feature : implement stack memory access simulation

plasma-disassembler / plasma

Plasma is an interactive disassembler for x86/ARM/MIPS. It can generates indented pseudo-code with colored syntax.

GNU General Public License v3.0

3.05k stars 275 forks source link

feature : implement stack memory access simulation #63

Open ghost opened 8 years ago

ghost commented 8 years ago

I found a function which starts and ends with :

lea ecx, dword ptr [esp + 4]                                   
and esp, 0xfffffff0
push dword ptr [ecx - 4]
push ebp
mov ebp, esp
push esi
push ebx
push ecx
sub esp, 0xcc
...
mov eax, 0
lea esp, dword ptr [ebp - 0xc]
add esp, 0                                                     
pop ecx
pop ebx
pop esi
pop ebp
lea esp, dword ptr [ecx - 4]
ret

The problem here is that the value of esp is pushed and then poped. For this case we should simulate stack memory access.