|
|
#1
02-12-2019, 04:59
|
|||
|
|||
|
Hex-Rays and negative structure offsets
I have the following structure definitions:
Code:
#pragma pack(push, 1)
struct Vector2
{
float X;
float Y;
};
#pragma pack(pop)
#pragma pack(push, 1)
struct Vector3
{
float X;
float Y;
float Z;
};
#pragma pack(pop)
#pragma pack(push, 1)
struct VertClass
{
Vector3 Vertexes[2];
Vector3 Normals[2];
int SmGroup;
int Id;
int BoneIndexes[2];
int BoneWeights[2];
int MaterialRemapIndex;
int MaxVertColIndex;
Vector2 TexCoord[4][2];
Vector2 TexCoord2[4][2];
Vector2 TexCoord3[4][2];
Vector2 TexCoord4[4][2];
Vector3 DiffuseColor[4];
Vector3 SpecularColor[4];
Vector3 DiffuseIllumination[4];
float Alpha[4];
int VertexMaterialIndex[4];
Vector3 Tangent;
Vector3 Binormal;
Vector3 CrossProduct;
int Attribute0;
int Attribute1;
int SharedSmGroup;
int UniqueIndex;
int ShadeIndex;
VertClass *NextHash;
};
#pragma pack(pop)
Code:
void __thiscall VertClass::Reset(VertClass *this)
{
int *v1; // edi
_DWORD *v2; // esi
_DWORD *v3; // eax
signed int v4; // ebp
this->Vertexes[0].X = 0.0;
this->Vertexes[0].Y = 0.0;
this->Vertexes[0].Z = 0.0;
this->Normals[0].X = 0.0;
this->Normals[0].Y = 0.0;
this->Normals[0].Z = 0.0;
this->Vertexes[1].X = 0.0;
this->Vertexes[1].Y = 0.0;
this->Vertexes[1].Z = 0.0;
this->Normals[1].X = 0.0;
this->Normals[1].Y = 0.0;
this->Normals[1].Z = 0.0;
this->SmGroup = 0;
this->Id = 0;
this->MaxVertColIndex = 0;
this->MaterialRemapIndex = 0;
v1 = this->VertexMaterialIndex;
v2 = (_DWORD *)&this->DiffuseColor[0].Z;
v3 = (_DWORD *)&this->TexCoord[0][1].Y;
v4 = 4;
do
{
*(v2 - 2) = 1065353216;
*(v2 - 1) = 1065353216;
*v2 = 1065353216;
v2[10] = 1065353216;
v2[11] = 1065353216;
v2[12] = 1065353216;
v2[22] = 0;
v2[23] = 0;
v2[24] = 0;
*(v1 - 4) = 1065353216;
*v1 = -1;
*(v3 - 3) = 0;
*(v3 - 2) = 0;
*(v3 - 1) = 0;
*v3 = 0;
v3[1] = 0;
v3[2] = 0;
v3[3] = 0;
v3[4] = 0;
v3[5] = 0;
v3[6] = 0;
v3[7] = 0;
v3[8] = 0;
v3[9] = 0;
v3[10] = 0;
v3[11] = 0;
v3[12] = 0;
v2 += 3;
++v1;
v3 += 16;
--v4;
}
while ( v4 );
this->BoneIndexes[0] = 0;
this->BoneIndexes[1] = 0;
this->BoneWeights[0] = 100;
this->BoneWeights[1] = 0;
this->Attribute0 = 0;
this->Attribute1 = 0;
this->UniqueIndex = 0;
this->ShadeIndex = 0;
this->NextHash = NULL;
}
|
|
#2
02-17-2019, 03:49
|
||||
|
||||
|
Find your struct in Local Types and Edit it. See if it matches what you think it should be. Find you struct in Structures, open it up with ctrl-+ and you'll see all your struct members and their offsets (sorry, I'm sure you know all this). My point is - alignment. It can easily be diffent to what you think. If you are inputing your structs to IDA as a *.h file, rather than directly into Local Types, then there is an even bigger chance of the alignment beig different. I'm never sure if alignment directives in *.h files fed to IDA get interpretted or not, IDA often seems to align struct member of a 4 byte boundary for a 32 bit PE and 8 bytes for a 64bit PE.
Actually, I'm wondering... you *did* give IDA your struct definitions, yes? Git
|
|
#3
02-20-2019, 06:43
|
|||
|
|||
|
Well Ida has analyzed and defined in the stack setup:
Code:
int *v1; // edi _DWORD *v2; // esi _DWORD *v3; // eax Code:
struct SomeStruct
{
PDWORD pdwField1,
PDWORD pdwField2,
PDWORD pdwField3
}
|
| The Following User Says Thank You to Avalon For This Useful Post: | ||
niculaita (02-20-2019) | ||
|
#4
02-20-2019, 10:37
|
|||
|
|||
|
Did you post the orginal C source of that function, hexrays can recognize negative offset, but need to known the sharp of struct, http://www.hexblog.com/?p=63
|
 |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Multiply by negative one | chants | General Discussion | 8 | 02-08-2017 23:23 |
| I need some suggestion about a site structure | Hero | General Discussion | 4 | 04-30-2005 16:34 |
| Need help with IDA and operand offsets | Ecmhacker | General Discussion | 4 | 05-04-2003 10:20 |
Linear Mode
