FUNCTION CHUNKs

[Git]

I notice sometimes when disassembling with IDA that sometimes a function is spead all over the place in FUNCTION CHUNKs. Is this an artifact of IDA or do some linkers really spread a function/procedure over many places?. I like to make things clear by using local labels and this makes it impossible. Is it maybe a result of languages that allow local procedures?

Git

if you are familiar with c/c++, you may notice the macro way of optimization sometimes should duplicate the same chunk of code for a function, like strlen() or something rather simple; a popular macro style "function" called from many places in your code may also produce such "chunks".

some people like to "#include" c/c++ source code into their parent files to build something, so that it also generates many "chunks" of function dups.

how do you call a function from outside if it is static ? i am afraid these static functions might also become "chunk" if they are linked from different object modules.

Quote:

Originally Posted by Git

I notice sometimes when disassembling with IDA that sometimes a function is spead all over the place in FUNCTION CHUNKs. Is this an artifact of IDA or do some linkers really spread a function/procedure over many places?. I like to make things clear by using local labels and this makes it impossible. Is it maybe a result of languages that allow local procedures?

Git

shyokou: this is not exactly what Git was refering to. IDA introduced that feature because some compilers (optimization?) break a single function into several chunks and do not place them in a contiguous area. Sometimes these chunks are re-used by more than one function.

It is a function of IDA to actually recognize the chunks - earlier versions did not - but it is the compiler/linker that actually generates code that way. Look at most of Windows' DLL (kernel32, ntdll, ...) for live examples.

do you really think it is true? i dont think it is a way of optimization for compiler to break a single function into chunks, even though the chunks may be re-used by other function(s). anyhow, i do think it is a way of assembly level re-organization or something like multi-morph.

Quote:

Originally Posted by doug

shyokou: this is not exactly what Git was refering to. IDA introduced that feature because some compilers (optimization?) break a single function into several chunks and do not place them in a contiguous area. Sometimes these chunks are re-used by more than one function.

i admit i have read the sources for neither kernel32 nor ntdll, so i am sure if the chunks you refer to are generated by compiler; are they in fact assembly chunks intended ?

Quote:

Originally Posted by doug

It is a function of IDA to actually recognize the chunks - earlier versions did not - but it is the compiler/linker that actually generates code that way. Look at most of Windows' DLL (kernel32, ntdll, ...) for live examples.

[Git]

Either way, it seems the damned things are real, not a figment of IDAs imagination. Thanks chaps.

Git