Reverse engineering ambiguous syntax

Question

What I often see online, when the topic is reversing, is this syntax

  *(_WORD *)(a1 + 6) = *(_WORD *)(a2 + 2);

I think this code is from an IDA plugin (right?), but I can't understand it .. can someone explain me a little bit, or indicate something where to study this code nature ?

Thanxs in advance =)

Answer 1

This code copies 2 bytes from the address pointed to by a2 + 2 into the address pointed to by a1 + 6.

In more detail, the code does the following:

• advance 2 bytes from a2.
• treat the result as a WORD pointer, i.e. a pointer to a value made up of two bytes. This is the (_WORD *) part on the right.
• read the 2 bytes referenced by the above pointer. This is the * at the very left of the expression on the right.

We now have a 16-bit value. Now we:

• advance 6 bytes from a1.
• treat the result as a WORD pointer. Again, this is the (_WORD *) part.
• write the 2 bytes we read in the first part into the address pointed to by the pointer that we have.

If you've never seen such code before, you may think that it's superfluous to use the (_WORD*) on both sides of the expression - but it is not. For example, we can read a 16 bit value and write it into a pointer to a 32-bit value (e.g. by sign-extending it).

I suggest that you also look at the assembly code where you will see the steps making up this assignment. If you don't have it available then just write a C program on your own that does such manipulation and then decompile it.