#1
|
|||
|
|||
Hex-Rays and negative structure offsets
I have the following structure definitions:
Code:
#pragma pack(push, 1) struct Vector2 { float X; float Y; }; #pragma pack(pop) #pragma pack(push, 1) struct Vector3 { float X; float Y; float Z; }; #pragma pack(pop) #pragma pack(push, 1) struct VertClass { Vector3 Vertexes[2]; Vector3 Normals[2]; int SmGroup; int Id; int BoneIndexes[2]; int BoneWeights[2]; int MaterialRemapIndex; int MaxVertColIndex; Vector2 TexCoord[4][2]; Vector2 TexCoord2[4][2]; Vector2 TexCoord3[4][2]; Vector2 TexCoord4[4][2]; Vector3 DiffuseColor[4]; Vector3 SpecularColor[4]; Vector3 DiffuseIllumination[4]; float Alpha[4]; int VertexMaterialIndex[4]; Vector3 Tangent; Vector3 Binormal; Vector3 CrossProduct; int Attribute0; int Attribute1; int SharedSmGroup; int UniqueIndex; int ShadeIndex; VertClass *NextHash; }; #pragma pack(pop) Code:
void __thiscall VertClass::Reset(VertClass *this) { int *v1; // edi _DWORD *v2; // esi _DWORD *v3; // eax signed int v4; // ebp this->Vertexes[0].X = 0.0; this->Vertexes[0].Y = 0.0; this->Vertexes[0].Z = 0.0; this->Normals[0].X = 0.0; this->Normals[0].Y = 0.0; this->Normals[0].Z = 0.0; this->Vertexes[1].X = 0.0; this->Vertexes[1].Y = 0.0; this->Vertexes[1].Z = 0.0; this->Normals[1].X = 0.0; this->Normals[1].Y = 0.0; this->Normals[1].Z = 0.0; this->SmGroup = 0; this->Id = 0; this->MaxVertColIndex = 0; this->MaterialRemapIndex = 0; v1 = this->VertexMaterialIndex; v2 = (_DWORD *)&this->DiffuseColor[0].Z; v3 = (_DWORD *)&this->TexCoord[0][1].Y; v4 = 4; do { *(v2 - 2) = 1065353216; *(v2 - 1) = 1065353216; *v2 = 1065353216; v2[10] = 1065353216; v2[11] = 1065353216; v2[12] = 1065353216; v2[22] = 0; v2[23] = 0; v2[24] = 0; *(v1 - 4) = 1065353216; *v1 = -1; *(v3 - 3) = 0; *(v3 - 2) = 0; *(v3 - 1) = 0; *v3 = 0; v3[1] = 0; v3[2] = 0; v3[3] = 0; v3[4] = 0; v3[5] = 0; v3[6] = 0; v3[7] = 0; v3[8] = 0; v3[9] = 0; v3[10] = 0; v3[11] = 0; v3[12] = 0; v2 += 3; ++v1; v3 += 16; --v4; } while ( v4 ); this->BoneIndexes[0] = 0; this->BoneIndexes[1] = 0; this->BoneWeights[0] = 100; this->BoneWeights[1] = 0; this->Attribute0 = 0; this->Attribute1 = 0; this->UniqueIndex = 0; this->ShadeIndex = 0; this->NextHash = NULL; } |
#2
|
||||
|
||||
Find your struct in Local Types and Edit it. See if it matches what you think it should be. Find you struct in Structures, open it up with ctrl-+ and you'll see all your struct members and their offsets (sorry, I'm sure you know all this). My point is - alignment. It can easily be diffent to what you think. If you are inputing your structs to IDA as a *.h file, rather than directly into Local Types, then there is an even bigger chance of the alignment beig different. I'm never sure if alignment directives in *.h files fed to IDA get interpretted or not, IDA often seems to align struct member of a 4 byte boundary for a 32 bit PE and 8 bytes for a 64bit PE.
Actually, I'm wondering... you *did* give IDA your struct definitions, yes? Git |
#3
|
|||
|
|||
Well Ida has analyzed and defined in the stack setup:
Code:
int *v1; // edi _DWORD *v2; // esi _DWORD *v3; // eax Code:
struct SomeStruct { PDWORD pdwField1, PDWORD pdwField2, PDWORD pdwField3 } |
The Following User Says Thank You to Avalon For This Useful Post: | ||
niculaita (02-20-2019) |
#4
|
|||
|
|||
Did you post the orginal C source of that function, hexrays can recognize negative offset, but need to known the sharp of struct, http://www.hexblog.com/?p=63
|
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Multiply by negative one | chants | General Discussion | 8 | 02-08-2017 23:23 |
I need some suggestion about a site structure | Hero | General Discussion | 4 | 04-30-2005 16:34 |
Need help with IDA and operand offsets | Ecmhacker | General Discussion | 4 | 05-04-2003 10:20 |