not sure if the title is correct but I believe problem is there. I

Question

0

Asked: May 27, 20262026-05-27T09:57:03+00:00 2026-05-27T09:57:03+00:00

not sure if the title is correct but I believe problem is there. I

0

not sure if the title is correct but I believe problem is there. I have this piece of code:

FILE_DIRECTORY_INFORMATION *Buffer;
Buffer = ExAllocatePoolWithTag (NonPagedPool, 4096, 'arK');
..<fill in data into the buffer>..
//Values here are: Buffer:0x81490000; NextEntryOffset:0x48
Buffer += Buffer->NextEntryOffset;
//Values here are: Buffer:0x81491440; NextEntryOffset:0x0

Problem is that instead of simple adding, the last code line performs multiplying. The new Buffer value should be (or at least I would wish it to be:) 81490048 but is 81491440 (81490000+48*48). Can anyone explain me why?

PS: I checked all the values using Windbg. Compiled using VS11, last code line is really translated into imul instruction.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-27T09:57:04+00:00

Editorial Team

2026-05-27T09:57:04+00:00Added an answer on May 27, 2026 at 9:57 am

That’s how pointer arithmetic works in C. Adding ‘X’ to a pointer actually means adding the size of the pointee X times to the starting memory location.

I think you can probably cast to a temporary char * and back, but I can’t think of a reason.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

not sure if the title is correct but I believe problem is there. I

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply