Please explain what this code does

C++

Forum

Forum
General C++ Programming
Please explain what this code does

Please explain what this code does

Hello all ,
All i know , This is a Buffer for thiscall Function


struct sAABuffer_Helper
	{
		DWORD SecondDword;
		BYTE Filler[0x200];
	};
 
	struct sAABuffer
	{ 
		DWORD FirstDword;
		BYTE Filler[0x400];	// NOT ACTUALLY A FILLER, ITS THE SERIALIZED MSG BUFFER.
		sAABuffer_Helper* pBuffer;
 
		sAABuffer(DWORD First, DWORD Second)
		{
			FirstDword = First;
			pBuffer = new sAABuffer_Helper{};
			memset(Filler, 0, 0x400);
			
			pBuffer->SecondDword = Second;
			memset(pBuffer->Filler, 0, 0x200);
		}
 
		~sAABuffer()
		{
			delete pBuffer;
		}
 
	};



LPVOID m_lpAAPacketFirstDword = 0xF6FEE0;
LPVOID m_lpAAPacketSecondDword = 0xF6FEF8;
sAABuffer* m_AABuffer ;
m_AABuffer = new sAABuffer((DWORD)m_lpAAPacketFirstDword, (DWORD)m_lpAAPacketSecondDword);

function and some explanation ,



 55                   push ebp

 8BEC                 mov ebp,esp                    
 53                   push ebx                       
 8B5D 0C              mov ebx,dword ptr ss:[ebp+C]    
 56                   push esi                       
 57                   push edi                       
 8BF1                 mov esi,ecx        -------------> ecx     = m_lpAAPacketFirstDword        
 85DB                 test ebx,ebx                   
 0F84 BA000000        je co_game.98E82E             
 8B7D 10              mov edi,dword ptr ss:[ebp+10]  
 85FF                 test edi,edi                   
 0F84 AF000000        je co_game.98E82E             
 E8 9870F4FF          call <JMP.&timeGetTime>        
 8B8E 04040000        mov ecx,dword ptr ds:[esi+404] 
 8349 20 01           or dword ptr ds:[ecx+20],1     
 8941 28              mov dword ptr ds:[ecx+28],eax  
 8B86 04040000        mov eax,dword ptr ds:[esi+404] 
 8348 20 08           or dword ptr ds:[eax+20],8     
 0FB74D 14            movzx ecx,word ptr ss:[ebp+14] 
 8958 34              mov dword ptr ds:[eax+34],ebx  
 8B86 04040000        mov eax,dword ptr ds:[esi+404] 
 8348 20 10           or dword ptr ds:[eax+20],10    
 8978 38              mov dword ptr ds:[eax+38],edi  
 8B86 04040000        mov eax,dword ptr ds:[esi+404] 
 8348 20 40           or dword ptr ds:[eax+20],40    
 8948 40              mov dword ptr ds:[eax+40],ecx  
 8B86 04040000        mov eax,dword ptr ds:[esi+404] 
 8148 20 80000000     or dword ptr ds:[eax+20],80    
 0FB74D 18            movzx ecx,word ptr ss:[ebp+18] 
 8948 44              mov dword ptr ds:[eax+44],ecx  
 8B86 04040000        mov eax,dword ptr ds:[esi+404] 
 8148 20 00100000     or dword ptr ds:[eax+20],1000  
 0FB74D 08            movzx ecx,word ptr ss:[ebp+8]  
 8948 58              mov dword ptr ds:[eax+58],ecx  
 8B86 04040000        mov eax,dword ptr ds:[esi+404] 
 8B4D 1C              mov ecx,dword ptr ss:[ebp+1C]  
 8148 20 00400000     or dword ptr ds:[eax+20],4000  
 8948 60              mov dword ptr ds:[eax+60],ecx  
 8B8E 04040000        mov ecx,dword ptr ds:[esi+404]      -------------> ecx     = m_lpAAPacketSecondDword 
 68 FC030000          push 3FC                       
 8D46 08              lea eax,dword ptr ds:[esi+8]   
 50                   push eax                       
 E8 05E13B00          call <co_game.sub_D4C910>    <----------- thiscall function    
 84C0                 test al,al                     
 74 1F                je co_game.98E82E             
 8B8E 04040000        mov ecx,dword ptr ds:[esi+404] 
 B8 57080000          mov eax,857                    
 66:8946 06           mov word ptr ds:[esi+6],ax     
 8B01                 mov eax,dword ptr ds:[ecx]     
 FF50 20              call dword ptr ds:[eax+20]     
 83C0 04              add eax,4                      
 66:8946 04           mov word ptr ds:[esi+4],ax     
 B0 01                mov al,1                       
 EB 02                jmp co_game.98E830            
 32C0                 xor al,al                      
 5F                   pop edi                        
 5E                   pop esi                        
 5B                   pop ebx                        
 5D                   pop ebp                        
 C2 1800              ret 18

ida pro

char __thiscall sub_98E761(
        int this,
        unsigned __int16 a2,
        int a3,
        int a4,
        unsigned __int16 a5,
        unsigned __int16 a6,
        int a7)
{
  DWORD v8; // eax
  int v9; // ecx
  int v10; // eax
  int v11; // eax
  int v12; // eax
  int v13; // eax
  int v14; // eax
  int v15; // eax
  int v16; // ecx
 
  if ( !a3 )
    return 0;
  if ( !a4 )
    return 0;
  v8 = sub_8D581C();
  v9 = *(_DWORD *)(this + 1028);
  *(_DWORD *)(v9 + 32) |= 1u;
  *(_DWORD *)(v9 + 40) = v8;
  v10 = *(_DWORD *)(this + 1028);
  *(_DWORD *)(v10 + 32) |= 8u;
  *(_DWORD *)(v10 + 52) = a3;
  v11 = *(_DWORD *)(this + 1028);
  *(_DWORD *)(v11 + 32) |= 0x10u;
  *(_DWORD *)(v11 + 56) = a4;
  v12 = *(_DWORD *)(this + 1028);
  *(_DWORD *)(v12 + 32) |= 0x40u;
  *(_DWORD *)(v12 + 64) = a5;
  v13 = *(_DWORD *)(this + 1028);
  *(_DWORD *)(v13 + 32) |= 0x80u;
  *(_DWORD *)(v13 + 68) = a6;
  v14 = *(_DWORD *)(this + 1028);
  *(_DWORD *)(v14 + 32) |= 0x1000u;
  *(_DWORD *)(v14 + 88) = a2;
  v15 = *(_DWORD *)(this + 1028);
  *(_DWORD *)(v15 + 32) |= 0x4000u;
  *(_DWORD *)(v15 + 96) = a7;
  if ( !(unsigned __int8)sub_D4C910(this + 8, 1020) )
    return 0;
  v16 = *(_DWORD *)(this + 1028);
  *(_WORD *)(this + 6) = 2135;
  *(_WORD *)(this + 4) = (*(int (__thiscall **)(int))(*(_DWORD *)v16 + 32))(v16) + 4;
  return 1;
}

Last edited on

Topic archived. No new replies allowed.