question about the function argument-- this pointer
 

so below is a F5 code of an function generated by IDA

so "_DWORD *this"

this particular argument ( or this pointer) should be regarded as a real funtion argument, or not?



_DWORD *__thiscall sub_464060(_DWORD *this, _DWORD *Src)
{
_DWORD *v3; // edi
bool v4; // cf
unsigned int v5; // eax
_DWORD *result; // eax
int v7; // ebx
void *v8; // eax
_DWORD *v9; // ecx
void *Srca; // [esp+14h] [ebp+8h]

v3 = Src;
this[4] = 0;
this[5] = 0;
v4 = Src[5] < 0x10u;
v5 = Src[4];
Srca = (void *)v5;
if ( !v4 )
v3 = (_DWORD *)*v3;
if ( v5 >= 0x10 )
{
v7 = v5 | 0xF;
if ( (v5 | 0xF) > 0x7FFFFFFF )
v7 = 0x7FFFFFFF;
if ( (unsigned int)(v7 + 1) < 0x1000 )
{
if ( v7 == -1 )
v9 = 0;
else
v9 = operator new(v7 + 1);
}
else
{
if ( v7 + 36 <= (unsigned int)(v7 + 1) )
sub_44B280();
v8 = operator new(v7 + 36);
if ( !v8 )
invalid_parameter_noinfo_noreturn();
v9 = (_DWORD *)(((unsigned int)v8 + 35) & 0xFFFFFFE0);
*(v9 - 1) = v8;
}
*this = v9;
memcpy(v9, v3, (size_t)Srca + 1);
this[4] = Srca;
result = this;
this[5] = v7;
}
else
{
*(_OWORD *)this = *(_OWORD *)v3;
this[4] = v5;
result = this;
this[5] = 15;
}
return result;
}

correspoinding ASM code





sub_464060 proc near ; CODE XREF: sub_44C6D0+5A2↑p

Src= dword ptr 8

push ebp
mov ebp, esp
push ebx
push esi
mov esi, ecx
push edi
mov edi, [ebp+Src]
mov dword ptr [esi+10h], 0
mov dword ptr [esi+14h], 0
cmp dword ptr [edi+14h], 10h
mov eax, [edi+10h]
mov [ebp+Src], eax
jb short loc_464087
mov edi, [edi]


loc_464087: ; CODE XREF: sub_464060+23↑j
cmp eax, 10h
jnb short loc_4640A6
movups xmm0, xmmword ptr [edi]
mov ebx, 0Fh
pop edi
movups xmmword ptr [esi], xmm0
mov [esi+10h], eax
mov eax, esi
mov [esi+14h], ebx
pop esi
pop ebx
pop ebp
retn 4

loc_4640A6: ; CODE XREF: sub_464060+2A↑j
mov ebx, eax
mov eax, 7FFFFFFFh

or ebx, 0Fh

cmp ebx, eax
cmova ebx, eax
lea eax, [ebx+1]

cmp eax, 1000h
jb short loc_4640E4


lea ecx, [eax+23h]
cmp ecx, eax
jbe short loc_46411A


push ecx ; Size
call ??2@YAPAXI@Z ; operator new(uint)


add esp, 4
test eax, eax
jz short loc_4640DE


lea ecx, [eax+23h]
and ecx, 0FFFFFFE0h

mov [ecx-4], eax
jmp short loc_4640F7


loc_4640DE: ; CODE XREF: sub_464060+71↑j
call ds:_invalid_parameter_noinfo_noreturn


loc_4640E4: ; CODE XREF: sub_464060+5D↑j
test eax, eax
jz short loc_4640F5


push eax ; Size
call ??2@YAPAXI@Z ; operator new(uint)

add esp, 4
mov ecx, eax
jmp short loc_4640F7


loc_4640F5: ; CODE XREF: sub_464060+86↑j
xor ecx, ecx



loc_4640F7: ; CODE XREF: sub_464060+7C↑j
; sub_464060+93↑j
mov eax, [ebp+Src]
inc eax
mov [esi], ecx

push eax ; Size
push edi ; Src
push ecx ; void *
call memcpy


mov eax, [ebp+Src]
add esp, 0Ch
mov [esi+10h], eax

mov eax, esi

mov [esi+14h], ebx
pop edi
pop esi
pop ebx
pop ebp
retn 4



loc_46411A: ; CODE XREF: sub_464060+64↑j
call sub_44B280

sub_464060 endp

Yes, the 'this' is a pointer to the instance data for the object and is normal for OOP. Without it the best the code could do is access static data for the class.

but based on IDA, we notice another instance of the same function is called with only one argument (i.e., the last argument). I guess the F5 analysis is not reliable and not consistent.

thiscall calling convention.
this = ECX, RCX.