Edit Function

 Action    name: EditFunction
 
Here you can change function bounds, its name and flags. In order to change function end address you could use FunctionEnd command.

If the current address does not belong to any function, IDA beeps.

This command allows you to change the function frame parameters too. You can change the size of some parts of frame structure.

IDA considers the stack as the following structure:

      +------------------------------+
      | function arguments           |
      +------------------------------+
      | return address               |
      +------------------------------+
      | saved registers (SI,DI,etc)  |
      +------------------------------+  <- BP
      | local variables              |
      +------------------------------+  <- SP
For some processors or functions, BP may be equal to SP. In other words, it can point to the bottom of the stack frame.

You may specify the number of bytes in each part of the stack frame. The size of the return address is calculated by IDA itself.

"BP based frame" allows IDA to automatically convert [BP+xxx] operands to stack variables.

"BP equal to SP" means that the frame pointer points to the bottom of the stack. It is usually used for the processors who set up the stack frame with EBP and ESP both pointing to the bottom of the frame (currently MC6816, M32R).

If you press <Enter> even without changing any parameter,IDA will reanalyze the function.

Sometimes, EBP points to the middle of the stack frame. FPD (frame pointer delta) is used to handle such situations. FPD is the value substracted from the EBP before accessing variables. An example:

           push    ebp
           lea     ebp, [esp-78h]
           sub     esp, 588h
           push    ebx
           push    esi
           lea     eax, [ebp+74h]
      +------------------------------+
      | function arguments           |
      +------------------------------+
      | return address               |
      +------------------------------+
      | saved registers (SI,DI,etc)  |
      +------------------------------+  <- typical BP
      |                              |
      |                              |
      |                              |  <- real BP
      | local variables              |
      |                              |
      |                              |
      |                              |
      +------------------------------+  <- SP
In our example, the saved registers area is empty (since EBP has been immediately initialized before saving EBX and ESI). The difference between the 'typical BP' and 'real BP' is 0x78 and this is the value of FPD.

After specifying FPD=0x78 the last instruction of the example becomes

           lea     eax, [ebp+78h+var_4]
where var_4 = -4

Most of the time, IDA calculates the FPD value automatically. If it fails, the user can specify the value manually.

If this command is invoked for an imported function, then a simplified dialog box will appear on the screen.

See also

         Edit|Functions submenu.
         Make a function
         Delete a function
Index | Previous topic | Next topic