Callee Plugin Missing Some Arguments?

mandiant / flare-ida

IDA Pro utilities from FLARE team

Apache License 2.0

2.24k stars 464 forks source link

Callee Plugin Missing Some Arguments? #45

Closed keithjjones closed 7 years ago

keithjjones commented 7 years ago

I noticed this using the Callee plugin today:

The push 1Ch isn't identified as the third argument to the function. Is it perhaps an issue with the lea between the instructions?

I applied the VirtualQuery signature by selecting the call, pressing Alt-J, and using the global function VirtualQuery.

jhsmith commented 7 years ago

There is already a comment for line 414129 ("size of buffer on stack") on the line with the jump target label "loc_414129". So deleting that manual comment will likely allow IDA's stack argument label to be seen. I'm not sure if you'll need to manually re-run the apply callee type plugin again to force it to appear.

keithjjones commented 7 years ago

Oh good point, I didn't notice that. Thanks!

(You do have to run it again, but that's no big deal.)