can we concate (byte *) to (int) in c++?

Question

I decompiled a .so file in ghidra and I found a line of code :

puVar24 = (ulong *)(pbVar12 + 0x10);

pbVar12 type : byte *

0x10 type : int

so if we can concate byte* with int how in python ?

Answer 1

This isn't really a C++ issue but a very down-to-earth C feature: pointer arithmetic. pbVar12 is not a byte or char or anything but the * indicates, it's a pointer to byte . Sometimes, pointers are really confusing, but in this situation it's actually rather simple:

1. pbVar12 is an address in memory: if you imagine memory as a long street, then every cell in memory corresponds to a house and each house has house numbers. And pbVar12 stores this number.
2. Pointers allow something kind-of unexpected in C: you can add numbers to them. So if pbVar12 is, say 0x1337 and you add 0x10 , the result will be 0x1347 . Within the metaphor: you start with house number 0x1337 and progress 0x10 houses "up the street" ending up at house 0x1347 .
3. I didn't lie in the previous point but I left out a detail that only matters in a more general situation: when you add a number x to a pointer p , the result is not just p plus x but p plus x multiplied by the size of the referenced data type . And the referenced data type here is byte , which has a size of 1 , so this detail doesn't matter. If pbVar12 wouldn't be a pointer to byte but to, say float , the result would be 0x1377 instead because float has a size of 4 ( 0x1337 + 0x10 * 4 = 0x1377 ) . Stretching the metaphor a bit now I suppose, but you can imagine in this general case, tha the pointer points not to a street of single houses but to street of building complexes, where each complex is so big, it has multiple house numbers (4 in this case). And "progressing one house" actually means skipping 4 house numbers.

Now that we got the low-level details straight, I'll give a bit more context and an explanation in the reversing context: These kinds of pointers-arithmetics is used by C internally when working with arrays. The notation a[i] is actually just syntactic sugar for *(a + i) (which reads as "add i to the pointer a and dereference the result).

So if I would have to guess, I'd assume that pbVar12 actually is an array of unsinged long and the + 0x10 actually means indexing it at position 4 ( 0x10 = 16 = 4 * 4 ). Or to phrase this in a short C-snipped:

unsigned long *puVar24;
unsigned long pbVar12[123];
puVar24 = &pbVar12[4];

You also mentioned Python, so I'll loose a few more words about that: I assume you are trying to re-implement some code you saw in Ghidra in Python, maybe because you want to emulate some behavior. The confusion now is that you don't actually work with data directly and numbers but with references to memory addresses. So you actually would need to understand, how puVar24 is used later and need to read the corresponding 4 bytes of memory located at pbVar12 + 4 (or pbVar12 + 16 if pbVar12 really turns out to be a byte array as opposed to a float array).