Figure 10- 37 Mark SPs
Then we should go through loc_2903ED6A from its 1st instruction to check how SP
changes here.
“LDR R3, [SP,#0xA8+var_98]” equals to R3 = *(SP1 + 0xA8 + var_98). And var_98 = -
0x98, as shown in figure 10-38.
Figure 10- 38 sub_2903e824
As a result, R3 = *(SP1 + 0x10) and this instruction has no influence on the value of SP.
“MOV R2, R8” has nothing to do with SP; the value of var_A8 in “STR R1,
[SP,#0xA8+var_A8]” is -0xA8, so *SP1 = R1, which doesn’t influence SP too; “MOV R1, R5” has
nothing to do with SP either. These SPs are really confusing for sure, so take a break and let me
summarize it.
Our goal is to find where *(SP2 + 0x14) is written.