Log in

View Full Version : call [eax+xx]

The Keeper
June 2nd, 2002, 06:28
Hi,

i have a program which uses a dll to generate the code, but to call the functions inside the dll it does call [eax+xx] where xx is a number..how would a program do that ? shouldnt it loadlibrary the dll then getprocaddress and call the function ? weird..if someone can explain.

thanks in advance.
Dr.Golova
June 2nd, 2002, 14:43
Looks like it's call to some virtual function (class method), so eax must contain instance of some class (may be point to it's vtbl, but i'm not sure).
The Svin
June 2nd, 2002, 15:03
Quote:
shouldnt it loadlibrary the dll then getprocaddress and call the function


If the dll in import table the is no need to call LoadLibrary.
Here is example from my code where I call three
Win32 API but you can not say what API:
Code:


        mov esi,Procs[edi*4] 

@nextcall:

        

        Scall dword ptr [esi],0,ebx ;here is API dll  call

        test eax,eax

        je @nextid

        push eax

        invoke udw2str,ebx,offset number

        invoke SendMessage,hListBoxes[edi*4],LB_ADDSTRING,0,offset number

        pop ecx

        invoke SendMessage,hListBoxes[edi*4],LB_SETITEMDATA,eax,ecx

        

@nextid:

        cmp ebx,32999

        inc ebx

        jc @nextcall

        inc edi

        jnp @B

It's code from very simple programming utility, nothing about hacking or antidebug, just my way optimized working with external calls.
Actually it calls LoadBitmap, LoadIcon, LoadCursor.
I don't use in the proc usual jmp API table, but if I
had, the external calls of the above code could be addressed as
call [edi*4+Procs]
very simular to your code example.

BTW to the mode:
I used code / code tags but some strings yet wrapped, what I've done wrong?