I'm currently reverse engineering a game and I've come across an issue where I need to call GetRawInputData
, which expects pcbSize
as one of its arguments.
Normally in C I would just write sizeof(pData)
but I have no idea how to go about this in machine code.
sizeof
is purely a construct of the C type system, and is completely resolved at compile time to a plain number; there's no such a thing in machine code, you'll probably just find an immediate value in a push
or mov
corresponding to the size of pData
.
For example, in a program of ours, the sequence
RAWINPUT raw;
UINT dwSize = sizeof(raw);
GetRawInputData((HRAWINPUT)lparam, RID_INPUT, &raw, &dwSize, sizeof(RAWINPUTHEADER));
gets translated by gcc 4.8 as
0x005f351d <+125>: lea eax,[ebp-0x48] // eax = &dwSize
0x005f3520 <+128>: mov DWORD PTR [esp+0xc],eax // pcbSize = eax = &dwSize
0x005f3524 <+132>: lea eax,[ebp-0x38] // eax = &raw
0x005f3527 <+135>: mov DWORD PTR [ebp-0x48],0x28 // dwSize = sizeof(raw) i.e. 38
0x005f352e <+142>: mov DWORD PTR [esp+0x10],0x10 // cbSizeHeader = sizeof(RAWINPUTHEADER) i.e. 16
0x005f3536 <+150>: mov DWORD PTR [esp+0x8],eax // pdata = eax = &raw
0x005f353a <+154>: mov DWORD PTR [esp+0x4],0x10000003 // uiCommand = RID_INPUT
0x005f3542 <+162>: mov DWORD PTR [esp],ecx // hRawInput = lparam
0x005f3545 <+165>: call DWORD PTR ds:0x20967fc // call GetRawInputData