feature : implement stack memory access simulation #63
Description
I found a function which starts and ends with :
lea ecx, dword ptr [esp + 4]
and esp, 0xfffffff0
push dword ptr [ecx - 4]
push ebp
mov ebp, esp
push esi
push ebx
push ecx
sub esp, 0xcc
...
mov eax, 0
lea esp, dword ptr [ebp - 0xc]
add esp, 0
pop ecx
pop ebx
pop esi
pop ebp
lea esp, dword ptr [ecx - 4]
ret
The problem here is that the value of esp is pushed and then poped. For this case we should simulate stack memory access.