使用if语句比较两个十六进制值

时间:2014-01-18 08:12:36

标签: c if-statement hex

我写了if语句,比较了两个hex值,但if表示!=的值==,即使它们是printf! 。我可以看到它们是相同的,因为我用uint64_t sys_call_table_offset = 0xc033e7f4; uint64_t sys_call_func_ptr; uint64_t syscall_func_ptr[15] = { 0xc0107c30,//0->2 0xc0152ea0,//1->3 0xc0152fe0,//2->4 0xc0152220,//3->5 0xc0107d40,//4->11 0xc0151750,//5->12 0xc0132300,//6->23 0xc012dae0,//7->24 0xc01303a0,//8->37 0xc0165230,//9->54 0xc02086d0,//10->102 0xc0107c80,//11->120 0xc0165cb0,//12->141 0xc0124e50,//13->167 0xc0165e70,//14->220 }; int sys_num[15]={2,3,4,5,11,12,23,24,37,54,102,120,141,167,220}; int i; for(i = 0 ; i<15 ; i++) { vmi_read_32_va(vmi,sys_call_table_offset + (sys_num[i] * 0x4) , 0, &sys_call_func_ptr); printf("sys_call_ptr = %x",sys_call_func_ptr); printf(" sys_call_ptr = %x i=%d \n",syscall_func_ptr[i],i); if(syscall_func_ptr[i]!= sys_call_func_ptr) printf("Detected hooked system call!\n"); } !!!

打印它们的值 
sys_call_ptr = c0107c30    sys_call_ptr = c0107c30    i=0 
Detected hooked system call!
sys_call_ptr = c0152ea0    sys_call_ptr = c0152ea0    i=1 
Detected hooked system call!
sys_call_ptr = c0152fe0    sys_call_ptr = c0152fe0    i=2 
Detected hooked system call!
sys_call_ptr = c0152220    sys_call_ptr = c0152220    i=3 
Detected hooked system call!
sys_call_ptr = c0107d40    sys_call_ptr = c0107d40    i=4 
Detected hooked system call!
sys_call_ptr = c0151750    sys_call_ptr = c0151750    i=5 
Detected hooked system call!
sys_call_ptr = c0135b20    sys_call_ptr = c0132300    i=6 
Detected hooked system call!
sys_call_ptr = c0135f30    sys_call_ptr = c012dae0    i=7 
Detected hooked system call!
sys_call_ptr = c01303a0    sys_call_ptr = c01303a0    i=8 
Detected hooked system call!
sys_call_ptr = c0165230    sys_call_ptr = c0165230    i=9 
Detected hooked system call!
sys_call_ptr = c0209580    sys_call_ptr = c02086d0    i=10 
Detected hooked system call!
sys_call_ptr = c0107c80    sys_call_ptr = c0107c80    i=11 
Detected hooked system call!
sys_call_ptr = c0165cb0    sys_call_ptr = c0165cb0    i=12 
Detected hooked system call!
sys_call_ptr = c0124e50    sys_call_ptr = c0124e50    i=13 
Detected hooked system call!
sys_call_ptr = c0165e70    sys_call_ptr = c0165e70    i=14 
Detected hooked system call!

这是printf的输出:

{{1}}

3 个答案:

答案 0 :(得分:2)

vmi_read_32_va期望指向uint32_t的指针作为最后一个参数,但是你给它一个指向uint64_t的指针,它是未初始化的,因此它只填充32位,其余的未定义的值(在大多数情况下不是0)。

您只打印4 LSB(%x),但比较64位数的全部8个字节。 如果您打印整个数字(%llx),您将看到差异。

答案 1 :(得分:2)

您需要"%lx"才能看到整个64位值吗? vmi_read_32_va填充传递的&sys_call_func_ptr的整个64位吗? 如果没有,那么你需要考虑32个垃圾位。

答案 2 :(得分:1)

如果使用inttypes.h中的类型(如uint64_t),则直接打印它们的方法是使用相同标题中定义的相应宏。

所以要打印uint64_t使用PRIX64

uint64_t ui64 = (uint64_t)0xffff*0x10000*0x10000;

...

printf("0x"PRIX64" 0x"PRIX64"\n", ui64, ui64);

会打印:

0xFFFF00000000 0xFFFF00000000

在32位机器上以及64位机器上。

根据您的代码,它看起来像这样:

printf("sys_call_ptr = "PRIX64, sys_call_func_ptr);
相关问题
最新问题