TransWikia.com

Understanding the increment in the array (v6++)[4] = v9;

Stack Overflow Asked by John Wick on February 22, 2021

I have decompiled some .elf file with IDA’s hex rays, what it gave me:

signed int __fastcall SEC_calc_(unsigned int a1, unsigned int a2, _DWORD *a3)
{
  char v30;    
  v3 = a1;
  v4 = a2;
  v6 = &v30;
  int v7;
  unsigned int v9;
  unsigned int v8; 
  v7 = 0;
  do
  {
    v8 = v4 >> v7;
    v9 = v3 >> v7;
    v7 += 8;
    *v6 = v8;
    (v6++)[4] = v9;
  }
  while ( v7 != 32 );

Assume that

 a1 = 0xC9A6010C
 a2 = 0xF1FFDFEF

I can understand that it’s shifting the bits to the right and increasing the shifting value by 8 every loop until v7=32 (means only 4 loops). But what is

*v6 = v8;
(v6++)[4] = v9;

*v6 = v8 is pointer right? so t means v30 will equal v8 value as well?
and I completely don’t understand

 (v6++)[4] = v9;

why its an increment in the [4] array? And why it is signed with v9?

c++

2 Answers

*v6 = v8;
(v6++)[4] = v9;

*v6 = v8 is pointer right? so t means v30 will equal v8 value as well?

v6 is the pointer, so *v6 designates the object it points to (v30 in this case). Thus, yes, *v6 = v8 copies the current value of variable v8 to variable v30.

I completely don't understand

 (v6++)[4] = v9;

why its an increment in the [4] array?

v6++ evaluates to the current value of v6, with a side effect of afterward incrementing v6 by one. The overall statement is approximately equivalent to these two separate statements:

 v6[4] = v9;
 v6 = v6 + 1;

For its part, v6[4] designates the object of the same type as *v6 that appears four positions after *v6, just as if v6 itself designated an array having at least five elements.

And why it is signed with v9?

The = v9 part is a straightforward assignment. It assigns the current value of variable v9 to the object designated by (v6++)[4]. I would have to study the code a lot more deeply to hypothesize about why the function performs that assignment.

Correct answer by John Bollinger on February 22, 2021

(v6++)[4] = v9; is a nasty bit of code that you hopefully don't write by hand like that.

First, break out the post increment:

v6[4] = v9;
v6++;

v6 is a char *, which means that it can be indexed, dereferenced, and incremented. You are assigning the lowest byte of integer v9 to the 5th element of v6, which is 4, then 5, then 6 and finally 7 characters past the location of v30. After the assignment, move v6 up one byte.

By the way, the previous line, *v6 = v8; assigns to v30, then the next byte and the next and the next. The loop iterates 4 times, since you check when v7 == 32 in increments of 8. That means that the two assignments are relying on v3 and v4 immediately following v30 on the stack and writing to those bytes.

That last assumption may be undefined behavior, but I am not a language lawyer.

Answered by Mad Physicist on February 22, 2021

Add your own answers!

Ask a Question

Get help from others!

Recent Questions

Recent Answers

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP