Thread: Little question

  1. #1
    Registered User
    Join Date
    Jun 2018

    Little question

    Hello guys, I was testing something when a doubt arose.

    What's the difference beetween this two codes:

    First one:
    PIMAGE_DOS_HEADER DOSHeader = reinterpret_cast<PIMAGE_DOS_HEADER>(GetModuleHandle(nullptr));
        PIMAGE_NT_HEADERS NTHeaders = reinterpret_cast<PIMAGE_NT_HEADERS>(DOSHeader + DOSHeader->e_lfanew);
    Seconde one:
        PIMAGE_DOS_HEADER DOSHeader = reinterpret_cast<PIMAGE_DOS_HEADER>(GetModuleHandle(nullptr));
        PIMAGE_NT_HEADERS NTHeaders = reinterpret_cast<PIMAGE_NT_HEADERS>((BYTE*)DOSHeader + DOSHeader->e_lfanew);
    The second one worked and the first one doesnt, why? When I will see fields of first one it's irregular, not the correct as the second one.


  2. #2
    C++ Witch laserlight's Avatar
    Join Date
    Oct 2003
    * moved to Windows programming *

    You would need to read up on what exactly is PIMAGE_DOS_HEADER, but it presumably is a pointer to a struct (since your first line involves a reinterpret cast of a "handle", which typically is a pointer to something). Therefore, in order to skip a number of bytes corresponding to the first part of the struct to get to what is equivalent to the PIMAGE_NT_HEADERS portion, you need to cast that to a pointer to BYTE so that the pointer arithmetic would work.
    Quote Originally Posted by Bjarne Stroustrup (2000-10-14)
    I get maybe two dozen requests for help with some sort of programming or design problem every day. Most have more sense than to send me hundreds of lines of code. If they do, I ask them to find the smallest example that exhibits the problem and send me that. Mostly, they then find the error themselves. "Finding the smallest program that demonstrates the error" is a powerful debugging tool.
    Look up a C++ Reference and learn How To Ask Questions The Smart Way

  3. #3
    Registered User
    Join Date
    Feb 2019
    @Julimar, are you sure converting a HMODULE to a pointer is correct? In Windows API a HANDLE isn't an address and GetModuleHandle(NULL) will return the current executable instance handle...

    Assuming this would work (I think it doesn't!), DosHeader is a pointer to _IMAGE_DOS_HEADER, which is a structure. As @laserlight explained, when you add or subtracts an offset from a pointer, the compiler will multiply the size of the pointed type to the offset... The pointer DosHeader+DosHeader->e_lfanew is the same as (BYTE *)DosHeader+sizeof(_IMAGE_DOS_HEADER)*DosHeader->e_lfanew.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Replies: 2
    Last Post: 08-25-2014, 05:41 PM
  2. Replies: 1
    Last Post: 03-23-2011, 09:00 AM
  3. *szString = things question/memory question
    By Jang in forum C Programming
    Replies: 3
    Last Post: 01-20-2011, 04:59 AM
  4. Newbish Question file reading question....
    By kas2002 in forum C Programming
    Replies: 23
    Last Post: 05-17-2007, 12:06 PM
  5. Self regiserting DLLs question and libraries question.
    By ApocalypticTime in forum Windows Programming
    Replies: 2
    Last Post: 03-22-2003, 02:02 PM

Tags for this Thread