Jump to content
Tuts 4 You

What Does This Function Do?

high6

By high6
in Programming and Coding

Recommended Posts

high6

high6

Posted
Posted 
@exe_0043F830:						 ;<= Procedure Start		MOV ECX,DWORD PTR SS:[ESP+4]
		TEST ECX,3
		JE @exe_0043F860@exe_0043F83C:		MOV AL,BYTE PTR DS:[ECX]
		ADD ECX,1
		TEST AL,AL
		JE @exe_0043F893
		TEST ECX,3
		JNZ @exe_0043F83C
		ADD EAX,0
		LEA ESP,DWORD PTR SS:[ESP]
		LEA ESP,DWORD PTR SS:[ESP]@exe_0043F860:		MOV EAX,DWORD PTR DS:[ECX]
		MOV EDX,07EFEFEFFh
		ADD EDX,EAX
		XOR EAX,0FFFFFFFFh
		XOR EAX,EDX
		ADD ECX,4
		TEST EAX,081010100h
		JE @exe_0043F860
		MOV EAX,DWORD PTR DS:[ECX-4]
		TEST AL,AL
		JE @exe_0043F8B1
		TEST AH,AH
		JE @exe_0043F8A7
		TEST EAX,0FF0000h
		JE @exe_0043F89D
		TEST EAX,0FF000000h
		JE @exe_0043F893
		JMP @exe_0043F860@exe_0043F893:		LEA EAX,DWORD PTR DS:[ECX-1]
		MOV ECX,DWORD PTR SS:[ESP+4]
		SUB EAX,ECX
		RETN@exe_0043F89D:		LEA EAX,DWORD PTR DS:[ECX-2]
		MOV ECX,DWORD PTR SS:[ESP+4]
		SUB EAX,ECX
		RETN@exe_0043F8A7:		LEA EAX,DWORD PTR DS:[ECX-3]
		MOV ECX,DWORD PTR SS:[ESP+4]
		SUB EAX,ECX
		RETN@exe_0043F8B1:		LEA EAX,DWORD PTR DS:[ECX-4]
		MOV ECX,DWORD PTR SS:[ESP+4]
		SUB EAX,ECX
		RETN								;<= Procedure End

Don't get what its used for (see it in multiple exes). All I have seen it used for is getting the length of a path.

Also this that looks like it in another app.

@exe_004B5410:		XOR EAX,EAX
		MOV AL,BYTE PTR SS:[ESP+8]@exe_004B5416:		PUSH EBX
		MOV EBX,EAX
		SHL EAX,8
		MOV EDX,DWORD PTR SS:[ESP+8]
		TEST EDX,3
		JE @exe_004B543D@exe_004B5428:		MOV CL,BYTE PTR DS:[EDX]
		ADD EDX,1
		CMP CL,BL
		JE @exe_004B5400			   ;<= Jump/Call Address Not Resolved
		TEST CL,CL
		JE @exe_004B5486
		TEST EDX,3
		JNZ @exe_004B5428@exe_004B543D:		OR EBX,EAX
		PUSH EDI
		MOV EAX,EBX
		SHL EBX,010h
		PUSH ESI
		OR EBX,EAX@exe_004B5448:		MOV ECX,DWORD PTR DS:[EDX]
		MOV EDI,07EFEFEFFh
		MOV EAX,ECX
		MOV ESI,EDI
		XOR ECX,EBX
		ADD ESI,EAX
		ADD EDI,ECX
		XOR ECX,0FFFFFFFFh
		XOR EAX,0FFFFFFFFh
		XOR ECX,EDI
		XOR EAX,ESI
		ADD EDX,4
		AND ECX,081010100h
		JNZ @exe_004B548A
		AND EAX,081010100h
		JE @exe_004B5448
		AND EAX,01010100h
		JNZ @exe_004B5484
		AND ESI,080000000h
		JNZ @exe_004B5448@exe_004B5484:		POP ESI
		POP EDI@exe_004B5486:		POP EBX
		XOR EAX,EAX
		RETN@exe_004B548A:		MOV EAX,DWORD PTR DS:[EDX-4]
		CMP AL,BL
		JE @exe_004B54C7
		TEST AL,AL
		JE @exe_004B5484
		CMP AH,BL
		JE @exe_004B54C0
		TEST AH,AH
		JE @exe_004B5484
		SHR EAX,010h
		CMP AL,BL
		JE @exe_004B54B9
		TEST AL,AL
		JE @exe_004B5484
		CMP AH,BL
		JE @exe_004B54B2
		TEST AH,AH
		JE @exe_004B5484
		JMP @exe_004B5448@exe_004B54B2:		POP ESI
		POP EDI
		LEA EAX,DWORD PTR DS:[EDX-1]
		POP EBX
		RETN@exe_004B54B9:		LEA EAX,DWORD PTR DS:[EDX-2]
		POP ESI
		POP EDI
		POP EBX
		RETN@exe_004B54C0:		LEA EAX,DWORD PTR DS:[EDX-3]
		POP ESI
		POP EDI
		POP EBX
		RETN@exe_004B54C7:		LEA EAX,DWORD PTR DS:[EDX-4]
		POP ESI
		POP EDI
		POP EBX
		RETN								;<= Procedure End

same thing, just copied to clipboard instead.

004B5410  |$  33C0			   XOR EAX,EAX
004B5412  |.  8A4424 08		  MOV AL,BYTE PTR SS:[ESP+8]
004B5416  |>  53				 PUSH EBX
004B5417  |.  8BD8			   MOV EBX,EAX
004B5419  |.  C1E0 08			SHL EAX,8
004B541C  |.  8B5424 08		  MOV EDX,DWORD PTR SS:[ESP+8]
004B5420  |.  F7C2 03000000	  TEST EDX,3
004B5426  |.  74 15			  JE SHORT exe.004B543D
004B5428  |>  8A0A			   /MOV CL,BYTE PTR DS:[EDX]
004B542A  |.  83C2 01			|ADD EDX,1
004B542D  |.  38D9			   |CMP CL,BL
004B542F  |.^ 74 CF			  |JE SHORT exe.004B5400
004B5431  |.  84C9			   |TEST CL,CL
004B5433  |.  74 51			  |JE SHORT exe.004B5486
004B5435  |.  F7C2 03000000	  |TEST EDX,3
004B543B  |.^ 75 EB			  \JNZ SHORT exe.004B5428
004B543D  |>  0BD8			   OR EBX,EAX
004B543F  |.  57				 PUSH EDI											 ;  ntdll.7C910738
004B5440  |.  8BC3			   MOV EAX,EBX
004B5442  |.  C1E3 10			SHL EBX,10
004B5445  |.  56				 PUSH ESI
004B5446  |.  0BD8			   OR EBX,EAX
004B5448  |>  8B0A			   /MOV ECX,DWORD PTR DS:[EDX]
004B544A  |.  BF FFFEFE7E		|MOV EDI,7EFEFEFF
004B544F  |.  8BC1			   |MOV EAX,ECX
004B5451  |.  8BF7			   |MOV ESI,EDI										 ;  ntdll.7C910738
004B5453  |.  33CB			   |XOR ECX,EBX
004B5455  |.  03F0			   |ADD ESI,EAX
004B5457  |.  03F9			   |ADD EDI,ECX
004B5459  |.  83F1 FF			|XOR ECX,FFFFFFFF
004B545C  |.  83F0 FF			|XOR EAX,FFFFFFFF
004B545F  |.  33CF			   |XOR ECX,EDI										 ;  ntdll.7C910738
004B5461  |.  33C6			   |XOR EAX,ESI
004B5463  |.  83C2 04			|ADD EDX,4
004B5466  |.  81E1 00010181	  |AND ECX,81010100
004B546C  |.  75 1C			  |JNZ SHORT exe.004B548A
004B546E  |.  25 00010181		|AND EAX,81010100
004B5473  |.^ 74 D3			  |JE SHORT exe.004B5448
004B5475  |.  25 00010101		|AND EAX,1010100
004B547A  |.  75 08			  |JNZ SHORT exe.004B5484
004B547C  |.  81E6 00000080	  |AND ESI,80000000
004B5482  |.^ 75 C4			  \JNZ SHORT exe.004B5448
004B5484  |>  5E				 POP ESI											  ;  kernel32.7C816FD7
004B5485  |.  5F				 POP EDI											  ;  kernel32.7C816FD7
004B5486  |>  5B				 POP EBX											  ;  kernel32.7C816FD7
004B5487  |.  33C0			   XOR EAX,EAX
004B5489  |.  C3				 RETN
004B548A  |>  8B42 FC			MOV EAX,DWORD PTR DS:[EDX-4]
004B548D  |.  38D8			   CMP AL,BL
004B548F  |.  74 36			  JE SHORT exe.004B54C7
004B5491  |.  84C0			   TEST AL,AL
004B5493  |.^ 74 EF			  JE SHORT exe.004B5484
004B5495  |.  38DC			   CMP AH,BL
004B5497  |.  74 27			  JE SHORT exe.004B54C0
004B5499  |.  84E4			   TEST AH,AH
004B549B  |.^ 74 E7			  JE SHORT exe.004B5484
004B549D  |.  C1E8 10			SHR EAX,10
004B54A0  |.  38D8			   CMP AL,BL
004B54A2  |.  74 15			  JE SHORT exe.004B54B9
004B54A4  |.  84C0			   TEST AL,AL
004B54A6  |.^ 74 DC			  JE SHORT exe.004B5484
004B54A8  |.  38DC			   CMP AH,BL
004B54AA  |.  74 06			  JE SHORT exe.004B54B2
004B54AC  |.  84E4			   TEST AH,AH
004B54AE  |.^ 74 D4			  JE SHORT exe.004B5484
004B54B0  |.^ EB 96			  JMP SHORT exe.004B5448
004B54B2  |>  5E				 POP ESI											  ;  kernel32.7C816FD7
004B54B3  |.  5F				 POP EDI											  ;  kernel32.7C816FD7
004B54B4  |.  8D42 FF			LEA EAX,DWORD PTR DS:[EDX-1]
004B54B7  |.  5B				 POP EBX											  ;  kernel32.7C816FD7
004B54B8  |.  C3				 RETN
004B54B9  |>  8D42 FE			LEA EAX,DWORD PTR DS:[EDX-2]
004B54BC  |.  5E				 POP ESI											  ;  kernel32.7C816FD7
004B54BD  |.  5F				 POP EDI											  ;  kernel32.7C816FD7
004B54BE  |.  5B				 POP EBX											  ;  kernel32.7C816FD7
004B54BF  |.  C3				 RETN
004B54C0  |>  8D42 FD			LEA EAX,DWORD PTR DS:[EDX-3]
004B54C3  |.  5E				 POP ESI											  ;  kernel32.7C816FD7
004B54C4  |.  5F				 POP EDI											  ;  kernel32.7C816FD7
004B54C5  |.  5B				 POP EBX											  ;  kernel32.7C816FD7
004B54C6  |.  C3				 RETN
004B54C7  |>  8D42 FC			LEA EAX,DWORD PTR DS:[EDX-4]
004B54CA  |.  5E				 POP ESI											  ;  kernel32.7C816FD7
004B54CB  |.  5F				 POP EDI											  ;  kernel32.7C816FD7
004B54CC  |.  5B				 POP EBX											  ;  kernel32.7C816FD7
004B54CD  \.  C3				 RETN

Anyone know?

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go to topic listing
×
×
  • Create New...