State-of-the-art binary code analysis tools
        The value of the stack pointer at the end of the function is different
        from its value at the start of the function. IDA checks for the
        difference only if the function is ended by a "return" instruction.
        The most probable cause is that stack tracing has failed.
        This problem is displayed in the disassembly listing with
        the "sp-analysis failed" comment.
 What to do:
        1. Examine the value of stack pointer at various
           locations of the function and try to find out why the stack tracing
           has failed. Usually, it fails because some called function changed the
           stack pointer (by purging the input parameters, for example)
        2. If you have found the offending function, change its
           attributes (namely, number of bytes purged upon return).
        3. Another way is to specify manually how the stack pointer is
           modified. See Change stack pointer command
Index | Previous topic | Next topic