---
address: 0x824F8398
classification: normal_callee
confidence: high
last_audit: 064
aliases:
  - "AUDIT-058 caller-ladder fn #4 (tiny adapter, 20 insns)"
---

# sub_824F8398 — 20-insn adapter to sub_824F7CD0

## Synopsis

Tiny 20-insn normal-callee adapter. Zeros a stack buffer (`std r9, 0(r11)` × 10 unrolled via `bdnz`), sets `[r1+80]=1` and `[r1+112]=r8` (its r4 argument), then calls `sub_824F7CD0` with `r3` passed through and `r4=&stack_buf+80`. Essentially a 2-arg→1-arg adapter that constructs a 36-byte stack-record before dispatching. AUDIT-064 verified canary fires 1× at ~60s wallclock; ours fires 0×.

## Evidence

- Disasm: `mflr r12; stw r12, -8(r1); stwu r1, -160(r1); mr r8, r4; addi r11, r1, 80; li r9, 0; li r10, 9; mtctr r10; std r9, 0(r11); addi r11, r11, 8; bdnz 0x824F83B8; li r11, 1; stw r8, 112(r1); addi r4, r1, 80; stw r11, 80(r1); bl 0x824F7CD0; addi r1, r1, 160; lwz r12, -8(r1); mtlr r12; blr` — clear normal-callee, no EH.
- Function size: 80 bytes / 20 insns. `has_eh=False`.
- Static caller xref: 1 — `bl` from PC `0x821B5B5C` inside [sub_821B55D8](sub_821B55D8.md).
- Stack buffer at `[r1+80]..[r1+112]` is 36 bytes (9 × 8-byte zero + first u32=1 + last u32=r8).
- AUDIT-064 canary 60s probe: fires 1× with `lr=0x821B5B60 r3=BE568F00 r4=BC369380 r5=701CF658 r6=03A72328` on tid=6. Reproduced bit-identical at 120s and 180s.
- AUDIT-064 ours `--ctor-probe=0x824F8398` -n 500M: **0 fires**.

## Activation

Direct `bl` from `sub_821B55D8+0x584` (PC `0x821B5B5C`).

## Static graph

- Static callers: PC `0x821B5B5C` inside `sub_821B55D8`.
- Callees: `sub_824F7CD0` (PC `0x824F83D4`).

## Audit log

- **AUDIT-064 (2026-05-12)** — disasm confirms tiny adapter (20 insns). Canary fires 1× / ours 0×. The size is small enough to inline; possibly an MSVC compiler artifact. [confirmed]
- **AUDIT-058 (2026-05-10)** — flagged as part of the ladder. [confirmed]

## Open questions

- What does the constructed stack-record (`[1, 0, 0, 0, 0, 0, 0, 0, 0, r8]`) represent semantically? Likely a state-machine init record passed by reference to `sub_824F7CD0`'s 4-way switch.

## Cross-references

- Callees: `sub_824F7CD0`.
- Callers: `sub_821B55D8+0x584`.
- Audits: 058, 064.
- Artifacts: `audit-runs/audit-064-activation-ladder/canary-{60,120,180}s.log`.