What I often see online, when the topic is reversing, is this syntax
*(_WORD *)(a1 + 6) = *(_WORD *)(a2 + 2);
I think this code is from an IDA plugin (right?), but I can't understand it .. can someone explain me a little bit, or indicate something where to study this code nature ?
Thanxs in advance =)
This code copies 2 bytes from the address pointed to by a2 + 2
into the address pointed to by a1 + 6
.
In more detail, the code does the following:
a2
.WORD
pointer, i.e. a pointer to a value made up of two bytes. This is the (_WORD *)
part on the right.*
at the very left of the expression on the right.We now have a 16-bit value. Now we:
a1
.WORD
pointer. Again, this is the (_WORD *)
part.If you've never seen such code before, you may think that it's superfluous to use the (_WORD*)
on both sides of the expression - but it is not. For example, we can read a 16 bit value and write it into a pointer to a 32-bit value (e.g. by sign-extending it).
I suggest that you also look at the assembly code where you will see the steps making up this assignment. If you don't have it available then just write a C program on your own that does such manipulation and then decompile it.