; undefined
-00000018 db ? ; undefined
-00000017 db ? ; undefined
-00000016 db ? ; undefined
-00000015 db ? ; undefined
-00000014 db ? ; undefined
-00000013 db ? ; undefined
-00000012 db ? ; undefined
-00000011 db ? ; undefined
-00000010 db ? ; undefined
-0000000F db ? ; undefined
-0000000E db ? ; undefined
-0000000D db ? ; undefined
-0000000C db ? ; undefined
-0000000B db ? ; undefined
-0000000A db ? ; undefined
-00000009 db ? ; undefined
-00000008 db ? ; undefined
-00000007 db ? ; undefined
-00000006 db ? ; undefined
-00000005 db ? ; undefined
-00000004 db ? ; undefined
-00000003 db ? ; undefined
-00000002 db ? ; undefined
-00000001 db ? ; undefined
+00000000 db ? ; undefined
+00000001 db ? ; undefined
+00000002 db ? ; undefined
+00000003 db ? ; undefined
+00000004 db ? ; undefined
+00000005 db ? ; undefined
+00000006 db ? ; undefined
+00000007 db ? ; undefined
+00000008 arg_0 dd ?
+0000000C db ? ; undefined
+0000000D db ? ; undefined
+0000000E db ? ; undefined
+0000000F db ? ; undefined
+00000010 arg_8 dd ?
+00000014 arg_C dd ?
+00000018
+00000018 ; end of stack variables

求助高手，

喜欢0

taiji78 驱动牛犊注册日期2009-12-08 最后登录2012-08-16 粉丝0 关注0 积分32分威望261点贡献值0点好评度0点原创分0分专家分0分加关注写私信	沙发^# 发布于：2009-12-27 11:48 哈哈，自己解决啦！记录在这里吧， alt+p,frame point delta=0, ok，这样就有r了， F5，说sp不对。 alt+k，显示出SP，注意现在是多少，再打开以前的IDAPRO文件定位到同一个函数，看SP，算出差值，设置上就有啦！
	回复(0) 喜欢(0)

您需要登录后才可以回帖，登录或者注册

求助高手，我在IDAPRO函数堆栈窗口中删除了r和s，应该怎么恢复？

最新喜欢：