0

See http://pastebin.com/QLywfZYK for the relevant disassembled code in IDA. My question is which is the correct binary offset to get the pointer dword_1082FF28 when starting from the function signature (55 8B EC 83 EC 1C ...).

I'm reasonably certain it was 13 (thirteen), because that's what i get when i start with 55 = 1 and keep counting until i hit 28, which is where the pointer address starts. Is that correct?

I have only very rudimentary assembler knowledge, enough to scout out signatures if I need them, but not actually enough to READ the code.

Milen
  • 8,697
  • 7
  • 43
  • 57
AtomicStryker
  • 1
  • 2
  • 1
    The pastebin link is down, so the question you are asking is unclear. Regardless, you can display addresses as function offsets in IDA, assuming this is what you want. `Options > General > Function Offsets` – user1354557 Jul 10 '13 at 16:00

1 Answers1

0

Normally offsets start at 0 so the offset from the start of your function (55h) would be 12 (0Ch). Adding 12 to the address of your function gives the address of the pointer.

stark
  • 12,615
  • 3
  • 33
  • 50
  • Thanks, atleast it's not something crazy like counting the bytes from back to front or something ... 12 or 13 i can trial-and-error if i have to – AtomicStryker Jul 06 '13 at 14:03