IDA decompilation failure:positive sp value has been found

2024-03-05 13:12:12

原文地址:http://pluie.top/2020/06/30/IDA-positive-sp-value-has-been-found/

0x00 问题

最近在用IDA逆向程序时遇到了F5不能反编译的情况
IDA decompilation failure:positive sp value has been found

0x01 原因

一般是程序有一些干扰代码,让IDA的反汇编分析出现错误。比如用push + n条指令 + retn来实现跳转,而IDA会以为retn是函数要结束,结果它分析后发现调用栈不平衡,因此就提示decompilation failure

0x02 解决办法

在反汇编窗口该函数的结束位置找到红色部分IDA decompilation failure:positive sp value has been found

勾选Options -> General -> Stack pointerIDA decompilation failure:positive sp value has been found

可以看到左边显示了栈指针,接着在数值为负的上一行(08048A9B)鼠标右键,选择Change stack pointer(快捷键alt+k),输入第一个数值为负的数值,再按F5就可以了

IDA decompilation failure:positive sp value has been found

上一篇:Error: Flash Download failed - Target DLL has been cancelled


下一篇:批量插入与分页器