Action name: EditFunctionHere you can change function bounds, its name and flags. In order to change only the function end address, you can use FunctionEnd command.
If the current address does not belong to any function, IDA beeps.
This command allows you to change the function frame parameters too. You can change sizes of some parts of frame structure.
IDA considers the stack as the following structure:
+------------------------------+
| function arguments |
+------------------------------+
| return address |
+------------------------------+
| saved registers (SI,DI,etc) |
+------------------------------+ <- BP
| local variables |
+------------------------------+ <- SP
For some processors or functions, BP may be equal to SP. In other words, it can
point to the bottom of the stack frame.
You may specify the number of bytes in each part of the stack frame. The size of the return address is calculated by IDA (possibly depending on the far function flag).
"Purged bytes" specifies the number of bytes added to SP upon function return. This value will be used to calculate the SP changes at call sites (used in some calling conventions, such as __stdcall in Windows 32-bit programs.)
"BP based frame" allows IDA to automatically convert [BP+xxx] operands to stack variables.
"BP equal to SP" means that the frame pointer points to the bottom of the stack. It is usually used for the processors which set up the stack frame with EBP and ESP both pointing to the bottom of the frame (for example MC6816, M32R).
If you press <Enter> even without changing any parameter,IDA will reanalyze the function.
Sometimes, EBP points to the middle of the stack frame. FPD (frame pointer delta) is used to handle such situations. FPD is the value substracted from the EBP before accessing variables. An example:
push ebp
lea ebp, [esp-78h]
sub esp, 588h
push ebx
push esi
lea eax, [ebp+74h]
+------------------------------+
| function arguments |
+------------------------------+
| return address |
+------------------------------+
| saved registers (SI,DI,etc) |
+------------------------------+ <- typical BP
| |
| |
| | <- actual BP
| local variables |
| |
| |
| |
+------------------------------+ <- SP
In our example, the saved registers area is empty (since EBP has been initialized
before saving EBX and ESI). The difference between the 'typical BP'
and 'actual BP' is 0x78 and this is the value of FPD.
After specifying FPD=0x78 the last instruction of the example becomes
lea eax, [ebp+78h+var_4]
where var_4 = -4
Most of the time, IDA calculates the FPD value automatically. If it fails, the user can specify the value manually.
If the value of the stack pointer is modified in an unpredictable way, (e.g. "and esp, -16"), then IDA marks the function as "fuzzy-sp".
If this command is invoked for an imported function, then a simplified dialog box will appear on the screen.
See also
Function flags
Make a function
Delete a function
Edit|Functions submenu.