I am very confused about this one item I am looking at doing some reversing for.
Here is the line in IDA:
cmp [ebp+8], offset unk4323
To me, this will compare the contents inside (ebp+8) and compare to the global unk4323. If not the same, then it will jump to loc3434. Is that right? Because if it is, that's not what I am seeing. I have attached a debugger and examined the contents of both and they are definitely not the same (I even zero-ed the global unk4323). But the cmp instruction always sets the Zero flag and never causes the jmp to occur.
ebp+8: b4 42 a9 8a
unk4323: 00 00 00 00
The cmp instruction with these values sets the zero flag
Am I missing something here?
Please advise. Thanks.