Wonderful tutorial! It did help me solve real world problem today!! As a side note sometimes processor jump to illegal address because lr in stack got destroyed first (say buffer overflow). It gets trickier to unwind stack when this happens. In this case, compare data contents and the address processor jumps to (e.g. check if same value also appears in other buffer) may help identify what happen.
