Text only | Text with Images

Valhalla Legends Archive

Programming => General Programming => Assembly Language (any cpu) => Topic started by: K on December 08, 2003, 01:19 PM

Title: Looking at disassembly
Post by: K on December 08, 2003, 01:19 PM
Code Select

                ; ...
                push    offset sub_11802190
                push    7
                push    6
                ; ...
                call    SomeFunction
                test    eax, eax


Is this code passing a function pointer to SomeFunction?
Code Select

typedef BOOL(_stdcall *pfSomeFunction)(int, int, pfAnotherFunction);
Title: Re:Looking at disassembly
Post by: Kp on December 08, 2003, 01:27 PM
Looks like it, yes.
Title: Re:Looking at disassembly
Post by: K on December 09, 2003, 04:13 PM
Thanks for the help with these basic questions.  I've got a couple more:

Code Select

mov     ecx, [ebp+arg_C]
mov     ecx, [ecx]


does this indicate that arg_C is a pointer of some type?

IDA generated this:
Code Select

AdminEventCallback proc near

arg_0           = dword ptr  8
event_id        = dword ptr  0Ch
arg_C           = dword ptr  14h

; .....

retn 10h


there are three arguments at 4 bytes each (12bytes), yet 16 are returned to the stack at the end -- is there an argument between event_id and arg_C that just isn't used and therefore isn't generated by IDA?
Title: Re:Looking at disassembly
Post by: Adron on December 09, 2003, 04:15 PM
1. Yes, arg_C seems to be a pointer.

2. Perhaps so. It's also possible that it is used in some way IDA doesn't notice - perhaps the address of event_id is taken and then indexed from?

Title: Re:Looking at disassembly
Post by: K on December 09, 2003, 04:38 PM
Quote from: Adron on December 09, 2003, 04:15 PM
1. Yes, arg_C seems to be a pointer.

2. Perhaps so. It's also possible that it is used in some way IDA doesn't notice - perhaps the address of event_id is taken and then indexed from?


So the mystery argument would be offset 10h;

Code Select

arg_0          = dword ptr  8
event_id       = dword ptr  0Ch
arg_?          = dword ptr 10h
arg_C          = dword ptr  14h

; is this code referencing arg_?
; I get confused with the +/- offsets for local variables
; and arguments.
mov     eax, [ebp+arg_0]       ; ebp - 8 + 18h = ebp + 10h
and     dword ptr [eax+18h], 0 ; ebp + 8 + 18h = ebp + 20h
Title: Re:Looking at disassembly
Post by: Adron on December 09, 2003, 05:08 PM
Quote from: K on December 09, 2003, 04:38 PM

Code Select

; is this code referencing arg_?
; I get confused with the +/- offsets for local variables
; and arguments.
mov     eax, [ebp+arg_0]       ; ebp - 8 + 18h = ebp + 10h
and     dword ptr [eax+18h], 0 ; ebp + 8 + 18h = ebp + 20h


No, it's moving the value passed as arg_0 into eax. Then it's zeroing out a value at offset 0x18 from that. This means that arg_0 probably is a pointer to a struct.
Title: Re:Looking at disassembly
Post by: K on December 09, 2003, 05:31 PM
Quote from: Adron on December 09, 2003, 05:08 PM
No, it's moving the value passed as arg_0 into eax. Then it's zeroing out a value at offset 0x18 from that. This means that arg_0 probably is a pointer to a struct.

I see now.  Thanks for the help, I'm trying to get a handle on this  ;).
Text only | Text with Images