Igor’s Tip of the Week #164: Where’s my code? The case of missing function arguments

Let’s consider this snippet from decompilation of an x86 Windows binary:

The same function is called twice with the same argument and the last one doesn’t seem to use the result of the GetComputerNameExW call.

By switching to disassembly, we can see that eax is initialized before each call with a string address:

However the decompiler does not consider it, because on x86 the stack is the usual way of passing arguments and eax is most commonly just a temporary …

argument binary call called case code disassembly function malware analysis missing result week windows x86