I'm having trouble understanding what is happening in this code snippet. Quite a few of the Delphi procs start in a similar way with same two FS: statements
Code:
CODE:004BDE62 33 C0 xor eax, eax
CODE:004BDE64 55 push ebp
CODE:004BDE65 68 FF DE 4B 00 push offset @@4
CODE:004BDE6A 64 FF 30 push dword ptr fs:[eax]
CODE:004BDE6D 64 89 20 mov fs:[eax], esp
...
CODE:004BDEFF E9 00 64 F4 FF @4: jmp @HandleFinally
...
v8 = &v15;
v7 = v4BDEFF;
v6 = __readfsdword(0);
__writefsdword(0, (unsigned int)&v6);
...
In particular, what are the two statements involving FS doing and is there a way to make hexrays do a proper job of handling them?. Sorry for the dumb question, but this is the first time that I've had to look at FS.
Git
10-26-2012, 21:11
Similar Threads
Threaded Mode