newlc · November 11, 2017 22:06 · Jun 21, 2012 · Jun 21, 2012 · Jun 21, 2012
diff --git a/get_stack_arg.py b/get_stack_arg.py
@@ -14,7 +14,7 @@ def get_stack_arg(arg, base='ebp'):
             names.append(n)
 
     # The stack offsets can be negative
-    # GetFrame and GetStrucSize do not
+    # GetFrame and GetStrucSize are not
     #-0000000A var_A dw ?
     #+00000000  s db 4 dup(?) ; s is always at 0x0 
     #+00000004  r db 4 dup(?)

diff --git a/get_stack_arg.py b/get_stack_arg.py
@@ -1,4 +1,5 @@
 from idaapi import *
+from idc import *
 
 def get_stack_arg(arg, base='ebp'):
     # find the stack frame

diff --git a/get_stack_arg.py b/get_stack_arg.py
@@ -0,0 +1,32 @@
+from idaapi import *
+
+def get_stack_arg(arg, base='ebp'):
+    # find the stack frame
+    stack = GetFrame(here())
+    size  = GetStrucSize(stack)
+
+    # figure out all of the variable names
+    names = []
+    for i in xrange(size):
+        n = GetMemberName(stack, i)
+        if n and not n in names:
+            names.append(n)
+
+    # The stack offsets can be negative
+    # GetFrame and GetStrucSize do not
+    #-0000000A var_A dw ?
+    #+00000000  s db 4 dup(?) ; s is always at 0x0 
+    #+00000004  r db 4 dup(?)
+    #+00000008 arg_0 dd ?
+    #+0000000C arg_4 dd
+    # there has got too be a better way (hax)
+    if ' s' in names and arg in names:                                                                                                    
+        adjusted = size - (size - GetMemberOffset(stack, ' s'))
+
+        offset = GetMemberOffset(stack, arg) - adjusted
+        if base:
+            return GetRegValue(base) + offset
+        else:
+            return offset
+
+    return -1
No results found