Skip to main content
Reverse Engineering

Return to Question

Commonmark migration
Source Link
Community Bot
Community Bot
  • 1

  1. there is a suspicious 0 in the very beginning of VMT. It is reasonable to suggest that sometimes it may be not 0, as it happened in the dump above, but what is it then? See here.

  2. there is typeinfo. What does it allow to do? See here.

  3. there are two destructors, _ZN13QSystemLocaleD2Ev and _ZN13QSystemLocaleD0Ev. See why.

    and, finally:

  4. can I be sure that VMT is not initialized/modified at run-time? If it is written to, what gets written?

and, finally:

  1. can I be sure that VMT is not initialized/modified at run-time? If it is written to, what gets written?

  1. there is a suspicious 0 in the very beginning of VMT. It is reasonable to suggest that sometimes it may be not 0, as it happened in the dump above, but what is it then? See here.

  2. there is typeinfo. What does it allow to do? See here.

  3. there are two destructors, _ZN13QSystemLocaleD2Ev and _ZN13QSystemLocaleD0Ev. See why.

and, finally:

  1. can I be sure that VMT is not initialized/modified at run-time? If it is written to, what gets written?

  1. there is a suspicious 0 in the very beginning of VMT. It is reasonable to suggest that sometimes it may be not 0, as it happened in the dump above, but what is it then? See here.

  2. there is typeinfo. What does it allow to do? See here.

  3. there are two destructors, _ZN13QSystemLocaleD2Ev and _ZN13QSystemLocaleD0Ev. See why.

    and, finally:

  4. can I be sure that VMT is not initialized/modified at run-time? If it is written to, what gets written?

replaced http://reverseengineering.stackexchange.com/ with https://reverseengineering.stackexchange.com/
Source Link
Community Bot
Community Bot
  • 1

  1. there is a suspicious 0 in the very beginning of VMT. It is reasonable to suggest that sometimes it may be not 0, as it happened in the dump above, but what is it then? See hereSee here.

  2. there is typeinfo. What does it allow to do? See hereSee here.

  3. there are two destructors, _ZN13QSystemLocaleD2Ev and _ZN13QSystemLocaleD0Ev. See whySee why.

  1. there is a suspicious 0 in the very beginning of VMT. It is reasonable to suggest that sometimes it may be not 0, as it happened in the dump above, but what is it then? See here.

  2. there is typeinfo. What does it allow to do? See here.

  3. there are two destructors, _ZN13QSystemLocaleD2Ev and _ZN13QSystemLocaleD0Ev. See why.

  1. there is a suspicious 0 in the very beginning of VMT. It is reasonable to suggest that sometimes it may be not 0, as it happened in the dump above, but what is it then? See here.

  2. there is typeinfo. What does it allow to do? See here.

  3. there are two destructors, _ZN13QSystemLocaleD2Ev and _ZN13QSystemLocaleD0Ev. See why.

Tweeted twitter.com/#!/StackReverseEng/status/467071709988659200
Better usage of the wiki syntax
Source Link
perror
perror
  • 19.2k
  • 29
  • 89
  • 151

  1. there is a suspicious 0 in the very beginning of VMT. It is reasonable to suggest that sometimes it may be not 0, as it happened in the dump above, but what is it then? See here.

  2. there is typeinfo. What does it allow to do? See here.

  3. there are two destructors, _ZN13QSystemLocaleD2Ev and _ZN13QSystemLocaleD0Ev. See why.

  1. there is a suspicious 0 in the very beginning of VMT. It is reasonable to suggest that sometimes it may be not 0, as it happened in the dump above, but what is it then? See here.

  2. there is typeinfo. What does it allow to do? See here.

  3. there are two destructors, _ZN13QSystemLocaleD2Ev and _ZN13QSystemLocaleD0Ev. See why.

  1. can I be sure that VMT is not initialized/modified at run-time? If it is written to, what gets written?
  1. can I be sure that VMT is not initialized/modified at run-time? If it is written to, what gets written?

The typeinfotypeinfo is:

  1. there is a suspicious 0 in the very beginning of VMT. It is reasonable to suggest that sometimes it may be not 0, as it happened in the dump above, but what is it then? See here.

  2. there is typeinfo. What does it allow to do? See here.

  3. there are two destructors, _ZN13QSystemLocaleD2Ev and _ZN13QSystemLocaleD0Ev. See why.

  1. can I be sure that VMT is not initialized/modified at run-time? If it is written to, what gets written?

The typeinfo is:

  1. there is a suspicious 0 in the very beginning of VMT. It is reasonable to suggest that sometimes it may be not 0, as it happened in the dump above, but what is it then? See here.

  2. there is typeinfo. What does it allow to do? See here.

  3. there are two destructors, _ZN13QSystemLocaleD2Ev and _ZN13QSystemLocaleD0Ev. See why.

  1. can I be sure that VMT is not initialized/modified at run-time? If it is written to, what gets written?

The typeinfo is:

added 79 characters in body
Source Link
18446744073709551615
18446744073709551615
  • 605
  • 1
  • 8
  • 16
added 79 characters in body
Source Link
18446744073709551615
18446744073709551615
  • 605
  • 1
  • 8
  • 16
added 68 characters in body
Source Link
18446744073709551615
18446744073709551615
  • 605
  • 1
  • 8
  • 16
deleted 60 characters in body
Source Link
18446744073709551615
18446744073709551615
  • 605
  • 1
  • 8
  • 16
added 4 characters in body
Source Link
18446744073709551615
18446744073709551615
  • 605
  • 1
  • 8
  • 16
added the section "inside are not only functions"
Source Link
18446744073709551615
18446744073709551615
  • 605
  • 1
  • 8
  • 16
added 742 characters in body
Source Link
18446744073709551615
18446744073709551615
  • 605
  • 1
  • 8
  • 16
Source Link
18446744073709551615
18446744073709551615
  • 605
  • 1
  • 8
  • 16