Reverse engineering is a virtual method that only XOR is EAX low byte before returning

Question

Reverse engineering is a virtual method that only XOR is EAX low byte before returning

I need help in reverse engineering a virtual method from disassembly. The code was originally compiled with Microsoft Visual C ++. This method is as follows:

sub_92D110    proc near
xor al, al
retn
sub_92d110    endp

This method refers to many classes, even several times inside the vtable of one class. I'm not sure what he is doing; Does the method that was built in, but the call remains so that vtables keep their size?

And if so, what does it do xor al, al? I don’t understand something about the calling agreement or something like that?

+4

c ++ assembly x86 reverse-engineering

Artemoire Jul 17 '17 at 11:25

source share

1 answer

Matteo Italia · Answer 1 · 2017-07-17T12:08:23+0000

, , - :

bool someclass::somemethod() {
    return false;
}

xor al,al eax .
x86 eax " " .
, int ( return 0;), , ( x86 eax , - , ).
, , , char/unsigned char (0), bool (false); , , , ( "" , ).
, , . ++ V++/x86 __thiscall, , this ecx, __stdcall "" , __cdecl ; __stdcall , , , ; , __cdecl, . , .

, vtable .

; V++ linker , ( " COMDAT" ).

, ( , , , ), - , bool false vtable, varargs char .

Reverse engineering is a virtual method that only XOR is EAX low byte before returning

More articles: