ESP offset masking functionality not working under certain conditions

Open recvfrom opened this issue 7 years ago • 1 comments

When clicking the option to perform ESP Offset masking, no action is performed for the following code block:

C7 04 24 30 75 00 00    mov     [esp+224h+dwMilliseconds], 7530h ; dwMilliseconds
FF 15 AC 10 40 00       call    ds:Sleep

To reproduce, look at address 0x00402422 in 77566850743bac708ce4e05ffa53347870863c015403eea30f7dbd8e7d4b8333

Jun 08 '18 23:06 recvfrom

Ah, it looks like that instruction is equivalent to mov dword ptr [esp], 0x7530, so there's no offset to mask... It'd be cool if the CASC UI could somehow indicate this, since unless you check to see what IDA has defined dwMilliseconds as it isn't obvious that this case is different than something like the following, where masking is needed:

FF 74 24 18       push    [esp+220h+lpParameter] ; lpMem
E8 57 EF FF FF    call    sub_401379

Thoughts?

Jun 08 '18 23:06 recvfrom