Reverse-Engineering Memory Load Techniques?

Question

I am attempting to reverse engineer a game (with permission). I am using IDA Pro. The functions are sub_xxxxx, meaning that they are protected functions.

However, the strings that would be the names for the functions, when looking at the only cross-reference, are shown in the following manner:

__data:xxxxxxxx                 DCD aEcdh_compute_k     ; "ECDH_compute_key"
__data:xxxxxxxx                 DCB   0
__data:xxxxxxxx                 DCB 0x40
__data:xxxxxxxx                 DCB   12
__data:xxxxxxxx                 DCB 0x3B

Some of the numbers, including the DCBs are changed for the sake of safety (OCD)

I had attempted to use the 40 12 3B to use as an offset. However, the offset brings me to the middle of a random loc_xxxxx, along with the others.

My question to you is, how would I go about finding where the actual function is? Is the offset from the top of the .data segment? Or is it from the actual declaring string itself?

I do not expect or require a full answer; obviously this may not have been encountered in the past, and I may not have given enough information needed. (If you need more information, please ask, thanks). Basically, I am asking, "What should I try next?", trying to find the most likely answer. Thank you.

Answer 1

You're ignoring the processors endianity, which is usually little endian.

Hhitting D two times (once to convert data representation from single byte to word and another to convert it from word to dword) will convert the data to a dword for you. Alternatively, you could also hit O to directly convert data representation to an offset (which is of size dword on most architectures)

This is most likely to show you offset to address 0x003b1240, which is probably the address you were looking for.