x86 asm: Help with disassembled code

Question

Can anyone explain me following asm code please? What it does? I already commented it a bit out..
EDIT: C++, compiled with MS Visual C++ 2008 Express Eddition -> reassembled

.text:39552AF5    pop     ecx
.text:39552AF6    push    eax             ; void *
.text:39552AF7    lea     eax, [ebp+procedureVariable_C] ; get a proc variable from stack to eax?
.text:39552AFA    call    sub_39501565 ; call procedure with arguments: eax(void) and the lea result?
.text:39552AFF    mov     ecx, dword_395D0A44 ; dword_395D0A44("official") char gets moved into ecx
.text:39552B05    mov     eax, ebx ; ?
.text:39552B07    call    sub_39572981 ; ? no arguments?

.text:39501565; int __stdcall sub_39501565(void *)
.text:39501565 sub_39501565 proc near; CODE XREF: sub_39501423+1Cp
.text:39501565; sub_39501803+1Cp...
.text:39501565
.text:39501565 arg_0 = dword ptr 4
.text:39501565
.text:39501565 cmp [esp+arg_0], 0
.text:3950156A push edi
.text:3950156B mov edi, eax
.text:3950156D jnz short loc_39501573
.text:3950156F xor eax, eax
.text:39501571 jmp short loc_39501583
.text:39501573; ---------------------------------------------------------------------------
.text:39501573
.text:39501573 loc_39501573: ; CODE XREF: sub_39501565+8j
.text:39501573 mov eax, [esp+4+arg_0]
.text:39501577 lea edx, [eax+1]
.text:3950157A
.text:3950157A loc_3950157A: ; CODE XREF: sub_39501565+1Aj
.text:3950157A mov cl, [eax]
.text:3950157C inc eax
.text:3950157D test cl, cl
.text:3950157F jnz short loc_3950157A
.text:39501581 sub eax, edx
.text:39501583
.text:39501583 loc_39501583: ; CODE XREF: sub_39501565+Cj
.text:39501583 push eax; int
.text:39501584 push [esp+8+arg_0]; void *
.text:39501588 call sub_39501524
.text:3950158D mov eax, edi
.text:3950158F pop edi
.text:39501590 retn 4
.text:39501590 sub_39501565 endp

Answer 1

This part

.text:39501573
.text:39501573 loc_39501573: ; CODE XREF: sub_39501565+8j
.text:39501573 mov eax, [esp+4+arg_0]
.text:39501577 lea edx, [eax+1]
.text:3950157A
.text:3950157A loc_3950157A: ; CODE XREF: sub_39501565+1Aj
.text:3950157A mov cl, [eax]
.text:3950157C inc eax
.text:3950157D test cl, cl
.text:3950157F jnz short loc_3950157A
.text:39501581 sub eax, edx

looks like it is scanning for a nul byte and computing end - start + 1 , where start + 1 comes from edx .

This is what strlen would do!

Is there some magic here?!

Answer 2

lea does not dereference anything. It just does arithmetic with the registers in its second parameter and stores the result in the first parameter.

lea     eax, [ebp+procedureVariable_C];

Assuming that procedureVariable_C is a constant offset it adds that offset to calculate the pointer to the corresponding variable.

Answer 3

What do you want to know from SO that you don't already know? It's a couple function calls. The first passes a local parameter by reference in EAX, the second gets EAX as a parameter, perhaps a result from the first call, or perhaps just what was passed into this block in EBX.

We don't know what calling conventions are used, whether this assembler is disassembled compiler output or 'human' coding, no context, no clue to what the functions do or return. We're not exactly in a good position to help.

There is nothing unusual about this code. What's the problem?

Rgds, Martin