CHAPTER 74. TASK MANAGER PRACTICAL JOKE (WINDOWS VISTA) CHAPTER 74. TASK MANAGER PRACTICAL JOKE (WINDOWS VISTA)
...mov r8d, 30h
lea r9, [rsp+298h+var_268]
lea rdx, [rsp+298h+var_258]
lea ecx, [r8-2Dh] ; put 3 to ECX
; ECX=SystemTimeOfDayInformation
call cs:__imp_NtQuerySystemInformation ; not zero
...mov rbp, [rsi+8]
mov r8d, 20h
lea r9, [rsp+98h+arg_0]
lea rdx, [rsp+98h+var_78]
lea ecx, [r8+2Fh] ; put 0x4F to ECX
mov [rsp+98h+var_60], ebx
mov [rsp+98h+var_68], rbp
; ECX=SystemSuperfetchInformation
call cs:__imp_NtQuerySystemInformation ; not zero
It’s hard to say why, but it is whatMSVCoften does. Maybe this is some kind of optimization andLEAworks faster or better
than loading values usingMOV?
Another example of such thing is:64.5.1 on page 652.