1

I need to understand and reproduce (in another language) logic of following function (C code) and I don't really understand, what it is doing

double __thiscall sub_1(int this) {

    return * (double *) (this + 12);

}

It's compiled OK, but crashed while running .exe file

I'm not strong with C at all, and cannot find out, what actual manipulation this set of operands is doing * (double *) It's not a dereferencing, because there is no pointers declared.

Anyway, can anyone tell me - what will be output of function

for sub_1(2) and why ?

jsist
  • 5,223
  • 3
  • 28
  • 43
user3095293
  • 31
  • 1
  • 2
  • 1
    Are you sure that's the exact function? It doesn't make sense. – Mr Lister Dec 12 '13 at 12:13
  • 2
    This question would be better at [ReverseEngineering.SE](http://reverseengineering.stackexchange.com/). What you have there is a rough decompilation of the original code, and it is not correct. – DCoder Dec 12 '13 at 12:14
  • 1
    @DCoder Good one; I hadn't seen that. So `this` could be the address of a struct that contains 12 bytes of something and a double. – Mr Lister Dec 12 '13 at 12:16
  • 1
    input this = 2 >> SIGSEGV – m0skit0 Dec 12 '13 at 12:17
  • @MrLister: yes, it could be a function taking a struct pointer through `ecx`, but `__thiscall` usually means that it's a *C++ member function* (and it was compiled by Visual C++). – DCoder Dec 12 '13 at 12:19
  • But then I wouldn't expect to see `int this`. – Mr Lister Dec 12 '13 at 12:21
  • @MrLister: The decompilers are not perfect, they can only do so much magic and heuristics. When you ask Hex-Rays to decompile it, and it cannot find any known structure type passed into this function, it will fall back to using `int this`. – DCoder Dec 12 '13 at 12:25
  • @OP are you sure this is a `C` function, not a `C++` one? – Sourav Ghosh Dec 12 '13 at 12:35
  • `*` pointed to, `(double *)` type-cast points to double, `(this+12)` calculates effective address – James Dec 12 '13 at 12:40

1 Answers1

3

For this code to work, int this must be a variable holding the integer value of an address. From that address, there must be a valid double allocated, with a 12 byte offset. The code returns the contents of that double.

So if the function is called as sub_1(0x00000010), then there must be a double variable allocated at address 0x0000001C. If not, the program invokes undefined behavior and will most likely crash & burn.

Please note that it doesn't make any sense to use int to pass an address. A better choice would have been double*, or at least uint32_t which isn't a signed integer type. This code would have failed if the address was too large to fit inside an int.

Lundin
  • 195,001
  • 40
  • 254
  • 396
  • es, this code is part of decompiled code received and it doesn't make much sense to me either. What I'm actually trying to understand - is what sequence of operands is doing, without going into useless discussions about __thiscall, etc: `* (double *) (i) // where i - is int` step by step `* (i)` is doing `??` to int i and has a type of `??` a value of `??` `( double *)` - is doing `??` and result is of type ?? and value of ??? ` * (double * ) (i)` is final result is of type `??` and value of `??` Could you help me put missing information instead of `??` please . – user3095293 Dec 13 '13 at 05:36
  • @user3095293: `* (double *)(i)` interprets the value of `i` as a `double *` and then tries to dereference it. This is generally a bad idea because there's no guarantee that `i` is the same size as a pointer or that it makes sense to treat it as one. As we tried to tell you, in your code snippet `this` is not an `int`, but a `void *` (actually, a pointer to some kind of struct that has a `double` starting at its 12th byte). – DCoder Dec 13 '13 at 07:03