[MPlayer-dev-eng] silly code

Dylan Perry dylanp at tekniche.com.au
Wed Jan 2 09:41:39 CET 2002


Hi,

AFAICT

On Tue, 1 Jan 2002, Arpi wrote:

> Hi,
> 
> another piece of shit:
> 
> 0x62924c30:     mov    %eax,%ecx
> 0x62924c32:     shr    $0x10,%ecx
> 0x62924c35:     and    $0xff,%ecx
> 0x62924c3b:     and    $0xff00ffff,%eax

I guess %eax here is really two separate index vars (stored as 0xbbaabbbb,
probably 0xaabbbb is sufficient)

> 0x62924c40:     lea    0x62b67ae0(,%ecx,8),%ecx
> 0x62924c47:     cmpb   $0x0,(%ecx)

First element in the structure determines whether the second element is
code address (0) or another table (!0) ... either jump to it or deref and
index

> 0x62924c4a:     je     0x62924c61
> 0x62924c4c:     mov    0x4(%ecx),%edx
> 0x62924c4f:     lea    0x0(,%eax,4),%ecx
> 0x62924c56:     lea    (%edx,%ecx,4),%ecx

%ecx is recalculated to the base address of the element within another
table

> 0x62924c59:     mov    (%ecx),%eax
> 0x62924c5b:     mov    0x8(%ecx),%edx
> 0x62924c5e:     jmp    *0x4(%ecx)
> 0x62924c61:     jmp    *0x4(%ecx)
> 
> it's called theQicktimeDispatcher, and seems to be something main entry
> point.
> 
> also, note the 0x62924c61 case: it sees ecx==0, so it jumps to [ecx+4]
> strict way to sig11 :)
> 
> i have to redirect this func and do somr printf on parameters.
> it doesn't work in c, i think because of parameter pasisng in eax, instead
> of stack.
> 
> currently i'm using:
> 
> static int (*real_theqt)(int a,int b,int c,int d,int e,int f,int g,int h) = NULL;
> 
> static int fake_theqt(int a,int b,int c,int d,int e,int f,int g,int h){
>     return real_theqt(a,b,c,d,e,f,g,h);
> }
> 
> and, at GetProcAddress:
>         if(!strcmp(function,"theQuickTimeDispatcher")){
>             real_theqt=retproc; retproc=fake_theqt;
> 	}
> 
> i think i need some asm for teh above, to same/restore eax?
> 
> A'rpi / Astral & ESP-team
> 
> --
> mailto:arpi at thot.banki.hu
> http://esp-team.scene.hu

It looks like it's using fastcall or something similar and will probably
pass the first two vars as %eax and %edx (those two lines before the
jmp would seem to support that).

probably need something like:
asm("push %3\n"
    "push %4\n"
    "push %5\n"
    "push %6\n"
    "push %7\n"
    "push %8\n"
    "call *%9\n"
    : "=a" (ret)
    : "0" (a), "d" (b), "g" (c), "g" (d), "g" (e), "g" (f), "g" (g),
"g" (h), "m" (func)
    : "memory", "%esi", "%edi", "%ebx", "%ecx");

from memory (if this is using fastcall) then the called func is
responsible for stack adjustment (using other form of ret that takes
an immediate operand).


Dylan Perry




More information about the MPlayer-dev-eng mailing list