Complex function

Question

Complex function

So, when using the IDA to parse the dll, I came across this class function:

mov eax, [ecx+4]
mov eax, [eax]
retn

I know what it ecxmeans this, and eax- the return value, but I do not understand what it returns. Any help?

+3

assembly reverse-engineering ida

小太郎 Jun 29 '10 at 9:01

source share

5 answers

( eax) 4 ecx. , 32- eax, .

, , , , .

+3

Greg Hewgill 29 . '10 9:07

, - EAX... , ECX... (4 ) . () EAX , EAX.

( , "" MOV (load), , .

, . ECX , , ++ "this", . , , . , , , ( ). , .

(, x86 - , DOS .. ... errno stdlib C EAX).

0

Jim Dennis 29 . '10 9:12

. ecx "this", , . instr, dword, ; ? . eax, , - . eax, func.

ecx    ------->    dword dataA   offset 0
                   dword dataB   offset 4

  mov eax, [ecx + 4]

eax = dataB ---->  dword dataC   offset 0

  mov eax, [eax]

eax = dataC

dataC , , .

0

ShinTakezou 29 . '10 9:19

, . , , MSVC 32- eax. @Gregs , , , , .

If you want to understand disassembly, try looking at the results yourself (C / C ++). This is really the only way to get an idea of what is going on in others' dlls.

0

Pontus gagge Jun 29 '10 at 10:30

source share

Vladimir Panteleev · Accepted Answer · 2010-06-29T09:31:53+0000

class C
{
    int a;
    int *b; // ecx+4

    int get_b()
    {
        return *b;
    }
}

Of course, the actual type aand *bunknown, but both of them are 32-bit types. aIt can also be a pointer to VMT if the class has any virtual methods or destructors.

Complex function

More articles: