Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   FUNCTION CHUNKs (https://forum.exetools.com/showthread.php?t=8038)

Git 08-30-2005 06:48
FUNCTION CHUNKs
 
I notice sometimes when disassembling with IDA that sometimes a function is spead all over the place in FUNCTION CHUNKs. Is this an artifact of IDA or do some linkers really spread a function/procedure over many places?. I like to make things clear by using local labels and this makes it impossible. Is it maybe a result of languages that allow local procedures?

Git

shyokou 09-03-2005 22:52
It may depend ...
 
if you are familiar with c/c++, you may notice the macro way of optimization sometimes should duplicate the same chunk of code for a function, like strlen() or something rather simple; a popular macro style "function" called from many places in your code may also produce such "chunks".

some people like to "#include" c/c++ source code into their parent files to build something, so that it also generates many "chunks" of function dups.

how do you call a function from outside if it is static ? i am afraid these static functions might also become "chunk" if they are linked from different object modules.

Quote:
Originally Posted by Git
I notice sometimes when disassembling with IDA that sometimes a function is spead all over the place in FUNCTION CHUNKs. Is this an artifact of IDA or do some linkers really spread a function/procedure over many places?. I like to make things clear by using local labels and this makes it impossible. Is it maybe a result of languages that allow local procedures?

Git

doug 09-07-2005 04:43
shyokou: this is not exactly what Git was refering to. IDA introduced that feature because some compilers (optimization?) break a single function into several chunks and do not place them in a contiguous area. Sometimes these chunks are re-used by more than one function.

It is a function of IDA to actually recognize the chunks - earlier versions did not - but it is the compiler/linker that actually generates code that way. Look at most of Windows' DLL (kernel32, ntdll, ...) for live examples.

shyokou 09-07-2005 14:46
really ?
 
do you really think it is true? i dont think it is a way of optimization for compiler to break a single function into chunks, even though the chunks may be re-used by other function(s). anyhow, i do think it is a way of assembly level re-organization or something like multi-morph.

Quote:
Originally Posted by doug
shyokou: this is not exactly what Git was refering to. IDA introduced that feature because some compilers (optimization?) break a single function into several chunks and do not place them in a contiguous area. Sometimes these chunks are re-used by more than one function.
i admit i have read the sources for neither kernel32 nor ntdll, so i am sure if the chunks you refer to are generated by compiler; are they in fact assembly chunks intended ?

Quote:
Originally Posted by doug
It is a function of IDA to actually recognize the chunks - earlier versions did not - but it is the compiler/linker that actually generates code that way. Look at most of Windows' DLL (kernel32, ntdll, ...) for live examples.

Git 09-07-2005 19:35
Either way, it seems the damned things are real, not a figment of IDAs imagination. Thanks chaps.

Git


All times are GMT +8. The time now is 16:25.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX