Inlined functions and stack variables in IDA Pro

As an optimization, compilers inline functions. In general, this makes reverse engineering a disassembled program more cumbersome. And often times its confusing to novice reverse engineers. Frequently, compilers inline the functions memset and memcpy. Due to this IDA Pro may produce multiple stack variables when in reality there should only be one. In this post I am going to share a script that will help you to automatically modify stack variable sizes and definitions for a function’s stack frame. This will make the disassembled code easier to understand. Moreover, it can improve code decompilation.

Leave a Reply

Your email address will not be published.