I have noticed on several occassions when back tracking a function call I end up on an instruction that is triggered when a particular event occurs, but the LR at that point is the address of the instruction itself. How do I determine who called me when the BP triggered if the LR is the address of the BP?
I'm not sure I follow...
After a bl, the LR isn't going to change back to the LR from the previous caller. That is, blr does not restore the previous LR. To see the address of the caller, you will have to find the corresponding mtlr/blr and look at the LR there. Or, if you're adventurous, you don't have to step until a blr, instead you can parse the stack frame for the LR Save Word, which is (I think) located at [r1]+4 (note: this is not r1+4, but [r1]+4)