int CKeyBind::GetFuncCode( +08 WORD nAccelCmd, = 0x0070 +0C int nKeyNameArrNum, = 0x5e +10 KEYDATA* pKeyNameArr, = 0x01289c4c +14 BOOL bGetDefFuncCode /* = TRUE */ = TRUE ) 0045E490 push ebp 0045E491 mov ebp,esp 0045E493 add esp,0FFFFFFF0h 0045E496 push ebx 0045E497 push esi 0045E498 push edi 0045E499 xor ebx,ebx ;; loop counter "i" 0045E49B mov eax,dword ptr [ebp+8] ; WORD nAccelCmd 0045E49E movzx edx,ax 0045E4A1 mov ecx,edx 0045E4A3 and edx,0FF00h ; nSts = 00 0045E4A9 and ecx,0FFh ;nCmd = 70h 0045E4AF sar edx,8 0045E4B2 mov dword ptr [ebp-4],ecx ; nCmd 0045E4B5 mov dword ptr [ebp-8],edx ; nSts 0045E4B8 mov eax,dword ptr [ebp-10h] 0045E4BB mov edx,dword ptr [ebp+0Ch] ;nKeyNameArrNum 0045E4BE cmp ebx,edx ; (ebx = 0) i.e. 0045E4C0 lea esi,[eax+edi*4+44h] calculate m_nFuncCodeArr address !! 0045E4C4 mov eax,dword ptr [ebp+10h] ; pKeyNameArr 0045E4C7 jge 0045E521 0045E4C9 movsx ecx,word ptr [eax] 0045E4CC mov edx,dword ptr [ebp-4] 0045E4CF cmp ecx,edx 0045E4D1 jne 0045E516 0045E4D3 mov ecx,ebx 0045E4D5 mov eax,dword ptr [ebp+14h] ; bGetDefFuncCode 0045E4D8 shl ecx,2 0045E4DB mov dword ptr [ebp-0Ch],eax ; bGetDefFuncCode 0045E4DE mov eax,dword ptr [ebp+10h] ; pKeyNameArr 0045E4E1 mov edi,dword ptr [ebp-8] 0045E4E4 lea ecx,[ecx+ecx*4] 0045E4E7 lea ecx,[ecx+ecx*4] 0045E4EA add ecx,eax ; ecx = pKeyNameArr + ebx * 100 0045E4EC mov dword ptr [ebp-10h],ecx 0045E4EF mov edx,dword ptr [esi] <<----------- !!! * Register status at this point EAX = 01289C4C EBX = 00000005 ECX = 01289E40 EDX = 00000070 ESI = 930A08B0 EDI = 00000000 EIP = 0045E4EF ESP = 0012E804 EBP = 0012E820 EFL = 00010212 0045E4F1 test edx,edx 0045E4F3 je 0045E4F9 0045E4F5 mov eax,dword ptr [esi] 0045E4F7 jmp 0045E523 0045E4F9 mov edx,dword ptr [ebp-0Ch] 0045E4FC test edx,edx 0045E4FE je 0045E512 0045E500 push edi 0045E501 mov ecx,dword ptr [ebp-10h] 0045E504 movsx eax,word ptr [ecx] 0045E507 push eax 0045E508 call 0045EC04 ; CKeyBind::GetDefFuncCode(int, int) 0045E50D add esp,8 0045E510 jmp 0045E523 0045E512 xor eax,eax 0045E514 jmp 0045E523 0045E516 inc ebx 0045E517 add eax,64h 0045E51A mov edx,dword ptr [ebp+0Ch] 0045E51D cmp ebx,edx 0045E51F jl 0045E4C9 0045E521 xor eax,eax 0045E523 pop edi 0045E524 pop esi 0045E525 pop ebx 0045E526 mov esp,ebp 0045E528 pop ebp 0045E529 ret ---------------------------------- * Stack Dump 0x0012E794 44 00 db 02 cc da db 02 2e e3 d8 77 1c d9 db 02 0x0012E7A4 6e 12 00 00 34 d9 db 02 cc da db 02 48 da db 02 0x0012E7B4 fe e1 94 7c 88 d9 db 02 44 d9 db 02 6c fb 94 7c 0x0012E7C4 58 56 00 00 64 da db 02 64 da db 02 d0 43 f2 77 0x0012E7D4 ff ff 00 00 b0 da db 02 04 00 00 00 02 00 00 00 0x0012E7E4 a4 e5 db 02 c0 93 5b 7d dd 43 f2 77 c0 93 5b 7d 0x0012E7F4 04 00 00 00 00 00 00 00 b0 da db 02 00 00 00 00 (SP) 0x0012E804 00 00 00 00 e8 5f 50 01 84 4f 50 01 40 9e 28 01 (BP) 0x0012E814 01 00 00 00 00 00 00 00 70 00 00 00 48 e8 12 00 0x0012E824 /b0 b8 45 00 70 00 00 00 5e 00 00 00 4c 9c 28 01 ~~~~~ 0x0012E834 01 00 00 00 d8 02 00 00 86 52 4c 00 84 4f 50 01 ~~TRUE 0x0012E844 00 00 00 00-6c e8 12 00/c0 b6 45 00 84 4f 50 01 0x0012E854 b6 02 9a 01 13 01 00 00 e0 04 00 00 3b 1d f4 0c 0x0012E864 16 11 01 df 04 00 40 01 40 f4 12 00 52 1b 45 00 0x0012E874 84 4f 50 01 00 00 40 00 3c 01 16 00 14 00 40 01 0x0012E884 00 00 00 00 a4 2f e2 00 64 00 00 00 24 39 e2 00 0x0012E894 08 e8 12 00 b4 eb 12 00 48 eb 12 00 18 ee 94 7c 0x0012E8A4 c0 eb 12 00 08 00 00 00 58 eb 12 00 2e 40 95 7c 0x0012E8B4 a8 20 14 00 30 e9 12 00 70 09 95 7c c0 e4 9b 7c