[DiscordArchive] This still goes over my head.
[DiscordArchive] This still goes over my head.
Original source
Yup, thats correct
rektbyfaith
06-02-2025, 06:44 PM #11Archived author: robinsch • Posted: 2025-06-02T18:44:22.233000+00:00
Original source
Yup, thats correct
Original source
So how would I go from here?
How can I tell that struct now where that function actually lies... if I can? And what return value it gives
rektbyfaith
06-02-2025, 06:45 PM #12Archived author: Saty • Posted: 2025-06-02T18:45:19.034000+00:00
Original source
So how would I go from here?
How can I tell that struct now where that function actually lies... if I can? And what return value it gives
Original source
You know that `0xBEAF68` + `0x0` is your VMT.
rektbyfaith
06-02-2025, 06:46 PM #13Archived author: robinsch • Posted: 2025-06-02T18:46:03.487000+00:00
Original source
You know that `0xBEAF68` + `0x0` is your VMT.
Original source
And if you go there in IDA you see that the VMT holds 4 functions
rektbyfaith
06-02-2025, 06:46 PM #14Archived author: robinsch • Posted: 2025-06-02T18:46:20.931000+00:00
Original source
And if you go there in IDA you see that the VMT holds 4 functions
Original source
Hmmm. What exactly do you mean with "Go there"? Like jump to the address like here:
![[Image: 02_20_50_03_ida.png?ex=690c4521&is=690af...0d1eab7fb&]](https://cdn.discordapp.com/attachments/1086807686571642900/1379170240717656185/02_20_50_03_ida.png?ex=690c4521&is=690af3a1&hm=5b923f241278f53c1eb10e4722b2f96fac509e3ace464652d9136810d1eab7fb&)
rektbyfaith
06-02-2025, 06:50 PM #15Archived author: Saty • Posted: 2025-06-02T18:50:09.180000+00:00
Original source
Hmmm. What exactly do you mean with "Go there"? Like jump to the address like here:
Original source
It's probably something super simple that just doesn't click yet xD
rektbyfaith
06-02-2025, 06:51 PM #16Archived author: Saty • Posted: 2025-06-02T18:51:41.192000+00:00
Original source
It's probably something super simple that just doesn't click yet xD
Original source
Well I guess it's easier if I give you the solution and you backtrace it
rektbyfaith
06-02-2025, 06:53 PM #17Archived author: robinsch • Posted: 2025-06-02T18:53:00.352000+00:00
Original source
Well I guess it's easier if I give you the solution and you backtrace it
Original source
`0x567610` is the static initializer the compiler generated for `MACRONODE` and there you see the VMT is located at `0x00A0FAA8`
rektbyfaith
06-02-2025, 06:54 PM #18Archived author: robinsch • Posted: 2025-06-02T18:54:09.119000+00:00
Original source
`0x567610` is the static initializer the compiler generated for `MACRONODE` and there you see the VMT is located at `0x00A0FAA8`
Original source
Oooh I see okay.
But then the question arrises how you know that the initializer is at 0x567610.
Just some already known address or a simple matter of "something is there if"?
rektbyfaith
06-02-2025, 06:57 PM #19Archived author: Saty • Posted: 2025-06-02T18:57:23.342000+00:00
Original source
Oooh I see okay.
But then the question arrises how you know that the initializer is at 0x567610.
Just some already known address or a simple matter of "something is there if"?
Original source
You xref your struct, I am not sure about all compilers but MSVC usually generates them at a very high address
rektbyfaith
06-02-2025, 07:00 PM #20Archived author: robinsch • Posted: 2025-06-02T19:00:48.737000+00:00
Original source
You xref your struct, I am not sure about all compilers but MSVC usually generates them at a very high address
1 Guest(s)
1 Guest(s)