FANDOM


SummaryEdit

This function gets the memory address of an array from its variant structure on the stack.

DefinitionEdit

DWORD __vbaRefVarAry(DWORD* Array)

DisassemblyEdit

72A1C417   PUSH ESI
72A1C418   MOV ESI, DWORD PTR SS:[ESP+8]
72A1C41C   TEST BYTE PTR DS:[ESI+1], 0x20
72A1C420   JNZ SHORT MSVBVM60.72A1C429
72A1C422   PUSH 0x0D
72A1C424   CALL MSVBVM60.72A0E22C
72A1C429   TEST BYTE PTR DS:[ESI+1], 0x40
72A1C42D   JE SHORT MSVBVM60.72A1C436
72A1C42F   MOV EAX, DWORD PTR DS:[ESI+8]
72A1C432   POP ESI
72A1C433   RETN 4
72A1C436   LEA EAX, DWORD PTR DS:[ESI+8]
72A1C439   JMP SHORT MSVBVM60.72A1C432

BreakdownEdit

72A1C417 - Save ESI

72A1C418 - Move variant stack pointer into ESI

72A1C41C - Check variant type in header

72A1C420 - Jump down to next check if 6th bit of second header byte is set

72A1C422 - Push 0x0D as argument to next function

72A1C424 - TODO: what does this call do?

72A1C429 - Second check of variant type in header

72A1C42D - Jump down to set return value as pointer (LEA) if 7th bit of the second header byte is not set

72A1C42F - Set return value (EAX) to memory address stored in variant structure on stack, this is only done when !(HEADER_BYTE && 0x40) aka when above jump is not taken

72A1C432 - Restore ESI

72A1C433 - Return

72A1C436 - Set return value (EAX) to pointer to array memory address in variant structure on stack, this is only done when (HEADER_BYTE && 0x40) aka when above jump is taken

72A1C439 - Jump up to return after setting return value

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.