TransWikia.com

Cant recognise where is my targeted function executed

Reverse Engineering Asked on April 6, 2021

Im trying to recognise where is my targeted function int64 __fastcall sub_1400CE4F0(__int64 a1, const char *a2)executed. When stepping through this function, after return it’s redirecting me here:

if ( *(_QWORD *)(v9 + v8 + 8) || *(_QWORD *)(v9 + v8 + 16) )
  (*(void (__fastcall **)(_QWORD, __int64))(v9 + v8 + 16))(*(_QWORD *)(v9 + v8 + 8), v4);
if ( v5 == 0xFFFFFFF ) //Here..
  v5 = *((_DWORD *)v2 + 9);
  1. Where is this function executed? Am I in the right place?
  2. Is it hidden in those cast’s? How can I understand them? (Maybe it’s hidden in those casts?)

One Answer

You can see in the line:

(*(void (__fastcall **)(_QWORD, __int64))(v9 + v8 + 16))(*(_QWORD *)(v9 + v8 + 8), v4);

That you have an indirect function call - a function that is called by a value of a variable, and not by a direct address.

Your function has the following signature:

void your_func(QWORD, __int64)

And the function itself comes from the v9 + v8 + 16 variables.

So v9 + v8 + 8 is the first parameter of the function, and v4 is the second parameter.

Correct answer by macro_controller on April 6, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP