On 1/14/22 14:31, Mohamad Al-Jaf wrote:
I'm testing it out in Windows to get a sense of what it does. Here's my code in C++, let me know if it's incorrect:
typedef int (*CurrentIP)(); HMODULE hDLL = LoadLibraryA("wdscore.dll"); CurrentIP ip = (CurrentIP)GetProcAddress(hDLL, "CurrentIP"); std::cout << "CurrentIP() = " << ip() << "\n"; FreeLibrary(hDLL);
It returns random numbers, e.g. 10424371, 1249331, 6033459. So doesn't this mean it's returning the instruction pointer?
A more likely scenario is that the code address is changing from one invocation to another.
Try compiling with "/LINK /DYNAMICBASE:NO" (in MSVC) or "-no-pie" (in GCC/MinGW).
See also: https://en.wikipedia.org/wiki/Address_space_layout_randomization, and https://en.wikipedia.org/wiki/Position-independent_executable.