Skip to main content
Reverse Engineering

Questions tagged [pointer]

Ask Question

The tag has no summary.

34 questions
Newest Active Bountied Unanswered
3 votes
1 answer
245 views

I would like to know all the constants used for memory access except for non-pointer constants (e.g. argument) in IDA Pro. Is there such a way?
user212942's user avatar
  • 131
1 vote
0 answers
178 views

In a DLL I am trying to reverse there often is a reference to something I believe to be a fixed pointer (like a global var) which looks like dword_10038534. The references I am talking about look like ...
Curious User's user avatar
  • 11
0 votes
2 answers
1k views

In IDA, I have the following disassembly code (from an old 16-bit DOS application) : les bx, _Foo mov word ptr es:[bx+84h], 0FFFFh mov word ptr es:[bx+8Ch], 0FFFFh mov word ptr es:[bx+...
tigrou's user avatar
  • 381
0 votes
1 answer
157 views

As part of solving the Hidden password challenge, I found an condition calls a virtual function the v14 points to v8 variable : and the functions in the program does not make sense for me, there is ...
IVs's user avatar
  • 137
1 vote
1 answer
4k views

Of all the confusing parts of Ghidra, I'd like to ask about the "code" keyword. A similar question was asked here. However, I am not asking what the keyword is, but how to interpret/define ...
Luke Dunn's user avatar
  • 21
2 votes
0 answers
135 views

On CompactRISC CR16C architecture, because instructions only start at even-numbered addresses, code pointers (as used by JAL, JUMP, Jcond) are shifted one bit to the right. These are distinct from ...
zzt's user avatar
  • 43
0 votes
1 answer
105 views

In this decompiled code, does psVar8[-6] refer to 6*sizeof(psVar8) == 12 bytes before psVar8? psVar8 = (short *)(&DAT_1412345b4 + named_index * 0x20); do { if (psVar8[-6] == 0) break; // ... } ...
Anna's user avatar
  • 175
2 votes
2 answers
302 views

memory=VirtualAlloc(lpAddress, 3*v48, flAllocationType, 16*v19); ..... shellcode=(int (__stdcall *)(_DWORD, _DWORD))memory; ..... shellcode(&hkernel32, 0) If ...
hoshia1234's user avatar
  • 21
0 votes
1 answer
1k views

i was wondering how to get to the function definition of a function pointer. Currently i have a function which is called in the following way: iVar = (*DAT)(param_2, PTR_s) When i press on *DAT i see ...
Hakan's user avatar
  • 11
2 votes
1 answer
455 views

I know this is compiler/ABI dependent, not necessarily standardized, etc. I've always assumed, from what I've read in several places (e.g. an answer here or the example in wikipedia), that a typical ...
Alejandro Exojo's user avatar
  • 23
1 vote
2 answers
227 views

As part of a CTF challenge I have to understand the inner workings of a cryptlock type malware, and use it to decrypt a file containing the flag. I used GHIDRA to decompile the binary. The encryption ...
Balocre's user avatar
  • 11
0 votes
1 answer
86 views

I've decompiled a custom router ELF binary using Hex-Rays and have recently come across the following function in the binary: pkt_hdr_t *__cdecl pkt_hdr_from_frame(frame_t *frame, uint16_t *remaining) ...
Newbie's user avatar
  • 277
1 vote
1 answer
266 views

I need to hook 10/20 functions like these: static void* __cdecl HookFunction1(char *FileName, int a2, int a3, int a4); __declspec(naked) void HookFunction2(char *Src, int pedx, int a3, ...
user3449922's user avatar
  • 289
0 votes
1 answer
706 views

i am trying to hook wndproc in an game, to do that i am injecting a dll into their memory, my problem is i don't wanna do a Global Hook to the wndproc, i want to get a pointer to his procedure to do ...
Mov Eax's user avatar
  • 3
9 votes
4 answers
10k views

Looking at an assembly code snippet I see: lea rax, [rbp-0x50] Which tells me that the rax register now points to whatever value is in rbp-hex(50). Question. Would I achieve the same result doing ...
user3732445's user avatar
  • 321

15 30 50 per page
1
2 3