Results 1 to 3 of 3

Thread: Question in IDA PRO and HEX-RAYS Decompiler

  1. #1
    epi2000
    Guest

    Question in IDA PRO and HEX-RAYS Decompiler

    Hi,

    I'm sure the following code:

    Code:
    int __cdecl sort_balls()
    {
      unsigned int v0; // ebx@1
      int v1; // edi@1
      int result; // eax@1
      unsigned int v3; // ebx@5
      int v4; // edx@5
      __int32 v5; // edx@17
      unsigned int v6; // eax@17
      int s[66]; // [sp+4h] [bp-108h]@1
    
      v0 = 0;
      memset(s, 0, 0xF4u);
      memset(s, 999, 0xF4u);
      v1 = 0;
      result = game_int;
      do
      {
        if ( !result )
        {
    LABEL_17:
          v5 = random() % 60;
          v6 = 0;
          do
          {
            if ( v5 == s[v6] )
              goto LABEL_17;
            ++v6;
          }
          while ( v6 <= v0 );
          s[v0] = v5;
          result = game_int;
        }
        ++v0;
        *(_DWORD *)(v1 + 135362116) = 330;
        *(_DWORD *)(v1 + 135362120) = 12;
        *(_DWORD *)(v1 + 135362132) = 330;
        *(_DWORD *)(v1 + 135362136) = 12;
        *(_DWORD *)(v1 + 135362124) = 0;
        *(_DWORD *)(v1 + 135362128) = 0;
        v1 += 28;
      }
      while ( v0 <= 59 );
      *(_DWORD *)&ball[908] = 154;
      if ( !result )
      {
        v3 = 0;
        v4 = (int)ball;
        do
        {
          result = s[v3];
          if ( (unsigned int)result > 14 )
          {
            if ( (unsigned int)result > 29 )
            {
              if ( (unsigned int)result > 44 )
              {
                if ( (unsigned int)result > 59 )
                  goto LABEL_9;
                result = *(_DWORD *)&cart[4 * result + 1264];
              }
              else
              {
                result = *(_DWORD *)&cart[4 * result + 844];
              }
            }
            else
            {
              result = *(_DWORD *)&cart[4 * result + 424];
            }
          }
          else
          {
            result = *(_DWORD *)&cart[4 * result + 4];
          }
          *(_DWORD *)v4 = result;
    LABEL_9:
          ++v3;
          v4 += 28;
        }
        while ( v3 <= 0x3B );
      }
      return result;
    }

    I do not know what exactly "* (* _DWORD)" means. If a structure is and if it is how to improve this part of the code.

    Thanks for the help, I'm starting this world. =)
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    that`s a double dereference:

    PHP Code:
    mov tmpdword ptr [(v1 135362116)]
    mov dword ptr[tmp], 330

    or

    mov dword ptr[dword ptr [(v1 135362116)]], 330 
    you figure out what exactly the loops does...it`s probably easier to re-implement the function from scratch, if you know what it is doing...

  3. #3
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Posts
    1,281
    There is no "* (* _DWORD)" in the code you pasted, so I assume you mean, "*(_DWORD *)". This simply means to read 4 bytes in little-endian at the location following.

    For example:
    mov eax, 0x12345678
    mov ebx, dword ptr:[eax]

    Could be decompiled as:
    ebx = * (_DWORD *)0x12345678

Similar Threads

  1. Decompiler in IDA
    By ice_cracked in forum The Newbie Forum
    Replies: 3
    Last Post: March 29th, 2013, 10:57
  2. Decompiler C++ , Binary
    By jackall in forum The Newbie Forum
    Replies: 10
    Last Post: May 27th, 2008, 03:42
  3. Decompiler for IDA on it's way
    By SHaG in forum Tools of Our Trade (TOT) Messageboard
    Replies: 4
    Last Post: April 15th, 2007, 15:48
  4. Decompiler Discussion
    By Sarge in forum Mini Project Area
    Replies: 54
    Last Post: January 1st, 2002, 07:02
  5. Decompiler
    By MR. Candyman in forum Tools of Our Trade (TOT) Messageboard
    Replies: 4
    Last Post: November 8th, 2000, 15:59

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •