memory-address | 易学教程

RE - IDA finding function offset

阅读更多关于 RE - IDA finding function offset

问题 I am just starting out with Reverse Engineering. I've created a small C++ ConsoleApplication and I am trying to call the NewFunction via an injected DLL. void NewFunction() { DWORD dwImageBase = (DWORD)GetModuleHandle(NULL); std::cout << "ImageBase: " << ToHex(dwImageBase) << std::endl; std::cout << "NewFunction: " << ToHex((DWORD)&NewFunction) << std::endl; std::cout << "Offset: " << ToHex((DWORD)&NewFunction - dwImageBase) << std::endl; } Example Output: ImageBase: F90000 NewFunction:

Calculating JMP instruction's address

阅读更多关于 Calculating JMP instruction's address

问题 I am trying to hook a function by replacing its beginning with a JMP instruction which should lead to my function. But the problem is that I don't know how to calculate the JMP offset to target the address of my function. Well, I know how to do it if you jump forward in memory (Destination addr - Current addr), but I haven't got any ideas how to determine it when you jump back in memory. Could somebody help? 回答1: Just use negative offset to jump backwards. And remember to account for the size

ASLR and addresses

阅读更多关于 ASLR and addresses

问题 Have a look at this main: int main() { int asd = 10; printf("%p\n", &asd); return 0; } Address of asd at at a given moment: 0x7ffff5f7c16c Address of main (always the same): (gdb) disass main Dump of assembler code for function main: 0x00000000004005b4 <+0>: push %rbp Why the addresses of the variables, of a regular c program, change at every execution, whereas the starting address of the program itself it is always the same (assuming that it is not position independent)? I see that the

Can pointer point to itself memory address in C?

阅读更多关于 Can pointer point to itself memory address in C?

问题 In the following code, a pointer points to its own memory address. #include <stdio.h> int main() { void * ptr; ptr = &ptr; return 0; } Would it make sense, if the pointer was able to point to its own memory address? 回答1: No, it doesn't make sense. If you can find variable ptr, you can just do &ptr. It will give you the same results as the contents of ptr. Moreover since ptr only tells something about itself, it's useless anyhow. It doesn't provide any info meaningful to the rest of your

How is it that main function is always loaded at the same address whereas variables have different address most of the time?

阅读更多关于 How is it that main function is always loaded at the same address whereas variables have different address most of the time?

问题 I wrote this small program today and I was blown away by the results. Here is the program int main(int argc, char **argv) { int a; printf("\n\tMain is located at: %p and the variable a is located at address: %p",main,&a); return 0; } on my machine the main function is always loaded at address "0x80483d4" and the address of the variable keeps on varying How does this happen? I read in operating systems that as a part of virtualization scheme the OS keeps relocating the address of instructions.

C# Read pointer address value

阅读更多关于 C# Read pointer address value

(Sorry for my bad English ) How to read a value address from pointer in C#? Example: I know my pointer but the value change at application starting. 1) Start (Pointer) 0x0018F36C = ( Value) 0x0342AD68 2) Restart (Pointer) 0x0018F36C = ( Value Changed ) 0x0342AE20 Actually i have a base address 0x0018F36C but need to read value from pointer and save in long example: long addr_base = 0x0018F36C; long address; //Obviously I do not know the Address now i need to read long value from addr_base and put the value (long) in address example addr_base = memory.ReadAddress(addr_base) anyone know how to

how to get struct's start address from its member's address

阅读更多关于 how to get struct's start address from its member's address

问题 In C language, how to get struct's start address from its member's address? struct type1 { //... int member1; //... }; struct type1 obj1; And ptr1 is the address of member member1 in obj1 , how to define macro #define start_add(ptr1, type1, member1) to get obj1's start address? 回答1: You can do this using offsetof: #define start_add(ptr1, type1, member1) ((type1 *)((char *)(ptr1) - offsetof(type1, member1))) 回答2: this from windows wdk /* #define CONTAINING_RECORD(address, type, field) ((type *

When will memory used in a function become free ??(C programming)

阅读更多关于 When will memory used in a function become free ??(C programming)

问题 Below is the code The Code: #include <stdio.h> int * num(void); int main(void) { int * num2; num2 =num(); printf("%d\n" , *num2); return 0; } int * num(void) { int num = 20; return &num; } The Question : As we know , the function num is local to its function num() , so in this code I try to return the address of the variable num in the function to the function that calls it , which is main() . After that I just use the dereferencing operator to extract the value of the specific num variable

How to show the starting address of some variables in C?

阅读更多关于 How to show the starting address of some variables in C?

#include <stdlib.h> #include <stdio.h> #include <math.h> #include <string.h> extern char **environ; int global_x = 10; // initialised global variable int global_y; // un-initialised global variable char global_array1[] = "Hello, world!"; // initialised global array and a string literal char global_array2[10]; // un-initialised global array char *global_pointer1 = "bye!"; // global pointer to a string literal char *global_pointer2; // un-initialised global pointer float global_float = 100.1; // initialised global variable double global_double; // un-initialised global variable #define ONEGB

What is the difference between pointer to array and pointer to pointer?

阅读更多关于 What is the difference between pointer to array and pointer to pointer?

I'm new in programming and learning about pointers in array. I'm a bit confused right now. Have a look at the program below: #include <stdio.h> int fun(); int main() { int num[3][3]={23,32,478,55,0,56,25,13, 80}; printf("%d\n",*(*(num+0)+1)); fun(num); printf("%d\n", *(*(num+0)+1)); *(*(num+0)+0)=23; printf("%d\n",*(*(num+0))); return 0; } int fun(*p) // Compilation error { *(p+0)=0; return 0; } This was the program written in my teacher's notes. Here in the main() function, in the printf() function dereference operator is being used two times because num is pointer to array so first time