0

I have a code and I don't understand variable stat_loc compare 127 (0x7f), then it compare 5. Can you explain me??? Thank you very much !!

int __fastcall m_loop(__int64 Input)
{
      int result;
      int stat_loc; 
      void *v3;
      __pid_t pid_child; 
      void *nanomites_addr;
      stat_loc = 0;
      nanomites_addr = mmap(0LL, 0x141, 7, 34, -1, 0);
      pid_child = fork();
      if ( !pid_child )`// This is the child process`
      {                                             
            if ( ptrace(0, 0LL, 0LL, 0LL) == -1 )
              {   puts("So you want to trace me?!");
                  exit(42);
              }
            v3 = nanomites_addr;
            ((void (__fastcall *)(__int64))nanomites_addr)(Input);
                                       /* Call the first nanomite,
                                          xor rax, rax
                                          xor rcx, rcx
                                          xor rbx, rbx
                                          mov al, byte ptr[rdi]
                                          int 3 */
            exit(0);
      }
      while ( waitpid(pid_child, &stat_loc, 0) != -1 ) // This is in the parent
      {
       if ( (stat_loc == 127 )
           {
               if ( BYTE1(stat_loc) == 5 )
                   parent_read_regs(nanomites_addr, pid_child);
               ptrace(PTRACE_CONT, pid_child, 0, 0);
           }
      }
if ( BYTE1(stat_loc) )
   result = puts("You lost !");
else
   result = puts("You win! ");

This is image file for parent_read_regs() function

truong kiet
  • 1
  • 1
  • Welcome to Stack Overflow. Please read the [About] and [Ask] pages soon, and about how to create an MCVE ([MCVE]) more urgently. The code you show is confusing, at best, and incomplete (it can't be compiled). You've not given any context in which you found it. It is not remotely clear what it is intended to do. There's no indication of what `BYTE1` as a function or macro does. The liberal use of `ptrace()` makes life complex, too — it is not easy to understand. It looks as though both the parent and child code go through the `while` loop condition; the child won't enter the loop. – Jonathan Leffler May 20 '18 at 17:58
  • 1
    And who knows what the final if/else block does in the child when the value in `stat_loc` might, or might not, still be 0 — and again we don't know what `BYTE1` does. – Jonathan Leffler May 20 '18 at 17:59
  • Which documentation on `waitpid()` did you read? I recommend [this](http://pubs.opengroup.org/onlinepubs/9699919799/functions/wait.html). – alk May 21 '18 at 09:17
  • BTW, I cannot read the screen shot. Please post text as text. – alk May 21 '18 at 09:17
  • A web search finds some slightly different code: `if ( (unsigned __int8)stat_loc == 127 ) { if ( BYTE1(stat_loc) == 5 )` This code appears to check the least-significant and next-to-least-significant bytes of stat_loc. – Mark Plotnick May 25 '18 at 09:40

0 Answers0