The current code doesn't store the value at [esp] which in general is the return address (at the beginning of a function).

The attached patch also stores the [esp] value. This allows to easily identify indirect calls e.g. "call cx". these are constructions that IDA will not Xref.

BTW, this patch also changes the behaviour of the dereference storage (no dots but hexadecimal view). I guess the prefered behaviour depends on the application.

Feel free to leave that part out.

Best regards,

Ruud

http://gitorious.org/projects/paimei