Flag: Tornado! Hurricane!

 Forums >>  IDA Pro  >>  IDA PRO Struct Pointer Counter big number not starting from address offset 0, Lowers a bit slightly but not completely to 0

Topic created on: April 15, 2014 23:34 CDT by sspoke .

I put the whole question in 3 images from research it seems I need to use `CTRL+R` but I don't think that's what I need since I could lower the number a bit lower just can't lower it to the proper amount of 0.

I think the problem is I'm not creating the structs properly probably missing something.




ASM Code:

    .text:0040E040 ; =============== S U B R O U T I N E =======================================
    .text:0040E040
    .text:0040E040
    .text:0040E040 ; struct_ARENA *__thiscall code(struct_PLAYER *player, const void *buf, unsigned int len, int a4)
    .text:0040E040 sub_40E040      proc near              
    .text:0040E040                                        
    .text:0040E040
    .text:0040E040 buf             = dword ptr  4
    .text:0040E040 len             = dword ptr  8
    .text:0040E040 a4              = dword ptr  0Ch
    .text:0040E040
    .text:0040E040                 push    ebx
    .text:0040E041                 push    esi
    .text:0040E042                 mov     esi, ecx
    .text:0040E044                 mov     eax, [esi+1Ch]
    .text:0040E047                 test    eax, eax
    .text:0040E049                 jz      short loc_40E093
    .text:0040E04B                 mov     ecx, [eax+0FF0Ch]
    .text:0040E051                 xor     ebx, ebx
    .text:0040E053                 test    ecx, ecx
    .text:0040E055                 jle     short loc_40E093
    .text:0040E057                 push    edi
    .text:0040E058                 push    ebp
    .text:0040E059                 mov     ebp, [esp+10h+a4]
    .text:0040E05D                 mov     edi, 0FB20h
    .text:0040E062
    .text:0040E062 loc_40E062:                            
    .text:0040E062                 mov     eax, [edi+eax]
    .text:0040E065                 cmp     eax, esi
    .text:0040E067                 jz      short loc_40E082
    .text:0040E069                 mov     ecx, [eax+38h]
    .text:0040E06C                 test    ecx, ecx
    .text:0040E06E                 jnz     short loc_40E082
    .text:0040E070                 mov     ecx, [esp+10h+len]
    .text:0040E074                 mov     edx, [esp+10h+buf]
    .text:0040E078                 push    ebp             ; a4
    .text:0040E079                 push    ecx             ; len
    .text:0040E07A                 push    edx             ; buf
    .text:0040E07B                 mov     ecx, eax        ; this
    .text:0040E07D                 call    SendPlayerReliablePacket
    .text:0040E082
    .text:0040E082 loc_40E082:                            
    .text:0040E082                                        
    .text:0040E082                 mov     eax, [esi+1Ch]
    .text:0040E085                 inc     ebx
    .text:0040E086                 add     edi, 4
    .text:0040E089                 cmp     ebx, [eax+0FF0Ch]
    .text:0040E08F                 jl      short loc_40E062
    .text:0040E091                 pop     ebp
    .text:0040E092                 pop     edi
    .text:0040E093
    .text:0040E093 loc_40E093:                            
    .text:0040E093                                        
    .text:0040E093                 pop     esi
    .text:0040E094                 pop     ebx
    .text:0040E095                 retn    0Ch
    .text:0040E095 sub_40E040      endp
    .text:0040E095 ; ---------------------------------------------------------------------------
    .text:0040E098                 align 10h

Here is one that looks better only 1 struct instead of 2 but still same problem


No posts found under this topic.
Note: Registration is required to post to the forums.

There are 31,310 total registered users.


Recently Created Topics
[help] Unpacking VMP...
Mar/12
Reverse Engineering ...
Jul/06
hi!
Jul/01
let 'IDAPython' impo...
Sep/24
set 'IDAPython' as t...
Sep/24
GuessType return une...
Sep/20
About retrieving the...
Sep/07
How to find specific...
Aug/15
How to get data depe...
Jul/07
Identify RVA data in...
May/06


Recent Forum Posts
Finding the procedur...
rolEYder
Question about debbu...
rolEYder
Identify RVA data in...
sohlow
let 'IDAPython' impo...
sohlow
How to find specific...
hackgreti
Problem with ollydbg
sh3dow
How can I write olly...
sh3dow
New LoadMAP plugin v...
mefisto...
Intel pin in loaded ...
djnemo
OOP_RE tool available?
Bl4ckm4n


Recent Blog Entries
halsten
Mar/14
Breaking IonCUBE VM

oleavr
Oct/24
Anatomy of a code tracer

hasherezade
Sep/24
IAT Patcher - new tool for ...

oleavr
Aug/27
CryptoShark: code tracer ba...

oleavr
Jun/25
Build a debugger in 5 minutes

More ...


Recent Blog Comments
nieo on:
Mar/22
IAT Patcher - new tool for ...

djnemo on:
Nov/17
Kernel debugger vs user mod...

acel on:
Nov/14
Kernel debugger vs user mod...

pedram on:
Dec/21
frida.github.io: scriptable...

capadleman on:
Jun/19
Using NtCreateThreadEx for ...

More ...


Imagery
SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit