+static void gen_hdr(const char *funcn, int opcnt)
+{
+ int save_arg_vars[MAX_ARG_GRP] = { 0, };
+ unsigned char cbits[MAX_OPS / 8];
+ const struct parsed_proto *pp_c;
+ struct parsed_proto *pp;
+ struct func_prototype *fp;
+ struct parsed_op *po;
+ int regmask_dummy = 0;
+ int regmask_dep;
+ int max_bp_offset = 0;
+ int has_ret;
+ int i, j, l;
+ int ret;
+
+ pp_c = proto_parse(g_fhdr, funcn, 1);
+ if (pp_c != NULL)
+ // already in seed, will add to hg_fp later
+ return;
+
+ fp = hg_fp_add(funcn);
+
+ g_bp_frame = g_sp_frame = g_stack_fsz = 0;
+ g_stack_frame_used = 0;
+
+ // pass1:
+ // - resolve all branches
+ // - parse calls with labels
+ resolve_branches_parse_calls(opcnt);
+
+ // pass2:
+ // - handle ebp/esp frame, remove ops related to it
+ scan_prologue_epilogue(opcnt);
+
+ // pass3:
+ // - remove dead labels
+ // - collect calls
+ for (i = 0; i < opcnt; i++)
+ {
+ if (g_labels[i] != NULL && g_label_refs[i].i == -1) {
+ free(g_labels[i]);
+ g_labels[i] = NULL;
+ }
+
+ po = &ops[i];
+ if (po->flags & (OPF_RMD|OPF_DONE))
+ continue;
+
+ if (po->op == OP_CALL) {
+ if (po->operand[0].type == OPT_LABEL)
+ hg_fp_add_dep(fp, opr_name(po, 0));
+ else if (po->pp != NULL)
+ hg_fp_add_dep(fp, po->pp->name);
+ }
+ }
+
+ // pass4:
+ // - remove dead labels
+ // - handle push <const>/pop pairs
+ for (i = 0; i < opcnt; i++)
+ {
+ if (g_labels[i] != NULL && g_label_refs[i].i == -1) {
+ free(g_labels[i]);
+ g_labels[i] = NULL;
+ }
+
+ po = &ops[i];
+ if (po->flags & (OPF_RMD|OPF_DONE))
+ continue;
+
+ if (po->op == OP_PUSH && po->operand[0].type == OPT_CONST)
+ scan_for_pop_const(i, opcnt, ®mask_dummy);
+ }
+
+ // pass5:
+ // - process trivial calls
+ for (i = 0; i < opcnt; i++)
+ {
+ po = &ops[i];
+ if (po->flags & (OPF_RMD|OPF_DONE))
+ continue;
+
+ if (po->op == OP_CALL)
+ {
+ pp = process_call_early(i, opcnt, &j);
+ if (pp != NULL) {
+ if (!(po->flags & OPF_ATAIL))
+ // since we know the args, try to collect them
+ if (collect_call_args_early(po, i, pp, ®mask_dummy) != 0)
+ pp = NULL;
+ }
+
+ if (pp != NULL) {
+ if (j >= 0) {
+ // commit esp adjust
+ if (ops[j].op != OP_POP)
+ patch_esp_adjust(&ops[j], pp->argc_stack * 4);
+ else {
+ for (l = 0; l < pp->argc_stack; l++)
+ ops[j + l].flags |= OPF_DONE | OPF_RMD;
+ }
+ }
+
+ po->flags |= OPF_DONE;
+ }
+ }
+ }
+
+ // pass6:
+ // - track saved regs (simple)
+ // - process calls
+ for (i = 0; i < opcnt; i++)
+ {
+ po = &ops[i];
+ if (po->flags & (OPF_RMD|OPF_DONE))
+ continue;
+
+ if (po->op == OP_PUSH && po->operand[0].type == OPT_REG)
+ {
+ ret = scan_for_pop_ret(i + 1, opcnt, po->operand[0].name, 0);
+ if (ret == 0) {
+ // regmask_save |= 1 << po->operand[0].reg; // do it later
+ po->flags |= OPF_RSAVE | OPF_RMD | OPF_DONE;
+ scan_for_pop_ret(i + 1, opcnt, po->operand[0].name, OPF_RMD);
+ }
+ }
+ else if (po->op == OP_CALL && !(po->flags & OPF_DONE))
+ {
+ pp = process_call(i, opcnt);
+
+ if (!pp->is_unresolved && !(po->flags & OPF_ATAIL)) {
+ // since we know the args, collect them
+ ret = collect_call_args(po, i, pp, ®mask_dummy, save_arg_vars,
+ i + opcnt * 1);
+ }
+ }
+ }
+
+ // pass7
+ memset(cbits, 0, sizeof(cbits));
+ regmask_dep = 0;
+ has_ret = -1;
+
+ gen_hdr_dep_pass(0, opcnt, cbits, fp, 0, 0, ®mask_dep, &has_ret);
+
+ // find unreachable code - must be fixed in IDA
+ for (i = 0; i < opcnt; i++)
+ {
+ if (cbits[i >> 3] & (1 << (i & 7)))
+ continue;
+
+ if (g_labels[i] == NULL && i > 0 && ops[i - 1].op == OP_CALL
+ && ops[i - 1].pp != NULL && ops[i - 1].pp->is_osinc)
+ {
+ // the compiler sometimes still generates code after
+ // noreturn OS functions
+ break;
+ }
+ if (ops[i].op != OP_NOP)
+ ferr(&ops[i], "unreachable code\n");
+ }