Questions tagged [struct]

Question 1

I have a Linux kernel that I open with Ghidra. There is a task_struct that I want to map all the fields. The problem is that os big struct (around 3000 bytes) and have lot of ifdef in the source code. ...

Question 2

For a PowerPC binary with debugging symbols, the function signature is: CrossProduct(VECTOR *,VECTOR,VECTOR) It's correct as it matches the source code for an older version of the application: void ...

Question 3

I'm trying to parse a binary file and it has a structure similar to this, struct foo { int64_t count_things; int64_t offset_to_thing[count]; int8_t bytes[]; int64_t other fields; } ...

Question 4

I am trying to reverse a c++ program and make the decompiler represent a byte-array in a single line. The c++ code contains the following line: BYTE fileArray[139] = {0x50, 0x51....} Ghidra ...

Question 5

There is a structure with size of 16-Bytes, and an array of it is defined. The disassembly code for navigation through the array is: MOV i, i,LSL#4 LDR R4, =arr_of_struct ADD i, i, R4 LDR ...

Question 6

In older versions of IDA, you could right-click a struct in the structure view and change its position in the list, making it easier to separate "internal" vs "external" structs. ...

Question 7

If I analyse multiple PDF files with a hex editor, I see that all of them have two trailers. That's possible if an object has changed or renewed (https://blog.idrsolutions.com/multiple-trailers-in-a-...

Question 8

When decompiling an exe file, I have defined two structs struct A and struct B that are of the same structure. They appeared under different contexts, thus I assumed that they were different structs. ...

Question 9

What I know about it: struct unknown_struct { struct _KAPC apc; struct _KEVENT event; char unknown[2056]; }; So first a kernel apc struct then a kernel event struct and the total size is ...

Question 10

In IDA, I have the following disassembly code (from an old 16-bit DOS application) : les bx, _Foo mov word ptr es:[bx+84h], 0FFFFh mov word ptr es:[bx+8Ch], 0FFFFh mov word ptr es:[bx+...

Question 11

how do I go around figuring out where to reverse engineer a struct? As shown in the picture below, I have this function called "struct dynamic_array" which I want to reverse engineer and ...

Question 12

I have an object named ComputeService::RPC that is being used as input in a function inside a binary file: __int64 __fastcall ComputeService::Rpc::GetClientProcessId(ComputeService::Rpc *this) pc *...

Question 13

Im trying make my idb beautier. I want to parse the offset to PE structure. Here is some example: I want to parse (module + 60) to (module_base->e_lfanew) but when i change the type of module_base ...

Question 14

I want to define struct in Ida , but I know only partial of this struct I only know that in arr[12] that int student_id , and I don't know the rest of struct. Ida recognize that struct as char * . How ...

Question 15

I have a function with the first few instructions defined as follows: sub rsp, 0x80 lea rbp, [rsp + 0x20] mov qword [rbp + 0x58], rsi mov qword [rbp + 0x50], rbx mov qword [rbp + 0x70], rcx mov ...

Stack Exchange Network

Questions tagged [struct]

Analyze task_struct in linux kernel

Why does a function with 3 parameters is decompiled as 9 parameters?

How can I create a radare2 type for a variable-length struct?

Ghidra: undefined4 to bytearray

IDA Decompiler generates wrong output on array of structures!

Is it no longer possible to re-order structures in IDA?

PDF file have two trailers?

Identify two structs in IDA

Need help finding a windows struct

How to set a variable as "pointer to struct" in IDA in order to automatically replace offsets by field names?

How do I reverse engineer structs that are put as parameters in a function

How to restore struct fields

Parse offset to PE struct

Define partial struct with IDA

troublesome stack frame setup

Hot Network Questions