reverse-engineeringidareversing

Reverse engineering ambiguous syntax


What I often see online, when the topic is reversing, is this syntax

  *(_WORD *)(a1 + 6) = *(_WORD *)(a2 + 2);

I think this code is from an IDA plugin (right?), but I can't understand it .. can someone explain me a little bit, or indicate something where to study this code nature ?

Thanxs in advance =)


Solution

  • This code copies 2 bytes from the address pointed to by a2 + 2 into the address pointed to by a1 + 6.

    In more detail, the code does the following:

    We now have a 16-bit value. Now we:

    If you've never seen such code before, you may think that it's superfluous to use the (_WORD*) on both sides of the expression - but it is not. For example, we can read a 16 bit value and write it into a pointer to a 32-bit value (e.g. by sign-extending it).

    I suggest that you also look at the assembly code where you will see the steps making up this assignment. If you don't have it available then just write a C program on your own that does such manipulation and then decompile it.