It gives me two accesses:
- Code: Select all
004B7F18 0FBF42 02 MOVSX EAX, WORD PTR [EDX+2] 46
Value of registers after statement:
Address: 004B7F18
EAX (after): 0000000F ESP (after): 0018A620
ECX (after): 00000001 EBP (after): 0018A630
EDX (after): 08465DFC ESI (after): 00011652
EBX (after): 00000000 EDI (after): 00000000
Move Fh to EAX with sign-extension
And this one:
- Code: Select all
74BE5008 72 2A JB 74BE5034 3
Address: 74BE5008
EAX (after): 08465E1C ESP (after): 0017DA24
ECX (after): 00000007 EBP (after): 0017DA2C
EDX (after): 00000000 ESI (after): 08465E00
EBX (after): 00000000 EDI (after): 0017EEC8
Jump short if below/carry (CF=1)
I can't figure out what it's trying to tell me... If I get the registers prior to the first statement, I feel like I'm getting somewhere... As it tells me what EDX is before...
But ultimately, two days have been wasted trying to trace this... can anyone give me any tips based on what I've posted?