.Is it possible to define a function out of a code block containing emitted bytes?
What I'm running in to is code that does (something like) this:
xor eax,eax
inc eax
jnz after
__emit 0xB8
__emit 0x00
after:
...
IDA's initial interpretation is:
xor eax,eax
inc eax
jnz loc+2
loc: ; some junk interpretation of the emitted bytes
; the first instruction is larger than 2 bytes
; so disassembly after loc is off
I undefine code at 'loc' and define code at the correct jump target (loc+2). I also define the emitted bytes as data.
IDA won't interpret the code block as a function due to "undefined instruction/data" at the location of emitted bytes, however, and I could really use the stack analysis done in functions.
Any advice?
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}