I'm trying to learn reverse engineering, and I'm stuck on this little thing. I have code like this:
.text:10003478                 mov     eax, HWHandle
.text:1000347D                 lea     ecx, [eax+1829B8h] <------
.text:10003483                 mov     dword_1000FA64, ecx
.text:10003489                 lea     esi, [eax+166A98h]<------
.text:1000348F                 lea     edx, [eax+11FE320h]
.text:10003495                 mov     dword_1000FCA0, esi
and I'm wondering, how does it look like in C or C++? Especially the two instructions marked by arrows. HWHandle is variable which holds the a value returned from the GetModuleHandle() function.
More interesting is that a couple of lines below this instructions, dword_1000FCA0 is used as a function:
.text:1000353C                 mov     eax, dword_1000FCA0
.text:10003541                 mov     ecx, [eax+0A0h]
.text:10003547                 push    offset asc_1000C9E4 ; "\r\n========================\r\n"
.text:1000354C                 call    ecx
This will draw this text in my game console. Have you got any ideas, guys?
LEA is nothing more than an arithmetic operation : in that case, ECX is just filled with EAX+offset (the very address, not the pointed contents). if HWHandle pointed to a (very large) structure, ECX would just be one of its members.
This could be an associated source code:
extern A* HWHandle;                 // mov     eax, HWHandle
B* ECX = HWHandle->someStructure;   // lea     ecx, [eax+1829B8h]
and later, one of B’s members is used as a function.
*(ECX->ptrFunction(someArg))        // mov     ecx, [eax+0A0h]
                                    // call    ecx
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With