ECX in C++ app is std::string?

May 29, 2010

Sorry for the bad title . Anyways...

How would this look in C++?


	PUSH 2 	; Constant
	PUSH ESI 	; CWorld
	LEA ECX, [ESP+0xE4] 	; std::string
	CALL 1521ED60 	; AddString

What I don't get is why ECX is being set to std::string. It is used inside the function. I don't think it is a fast call. But I have no idea what it is.

It is like the first push and ecx are backwards 0,o...

Edited May 29, 2010 by high6

May 29, 2010

I assume ESI being an object was loaded before, so in theory it will load out like:


00C22B41  |. 6A 02          PUSH 2                                   ; /Arg3 = 00000002 const
00C22B43  |. 8B55 B4        MOV EDX,DWORD PTR SS:[EBP-4C]            ; |
00C22B46  |. 52             PUSH EDX                                 ; |Arg2 -> CWorld
00C22B47  |. 8D45 D4        LEA EAX,DWORD PTR SS:[EBP-2C]            ; |
00C22B4A  |. 50             PUSH EAX                                 ; |Arg1 -> std::string
00C22B4B  |. E8 30FFFFFF    CALL 00C22A80                            ; \00C22A80

Which in code, would look like this:


#include <Windows.h>
#include <string>
#include <iostream>class CWorld
{
public:
	CWorld( void )
	{
	}
	~CWorld( void )
	{
	}	int TestFunction( void ) { return 1; }
};void AddString( const std::string& stringarg, const CWorld* pWorld, int nValue )
{
	// other function stuff here..	std::cout << stringarg << std::endl; // Debug output, ignore this..
	std::cout << "AddString was called!";
}int main( int argc, TCHAR* argv[] )
{
	CWorld* cWorld = new CWorld();
	std::string strTest = "testing";	AddString( "testing", cWorld, 2 );
	delete cWorld;	std::cin.sync();
	std::cin.ignore();	return 0;
}

I tossed this together real quick just to see if it was what I was thinking, which it seems like it got the same, or at least similar, results of what you were asking for. Hopefully that helps

May 29, 2010

I assume ESI being an object was loaded before, so in theory it will load out like:


00C22B41 |. 6A 02 PUSH 2 ; /Arg3 = 00000002 const
00C22B43 |. 8B55 B4 MOV EDX,DWORD PTR SS:[EBP-4C] ; |
00C22B46 |. 52 PUSH EDX ; |Arg2 -> CWorld
00C22B47 |. 8D45 D4 LEA EAX,DWORD PTR SS:[EBP-2C] ; |
00C22B4A |. 50 PUSH EAX ; |Arg1 -> std::string
00C22B4B |. E8 30FFFFFF CALL 00C22A80 ; \00C22A80

Which in code, would look like this:

 #include <Windows.h> #include <string> #include <iostream> class CWorld { public: 	CWorld( void ) 	{ 	} 	~CWorld( void ) 	{ 	} 	int TestFunction( void ) { return 1; } }; void AddString( const std::string& stringarg, const CWorld* pWorld, int nValue ) { 	// other function stuff here.. 	std::cout << stringarg << std::endl; // Debug output, ignore this.. 	std::cout << "AddString was called!"; } int main( int argc, TCHAR* argv[] ) { 	CWorld* cWorld = new CWorld(); 	std::string strTest = "testing"; 	AddString( "testing", cWorld, 2 ); 	delete cWorld; 	std::cin.sync(); 	std::cin.ignore(); 	return 0; }

I tossed this together real quick just to see if it was what I was thinking, which it seems like it got the same, or at least similar, results of what you were asking for. Hopefully that helps

ECX isn't being set though.

What is confusing me is that usually ECX is "this" in C++. But here it is being used to store a variable that is used inside the function.

May 29, 2010

Actually I was just thinking. Maybe it is a helper class which inherits from std::string. So when I was looking at the data it looked exactly like std::string but it actually was another class :x.

May 29, 2010

Scratch that, after further digging, it is in fact just an std::string.

Edit:

Odd, it also uses "EBX" to pass data too. I would say maybe it is a "fastcall" but I thought those used ecx/edx?

Anyways, it is C++ code. Just wondering what cause it to generate that 0,o...

Edited May 29, 2010 by high6

May 29, 2010

Using my same code, converting the AddString function to __fastcall produces:


00182B51  |. 6A 02          PUSH 2                                   ; /Arg1 = 00000002
00182B53  |. 8B55 B4        MOV EDX,DWORD PTR SS:[EBP-4C]            ; |
00182B56  |. 8D4D D4        LEA ECX,DWORD PTR SS:[EBP-2C]            ; |
00182B59  |. E8 22FFFFFF    CALL 00182A80                            ; \00182A80

Converting it to be a static class so that it uses thiscall produces:


013B2B41  |. 6A 02          PUSH 2                                   ; /Arg3 = 00000002
013B2B43  |. 8B55 B4        MOV EDX,DWORD PTR SS:[EBP-4C]            ; |
013B2B46  |. 52             PUSH EDX                                 ; |Arg2
013B2B47  |. 8D45 D4        LEA EAX,DWORD PTR SS:[EBP-2C]            ; |
013B2B4A  |. 50             PUSH EAX                                 ; |Arg1
013B2B4B  |. E8 F0E5FFFF    CALL 013B1140                            ; \013B1140

I can't fully force it to use the same registers since I'm sure there are other parts of the program going on before this is called that are using the other registers. From these I would say it's probably a fastcall.

May 29, 2010

Seems to be a VC class, , from what i saw, to reproduce it, you must compile it under Release Mode.

ECX is this pointer, and is passed in any functions that are part of tha class, it includes virtul functions and inherited functions

The calling convetion is __thiscall, not __fastcall

Sign In

ECX in C++ app is std::string?

Recommended Posts

high6

atom0s

high6

high6

high6

atom0s

Deathway

Create an account or sign in to comment

Create an account

Sign in

Community

Search