question about the function argument-- this pointer

[zhgong007]

so below is a F5 code of an function generated by IDA

so "_DWORD *this"

this particular argument ( or this pointer) should be regarded as a real funtion argument, or not?



_DWORD *__thiscall sub_464060(_DWORD *this, _DWORD *Src)
{
_DWORD *v3; // edi
bool v4; // cf
unsigned int v5; // eax
_DWORD *result; // eax
int v7; // ebx
void *v8; // eax
_DWORD *v9; // ecx
void *Srca; // [esp+14h] [ebp+8h]

v3 = Src;
this[4] = 0;
this[5] = 0;
v4 = Src[5] < 0x10u;
v5 = Src[4];
Srca = (void *)v5;
if ( !v4 )
v3 = (_DWORD *)*v3;
if ( v5 >= 0x10 )
{
v7 = v5 | 0xF;
if ( (v5 | 0xF) > 0x7FFFFFFF )
v7 = 0x7FFFFFFF;
if ( (unsigned int)(v7 + 1) < 0x1000 )
{
if ( v7 == -1 )
v9 = 0;
else
v9 = operator new(v7 + 1);
}
else
{
if ( v7 + 36 <= (unsigned int)(v7 + 1) )
sub_44B280();
v8 = operator new(v7 + 36);
if ( !v8 )
invalid_parameter_noinfo_noreturn();
v9 = (_DWORD *)(((unsigned int)v8 + 35) & 0xFFFFFFE0);
*(v9 - 1) = v8;
}
*this = v9;
memcpy(v9, v3, (size_t)Srca + 1);
this[4] = Srca;
result = this;
this[5] = v7;
}
else
{
*(_OWORD *)this = *(_OWORD *)v3;
this[4] = v5;
result = this;
this[5] = 15;
}
return result;
}

[zhgong007]

correspoinding ASM code





sub_464060 proc near ; CODE XREF: sub_44C6D0+5A2↑p

Src= dword ptr 8

push ebp
mov ebp, esp
push ebx
push esi
mov esi, ecx
push edi
mov edi, [ebp+Src]
mov dword ptr [esi+10h], 0
mov dword ptr [esi+14h], 0
cmp dword ptr [edi+14h], 10h
mov eax, [edi+10h]
mov [ebp+Src], eax
jb short loc_464087
mov edi, [edi]


loc_464087: ; CODE XREF: sub_464060+23↑j
cmp eax, 10h
jnb short loc_4640A6
movups xmm0, xmmword ptr [edi]
mov ebx, 0Fh
pop edi
movups xmmword ptr [esi], xmm0
mov [esi+10h], eax
mov eax, esi
mov [esi+14h], ebx
pop esi
pop ebx
pop ebp
retn 4

loc_4640A6: ; CODE XREF: sub_464060+2A↑j
mov ebx, eax
mov eax, 7FFFFFFFh

or ebx, 0Fh

cmp ebx, eax
cmova ebx, eax
lea eax, [ebx+1]

cmp eax, 1000h
jb short loc_4640E4


lea ecx, [eax+23h]
cmp ecx, eax
jbe short loc_46411A


push ecx ; Size
call ??2@YAPAXI@Z ; operator new(uint)


add esp, 4
test eax, eax
jz short loc_4640DE


lea ecx, [eax+23h]
and ecx, 0FFFFFFE0h

mov [ecx-4], eax
jmp short loc_4640F7


loc_4640DE: ; CODE XREF: sub_464060+71↑j
call ds:_invalid_parameter_noinfo_noreturn


loc_4640E4: ; CODE XREF: sub_464060+5D↑j
test eax, eax
jz short loc_4640F5


push eax ; Size
call ??2@YAPAXI@Z ; operator new(uint)

add esp, 4
mov ecx, eax
jmp short loc_4640F7


loc_4640F5: ; CODE XREF: sub_464060+86↑j
xor ecx, ecx



loc_4640F7: ; CODE XREF: sub_464060+7C↑j
; sub_464060+93↑j
mov eax, [ebp+Src]
inc eax
mov [esi], ecx

push eax ; Size
push edi ; Src
push ecx ; void *
call memcpy


mov eax, [ebp+Src]
add esp, 0Ch
mov [esi+10h], eax

mov eax, esi

mov [esi+14h], ebx
pop edi
pop esi
pop ebx
pop ebp
retn 4



loc_46411A: ; CODE XREF: sub_464060+64↑j
call sub_44B280

sub_464060 endp

[arthur plank]

Quote:

Originally Posted by zhgong007

so "_DWORD *this"

this particular argument ( or this pointer) should be regarded as a real funtion argument, or not?

Yes, the 'this' is a pointer to the instance data for the object and is normal for OOP. Without it the best the code could do is access static data for the class.

[zhgong007]

but based on IDA, we notice another instance of the same function is called with only one argument (i.e., the last argument). I guess the F5 analysis is not reliable and not consistent.

Quote:

Originally Posted by arthur plank

Yes, the 'this' is a pointer to the instance data for the object and is normal for OOP. Without it the best the code could do is access static data for the class.

[TQN]

thiscall calling convention.
this = ECX, RCX.