Figure 10- 75 loc_2691f726
The instruction “LDR R5, [SP,#0xA4+var_98]” decides R5. Well, what’s
[SP,#0xA4+var_98]? Do you remember how we’ve solved this kind of problems in section 10.2?
Place the cursor on var_98 and press “x” to view its cross references, as shown in figure 10-76.
Figure 10- 76 Inspect cross references
Double click the first xref to jump to “STR R0, [SP,#0xA4+var_98]”. Around here, R0
comes from [R6 chat]; R6 first appears in the beginning of [CKConversation
sendMessage:onService:newComposition:], it’s “self”; so the receiver of “sendMessage:” is [self
chat]. Back to figure 10-74, we can see the argument of “sendMessage:” is from R6. Go a little
upwards to loc_2691F6F4, R6 is set in “LDR R6, [SP,#0xA4+var_80]”, as shown in figure 10-77.
Figure 10- 77 loc_2691f6f4
What’s next? We’ve performed the same operation just now, so I’ll leave some figures (from