My program runs on a 32bit Windows ,so the type of the address in the virtual memory space is
IMAGE_OPTIONAL_HEADER32* pOptionalHeader=(IMAGE_OPTIONAL_HEADER*)((BYTE*)g_hCurrentProcessBase+pDosHeader->e_lfanew+24); //variable g_hCurrentProcessBase is the base address of the image of the target process
Pointer arithmetic is different according to the type of the value it points to.
If you cast the pointer to
DWORD, adding 24 actually adds
24*sizeof(DWORD) to your address.
When casting to
BYTE, it just adds 24 to the address (
BYTE is 1 byte)
Note: If you really wanted your pointer as a
DWORD (not the case here):
If you want to skip 24 bytes, just add
24/sizeof(DWORD) to your
Since DWORD is of size 4 it works as you want (even if it was 2 or 8 it would work).
Or compute the pointer using
BYTE* cast, and then cast to