what is assign to a random offset?

[James Taylor]

the following cods is generated by IDA pro. 

I don't understand where and what is assigned to off_40G030?

there is no reference in code section.

what does the following code mean?

what is the clean code of the following code?

Edited July 30, 2018 by James Taylor

[fearless]

Probably that at that particular offset is stored a DEVICE_OBJECT, either a pointer to the DEVICE_OBJECT structure, or the actual contents of the structure. https://msdn.microsoft.com/en-us/library/windows/hardware/ff543147(v=vs.85).aspx

[James Taylor]

9 minutes ago, fearless said:

Probably that at that particular offset is stored a DEVICE_OBJECT, either a pointer to the DEVICE_OBJECT structure, or the actual contents of the structure. https://msdn.microsoft.com/en-us/library/windows/hardware/ff543147(v=vs.85).aspx

what is the pseudo code for the following decompiled code?

Thanks 

[deepzero]

Please show the assembly code, that first compare makes no sense to me. Did you patch the Assembly manually or meddle with the decompiler somehow?

[James Taylor]

32 minutes ago, deepzero said:

Please show the assembly code, that first compare makes no sense to me. Did you patch the Assembly manually or meddle with the decompiler somehow?

That's the source code. there is no more to be shown !!

[evlncrn8]

.data

blah dd offset somethingelse

.code

mov eax, [blah]

cmp eax, offset blah

je someothercondition

.. continues

mov ebx,[eax.DEVICE_OBJECT.Characteristics]

and ebx, 2

jz someothercondition

.. continues

lea ebx, [eax.DEVICE_OBJECT.Flags]

cmp byte ptr [ebx], 4

jb someothercondition

.. continues

 

someothercondition:

------

something like that, might be wrong but it gives the general jist..

also "thats the source code" - nonsense, thats some hexrays c interpretation of the asm code, dont lie

 

 

 

Edited July 31, 2018 by evlncrn8