why function use and def show different parameter number?

[baikaishiuc]

sub11636 have 4 arguments when invoke it, but in definitions only 2 arguments.

how can I make him the same?

[rssor]

This can happen for a variety of reasons but is usually a result of analysis having low confidence in function parameters (indicated by the grey color on the types) identified during analysis.

If you change the function type and confirm it with the current prototype the confidence will be promoted, at which point call sites will generally adhere more rigorously to the callee type, barring situations such as variadic args or call type overrides.

There are a few other situations that can also trigger this behavior, such as analysis losing track of the stack pointer and being unable to translate calls correctly (look for call IL instructions with a _UNTYPED suffix on call_instr.operation).

[baikaishiuc]

I try 2 different approach

1. not work, jump to function definition, press Y change function prototype, then back to caller, it not updated auto, But this way is work in IDA
2. work, right mouse click function call, "Override function Type..". But i need change a dozen of place call this function one by one

ok, approach 2 seems almost work .

Thank you for your reply.

[rssor]

Can you confirm that the MLIL call instructions are MLIL_CALL and not MLIL_CALL_UNTYPED? (e.g., current_mlil[call_instr_idx].operation, pulling the call_instr_idx from mlil view with showing addresses enabled).

[baikaishiuc]

call_instr_idx not work in my BN, so I use number instead.

it seems all is MLIL_CALL

[rssor]

As a follow-up, I just now noticed your version number. If this is an arm/thumb binary there were some major fixes that landed for that just after the last stable. Any dev build after June 1 or so should have had the fix for that issue.