Hex Rays
Hex Rays Blog —  State of the art code analysis

Heads and tails

Ero Carrera in his eye-catching blog talks about multi-chunk function related shortcomings in IDA Pro:
This results in that, from the disassembler point of view, one has to allow for those chunks and also for those chunks to be assigned to an arbitrary number of “owning” or parent functions.
If you look at the IDA menus, you will not find a command to assign a tail chunk to several functions.

This is true, a command for that does not exist. However, IDA can take into account that a chunk belongs to several functions at once. If the append_func_tail() function is called with an existing tail area, then the tail will be assigned to the specified function. It will still retain its original parent function. This way we can assign it to as many functions as we want. The original parent function is considered to be the owner of the tail chunk. The owner function has one special property: its stack frame is used to display the stack variables in the tail. It is possible to change the owner at any time by calling the set_tail_owner() function.

There is also a helper class to facilitate enumeration of the tail parents. It is called func_parent_iterator_t and it can be used this way:

func_t *function_tail;
...
func_parent_iterator_t fpi(function_tail);
for ( bool ok=fpi.first(); ok; ok=fpi.next() )
{
  ea_t parent = fpi.parent();
  ...
}
IDA does not automatically assign a tail chunk to several functions. When we implemented the multi-chunk support there were not many applications using this optimization trick, but now it might be the time to consider this improvement.
Go to top of page