Timeline for Global C++ classes/variables, strange initialisation
Current License: CC BY-SA 3.0
5 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Nov 27, 2015 at 18:55 | comment | added | blabb | 406b30 pushes esi ( the unk_) so it is likely to pop it back the call also xors eax,eax so it likely has a mov eax, some result so on returning from that function unk_xx is initialised with eax or 0 | |
| Nov 27, 2015 at 17:04 | comment | added | Benjamin Tillman | offset unk_8C16C0 is referenced in three places, in WinMain, and also by sub_687C30 (posted in the question) and sub_6BA2B0 (which you can see being called by sub_687C30). I assumed that offset unk_8C16C0 was pointing to a global object (constructed by sub_687C30 and destructed by sub_6BA2B0) based on the code in those two sub routines. I did try to explain this in my question so I apologise if that wasn't clear. | |
| Nov 27, 2015 at 16:54 | comment | added | blabb | i don't see the connection why does 687xxx come into picture in the flow you post ? winmain has 2 calls 407350,4af9c0 407350 has 3 calls new, 406b30,407360 406b30 doesnt have any calls so what is the connection to that 687xxx none apparently decipherable from your post | |
| Nov 27, 2015 at 14:46 | comment | added | Benjamin Tillman | Thanks for the reply Blabb. It's clear to me that some memory is being allocated and an object (a C++ class) is being initialised by 406B30 as you said. What isn't clear to me is that, if I'm reading things correctly, offset unk_8C16C0 has already been initialised by 687C30 and then loc_407552 seems to replace unk_8C16C0 with the mov [esi], eax. | |
| Nov 27, 2015 at 12:31 | history | answered | blabb | CC BY-SA 3.0 |