It’s doing two pointer deferences on v0 before calling it. The next function call is a little cryptic. The function sub_8048846 called just after the new() takes the pointer as parameter, and certainly is the constructor. We can see the new(8), which means our object is 8 bytes long, even if that doesn’t mean we have 8 bytes of variables. Here’s the decompilation of a small test program I compiled with G++. Member variables are a bit easier: they work like their counterpart in C (structs), and IDA has a very handy tool to declare structures, and hex-rays handles them very well in the disassembly.
LEARN IDA PRO CODE
Virtual functions are silly: it is hard to know, without running the program with breakpoints, what code is going to be executed at runtime (and disassemble it). You will see accesses to its member variables (embedded objects) and maybe calls to virtual functions. An object needs memory, so you will see a call to new() (or a stack allocation), a call to a constructor and a destructor. The object is an instantiation of a class, and something you can observe in IDA. Object = memory allocation + data + virtual functions. The data structure can only be seen in the source code, when the methods will appear in your favorite disassembler. We’ll just see how it works (and is implemented) in the big lines. It is not my goal to teach you how OOP works, you already know that. I have found the results to be similar, even if they may not be compatible. Of course, Hex-rays is not going to invent the names for you, you’ll still have to make sense of the code and what it means to you, but at least, being able to give a name to the classes will certainly help.Īll my samples here have been compiled either with visual studio or Gnu C++. *len = buffer_avail_bytes(this2->decrypted_input_buffer) Packet_type = buffer_get_u8(this2->decrypted_input_buffer) Ptr = buffer_get_data_ptr(this2->compression_buffer_in) īuffer_add_data_and_alloc(this2->decrypted_input_buffer, ptr, avail_len) If ( padding decrypted_input_buffer, 5u) īuffer_skip_end(this2->decrypted_input_buffer, padding) īuffer_reinit(this2->compression_buffer_in) īuffer_reinit(this2->decrypted_input_buffer) Īvail_len = buffer_avail_bytes(this2->compression_buffer_in) It’s our job to add symbol names, identify classes and set up all the information to help hex-rays in giving us a reliable and certainly understandable output: padding = *Dst Here’s a sample of what you get with Hex-rays when you start up digging into an interesting function: v81 = 9 This was the first time I seriously studied a C++ codebase, using IDA as the only source of information, and found it quite hard. During my holidays, I had plenty of time to study and reverse a program, which was completely coded in C++.
0 kommentar(er)
