the function is part of a class of functions and structured data ...therefore when its called its assumed a this . 'This' is a pointer to the class itself. When you see it called you see the this being moved into ecx. Even when you call a function from a class it is assumed the first parameter is pointer to the class in which it comes from.
The __thiscall calling convention is used on member functions and is the default calling convention used by C++ member functions that do not use variable arguments. Under __thiscall, the callee cleans the stack, which is impossible for vararg functions. Arguments are pushed on the stack from right to left, with the this pointer being passed via register ECX, and not on the stack, on the x86 architecture.
__thiscall (C++)
from my post on UC
Code:
3715F660 53 PUSH EBX //tried tracing back this function with no luck but you can see that the call in red is from the same class so i traced that for the this:it is lazy but w/e
3715F661 8BD9 MOV EBX,ECX // here you can see this being moved into ebx so now i know the call below is part of the same class
3715F663 56 PUSH ESI
3715F664 8D43 08 LEA EAX,DWORD PTR DS:[EBX+8]
3715F667 57 PUSH EDI
3715F668 C700 00000000 MOV DWORD PTR DS:[EAX],0
3715F66E 50 PUSH EAX
3715F66F A1 10D97E37 MOV EAX,DWORD PTR DS:[377ED910]
3715F674 8B88 84000000 MOV ECX,DWORD PTR DS:[EAX+84]
3715F67A FFD1 CALL ECX
3715F67C 8B7C24 1C MOV EDI,DWORD PTR SS:[ESP+1C]
3715F680 83C4 04 ADD ESP,4
3715F683 6A 00 PUSH 0
3715F685 57 PUSH EDI
3715F686 8BCB MOV ECX,EBX
3715F688 E8 F3E2FFFF CALL cshell.3715D980//getplayerbyindex
3715F68D E8 7EFDFFFF CALL cshell.3715F410
3715F692 8BF0 MOV ESI,EAX
3715F694 85F6 TEST ESI,ESI
3715F696 75 20 JNZ SHORT cshell.3715F6B8
3715F698 8B4C24 10 MOV ECX,DWORD PTR SS:[ESP+10]
3715F69C A1 10D97E37 MOV EAX,DWORD PTR DS:[377ED910]
3715F6A1 8B10 MOV EDX,DWORD PTR DS:[EAX]
3715F6A3 8B52 18 MOV EDX,DWORD PTR DS:[EDX+18]
3715F6A6 51 PUSH ECX
3715F6A7 68 04A46E37 PUSH cshell.376EA404 ; ASCII "CCBAClientInfoMgr::AddClient %s End"
3715E914 8B0D 48CE7E37 MOV ECX,DWORD PTR DS:[377ECE48] //this ClientInfoMgr ; cshell.37805DA0
3715E91A 6A 00 PUSH 0 //unk
3715E91C 56 PUSH ESI//index
3715E91D E8 5EF0FFFF CALL cshell.3715D980//getplayerbyindex
I couldnt easy trace back(quickly) the initial function therefore i traced the getplayerByindex function which is shown in part 2.....The Getplayerbyindex has ebx moved into ecx , trae back ecx and you see it is set by 'This pointer' off the stack (in the same class "ClientInfoMgr")
hope this helps.
@ GCS --- so what its not like you reversed it ....just copy pasted, acted like you reversed it psssh.
any1 that want gcs pointer its [[[0x3784568C ]]+ 0xB0] = clientinfoMgr //credits to zoomgod
37181080 8D81 54850100 LEA EAX,DWORD PTR DS:[ECX+18554] // eax = 37823154
37181086 C3 RETN