IDA - positive sp value has been found error
We have a DLL which we have lost the source for so I am trying to figure out how it works via IDA Dissembler. However there seems to be function that I can't access because I get the following error:
Decompilation failure:
46AFAF: positive sp value has been found
Looking on the IDA website it has this to say:
The stack pointer at the specified address is higher than the initial stack pointer.
Functions behaving so strangely can not be decompiled. If you see that the stack
pointer values are incorrect, modify them with the Alt-K (Edit, Functions, Change
stack pointer) command in IDA.
http://www.hex-rays.com/products/decompiler/manual/failures.shtml#04
Since I am new to the whole Dissembling scene is anyone able to provide more information on what causes the stack pointer to be higher than the initial stack pointer and whether this is fixable. Thanks for your time
Answer
This usually happens when a function has multiple returns, and ida did not catch this. The solution is to use alt-k to change the stackpointer offset back to the desired value.
An example with ARM code:
.text:00012A10 MOV R0, #1 ; -0xd0 + 0
.text:00012A14 ADD SP, SP, #0xC8 ; -0xd0 + 0xc8
.text:00012A18 LDMFD SP!, {R4,PC} ; -0x08 - 0xc8 <<< modified
.text:00012A1C ; ---------------------------------------------------------------------------
.text:00012A1C
.text:00012A1C loc_12A1C ; CODE XREF: sub_129E4+20j
.text:00012A1C MOV R3, #0 ; -0xd0 + 0
In the comments i wrote the alt-k values. At 0x12A18 the sp offset was readjusted back to -0xd0