I'm reverse-engineering an old game, using CE. I found the code that modifies the unit's HP, but I can't find the base address, since the offset is negative.
The thing is I don't even know how this works, it sounds silly to me, why would the compiler/dev do that anyways ? Is it a kind of a stack temporary pointer ? Is there any way to find it ? (I'm pretty sure there is a way) It's frustrating because I have found offsets for like the ID, the HP and stuff, but the base... I don't have problems with that normally, the offsets are positive.
I thought that the base would be something along [esi-STRUCTURE_SIZE]
and the last item would be [esi]
Or maybe I'm completely wrong.
Thanks :)
Negative offsets are typically used for accessing base class members from a sub-class pointer when multiple inheritance is used. The compiler will know the full layout and instead of upcasting the pointer first, directly access members from base classes.
From the generated code it is not possible to know where the class instance starts in memory. However it should generally be possible to find the base pointer by tracking accesses to negativly addressed members. After all the programmer probably created the hierarchy to access the base members independently of what exact derived type they are.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With