all InfoSec news
Igor’s Tip of the Week #151: Fixing “function frame is wrong”
Malware Analysis, News and Indicators - Latest topics malware.news
Previously, we’ve run into a function which produces a cryptic error if you try to decompile it:
In such situations, you need to go back to disassembly to see what could be wrong. More specifically, check the stack frame layout by double-clicking a stack variable or pressing Ctrl–K.
On the first glance it looks normal:
However, if you compare with another function which decompiles fine, you may notice some notable differences:
This frame has two members which are mentioned …
back check clicking disassembly error function layout malware analysis run stack variable week