[MPlayer-dev-eng] state of realvideo?

Mon May 20 22:26:13 CEST 2002

On Mon, May 20, 2002 at 07:30:43PM +0200, Arpi wrote:
> > How do you see which are or are not parameters?  Also, digging through the 
> i can't see, just feel.
> reverse engineering is not an 1:1 transformation :)

Heh.  Okay, I just wanted to make sure I wasn't missing something obvious.

> imho, ebp-X is reference to the local variables (structs, arrays can be
> big), the parameters are referenced by ebp+X

Hmmm.  I'll have to check this... 

Exported fn(): return_int_take_two_alloc_four
:0804830a 55                     push ebp
:0804830b 89e5                   mov  ebp, esp
:0804830d 83ec18                 sub  esp, 18
:08048310 c7450811a10000         movl ptr [ebp+8], a111
:08048317 c7450c22a20000         movl ptr [ebp], a222
:0804831e c745e800b00000         movl ptr [ebp-24], b000
:08048325 c745ec01b00000         movl ptr [ebp-20], b001
:0804832c c745f002b00000         movl ptr [ebp-16], b002
:08048333 c745f403b00000         movl ptr [ebp-12], b003
:0804833a b8efbe0000             mov  eax, beef
:0804833f c9                     leave
:08048340 c3                     ret
:08048341 90                     nop

yup!  You're right.  the 'a...' values I assigned to args, and the 'b...'
values I assigned to stack vars.  And it's hopeless to find the return
value, since it's in eax, which means it'll only be obvious if it gets set
RIGHT before a return like here.

Oh good, that makes me much less nervous about figuring this API out.

Whatever compiler they used is _weird_.  All over the place it does stuff 
like this:

:00001ec0 53                     push ebx
:00001ec1 e800000000             call 00001ec6
:00001ec6 5b                     pop  ebx
:00001ec7 81c34ac40200           add  ebx, 2c44a

freaks me out.  :)  Although, it doesn't seem to use ebx ever.  Whatever, 
probably just goofy compilerisms.

> dunno, i've never hacked c++ code.
> we just can hope that the actualplugins don't use c++ stuff, if they do, it
> will make our life REALLY HARD.

Well, the .so's have an undefined reference, like I said, to 
__pure_virtual.  And everything points to it being a C++ shared library 
except for the fact that there appears to be no "access" method to the 
class.  So very weird.  I will continue like it's not C++.

Is there any way to solve the "__pure_virtual" reference?  Just defining 
it in my loader doesn't work: I have to make a stub in a separate .so 
file.  Really strange...

-- 
Kees Cook                                            @outflux.net