I've tracked down the function that is being used to switch out items from the hotkey bar. My non-pointer addresses for hotkey slots pass through this function, so how would I go about tracing that to the pointer.
0x00584F24: and dword ptr [eax+ecx*4], 0
That's where it gets the value from, EAX+ECX*4 is my hotkeys non-pointer value.. (Is that an array btw, the "], 0", is for array index access.. Correct?)
Also, how do I determine the real types of function parameters? I know I can debug, and sometimes see a familiar value, and guess at the type then, but I'm getting no clues from watching the registers. (Is there an easier\better way to determine what they are?)
- Code: Select all
.text:00584F15 ChangeHotkeys_584F15 proc near ; CODE XREF: sub_42005B+2608p
.text:00584F15
.text:00584F15 var_10 = dword ptr -10h
.text:00584F15 var_8 = dword ptr -8
.text:00584F15 var_4 = dword ptr -4
.text:00584F15 arg_0 = dword ptr 8
.text:00584F15 arg_4 = dword ptr 0Ch
.text:00584F15
.text:00584F15 push ebp
.text:00584F16 mov ebp, esp
.text:00584F18 sub esp, 10h
.text:00584F1B mov eax, [ecx+148h]
.text:00584F21 mov ecx, [ebp+arg_0]
.text:00584F24 and dword ptr [eax+ecx*4], 0
.text:00584F28 push ebx
.text:00584F29 push esi
.text:00584F2A mov esi, [ebp+arg_4]
.text:00584F2D push edi
.text:00584F2E mov edi, [esi]
.text:00584F30 push ecx
.text:00584F31 mov ecx, esp
.text:00584F33 push 0FFFFFFFFh
.text:00584F35 push offset aPc_expression_ ; "PC_EXPRESSION_ITEM_ASSIGNMENT_ICON_INSI"...
.text:00584F3A call sub_99EBF0
.text:00584F3F mov ecx, esi
.text:00584F41 call dword ptr [edi+0Ch]
.text:00584F44 mov edi, eax
.text:00584F46 test edi, edi
.text:00584F48 jz short loc_584F92
.text:00584F4A lea ecx, [ebp+var_8]
.text:00584F4D call sub_42BED4
.text:00584F52 mov ebx, [edi]
.text:00584F54 push ecx
.text:00584F55 push ecx
.text:00584F56 lea eax, [ebp+var_8]
.text:00584F59 mov ecx, esp
.text:00584F5B push eax
.text:00584F5C mov [ebp+var_8], 1
.text:00584F63 call sub_42CD84
.text:00584F68 mov ecx, edi
.text:00584F6A call dword ptr [ebx+0F8h]
.text:00584F70 mov eax, [edi]
.text:00584F72 lea ecx, [ebp+arg_0]
.text:00584F75 push ecx
.text:00584F76 mov ecx, edi
.text:00584F78 call dword ptr [eax+38h]
.text:00584F7B mov eax, [edi]
.text:00584F7D lea ecx, [ebp+arg_0]
.text:00584F80 push ecx
.text:00584F81 mov ecx, edi
.text:00584F83 mov byte ptr [ebp+arg_0+3], 0
.text:00584F87 call dword ptr [eax+34h]
.text:00584F8A lea ecx, [ebp+var_4]
.text:00584F8D call sub_42ABCA
.text:00584F92
.text:00584F92 loc_584F92: ; CODE XREF: ChangeHotkeys_584F15+33j
.text:00584F92 call sub_41E5F2
.text:00584F97 push 0FFFFFFFFh
.text:00584F99 push offset aPc_expressio_0 ; "PC_EXPRESSION_ITEM_INSIDE_CONTAINER"
.text:00584F9E lea ecx, [ebp+arg_0]
.text:00584FA1 mov edi, eax
.text:00584FA3 call sub_99EBF0
.text:00584FA8 push 0
.text:00584FAA lea eax, [ebp+arg_0]
.text:00584FAD push eax
.text:00584FAE mov ecx, edi
.text:00584FB0 call sub_41DB1D
.text:00584FB5 push eax
.text:00584FB6 lea ecx, [ebp+var_10]
.text:00584FB9 call sub_429C15
.text:00584FBE lea ecx, [ebp+arg_0]
.text:00584FC1 call sub_99EAE0
.text:00584FC6 mov eax, [esi]
.text:00584FC8 lea ecx, [ebp+var_10]
.text:00584FCB push ecx
.text:00584FCC mov ecx, esi
.text:00584FCE call dword ptr [eax+0F0h]
.text:00584FD4 lea ecx, [ebp+var_10]
.text:00584FD7 call sub_4291DE
.text:00584FDC pop edi
.text:00584FDD pop esi
.text:00584FDE pop ebx
.text:00584FDF leave
.text:00584FE0 retn 8
.text:00584FE0 ChangeHotkeys_584F15 endp