I have a code where I get information from an executable via the address that is captured in IDA, however I have a problem that I am not finding solution.
IDA is used for reverse engineering more information https://www.hex-rays.com/products/decompiler/
class ConfUserHook : public UserInfo {
public:
ConfUserHook();
int GetType() const override;
int GetMode() const override;
private:
struct ConfUser
{
int type;
int mode;
};
ConfUser *c_user;
};
ConfUserHook::ConfUserHook() {
c_user = *reinterpret_cast<ConfUserHook::ConfUser**>(0x63AC30);
}
int ConfUserHook::GetType() const {
return &c_user->type);
}
int ConfUserHook::GetMode() const {
return &c_user->mode);
}
My IDA Address
.data:0063AC30 ; CUser *c_user
.data:0063AC30 c_user dd ?
When I run GetType or GetMode they return me the incorrect value,
GetMode for example should return me 1600, but it is returning me 36.
if I directly use the address and add with the bytes of the struct I get the value.
Example of code that works without the use of struct:
int ConfUserHook::GetType() const {
return *(int*)(*(int*)(0x63AC30) + 0x1);
}
but I want to get the value using the struct, some way to do this?
Aucun commentaire:
Enregistrer un commentaire