Usually via the graph mode we can clearly see what and how the subroutine did,however lucky is not all the time with us,u may get an error message like above.
This error is mostly caused by fallow reasons:
1. there are to much nods that ida can’t change to graph mod,now here is no solution to fix this error
2.the current cursor pos is at a position that ida can’t recognize them as functions
3. a sp-anylized failure happened .
if the error is caused by the 2nd reason ,u can fallow these steps to fix this error:
to fix this error just select the function header,most time it is just like this(64bit):
1 2 3 4 5 6 7
.text:000000000049BA80 push rbp .text:000000000049BA81 mov rbp, rsp .text:000000000049BA84 sub rsp, 50h .text:000000000049BA88 mov [rbp+var_8], rbx .text:000000000049BA8C mov rbx, r8 .text:000000000049BA8F cmp cs:byte_9B1210, 0 .text:000000000049BA96 jz loc_49BB
right click choose Create functions,like fallows :
then the ida will auto anylize the code and make it a new function from current cusor pos to the end (witch ida think it is the end ,not u 😉 )
after the ida change the codes into function ,it will be appeared as this:
in this picture the red lines is still not recognized by the ida,if these codes are useful u have to fix them too.
then u can press the space button to view the code in graph mode.
now it is much better!lol
well ,ida is not Reliable all over the time ,sometimes it will lost.ended a function at the wrong line,at this time u have to fix the error urself by Edit function features that the ida provided :
if it not works ,u can uncheck the BP based frame check box.also if there are too much errors u have to change the process options when u load file .
that’s all.hope it useful to u.
原创文章，转载请注明： 转载自 obaby@mars