Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > C Programming > Read/copy/call a functions machine code?

Reply
Thread Tools

Read/copy/call a functions machine code?

 
 
MisterE
Guest
Posts: n/a
 
      02-18-2008
Is it possible to create a pointer to a function, and then get its size (the
actual size the function takes in machine code), such that you can copy the
function to another memory location. You could then modify it (I know it
would be modifing the machine code) and then call the modified function via
a function pointer?



 
Reply With Quote
 
 
 
 
Chris Dollin
Guest
Posts: n/a
 
      02-18-2008
MisterE wrote:

> Is it possible to create a pointer to a function, and then get its size (the
> actual size the function takes in machine code), such that you can copy the
> function to another memory location.


Not in remotely portable C, no.

Of course, if you're hacking machine code anyway, if your implementation
non-portable allows you to read the bytes of a function via a char* you
can "just" do a code disassembly and trace to find out the function's code.
Just remember the result will be about as portable as a duck-sized lump of
neutronium.

--
"Creation began." - James Blish, /A Clash of Cymbals/

Hewlett-Packard Limited registered office: Cain Road, Bracknell,
registered no: 690597 England Berks RG12 1HN

 
Reply With Quote
 
 
 
 
Guillaume Dargaud
Guest
Posts: n/a
 
      02-18-2008
There's also the fact that on some modern processors, you'd need (?) to copy
the code in a data segment, and this is non-executable. And the code segment
is non-writable, or should be, so you can't copy it back.
--
Guillaume Dargaud
http://www.gdargaud.net/


 
Reply With Quote
 
vippstar@gmail.com
Guest
Posts: n/a
 
      02-18-2008
On Feb 18, 12:12 pm, "MisterE" <(E-Mail Removed)> wrote:
> Is it possible to create a pointer to a function

Sure, T (*ptr)(T); declares ptr as a function pointer that takes T and
returns T.

> and then get its size (the actual size the function takes in machine code),

Nope, that cannot be done. There is not even machine code in a
function pointer, and a function pointer does not have to point to
actual memory in the implementation.

> such that you can copy the function to another memory location. You could then modify it (I know it

You can do that

int (*ptr)(int) = putchar;
T (*tmp)(T) = (T (*)(T))ptr; /* any type T is, this is guaranteed to
work, cast is not needed */
ptr = getchar;
ptr();
ptr = (int (*)(int))tmp; /* this is guaranteed to work too, cast not
needed */
ptr('\n');

What my code demonstrates here is that there is no 'void *' for
function pointers because you can store any function pointer to any
other function pointer and back.

> would be modifing the machine code) and then call the modified function via
> a function pointer?


ISO C does not define 'machine code'.
Why do you ask here? try it!
It doesn't seem to me you care about ISO C or portability, rather than
getting that 'hack' work.
 
Reply With Quote
 
Malcolm McLean
Guest
Posts: n/a
 
      02-18-2008
"MisterE" <(E-Mail Removed)> wrote in message news:
> Is it possible to create a pointer to a function, and then get its size
> (the actual size the function takes in machine code), such that you can
> copy the function to another memory location. You could then modify it (I
> know it would be modifing the machine code) and then call the modified
> function via a function pointer?
>

Yes and no.
If you cast the function pointer to an unsigned char *, then most compilers
will allow you to read the instructions until you hit upon a return
instruction, which will be the end of the function.
However it is not guaranteed, and most modern Oses frown on allowing code to
be modified on the fly. There are ways around this, of course, or the OS
itself wouldn't be able to load programs into memory.

--
Free games and programming goodies.
http://www.personal.leeds.ac.uk/~bgy1mm

 
Reply With Quote
 
Chris Dollin
Guest
Posts: n/a
 
      02-18-2008
Malcolm McLean wrote:

> "MisterE" <(E-Mail Removed)> wrote in message news:
>> Is it possible to create a pointer to a function, and then get its size
>> (the actual size the function takes in machine code), such that you can
>> copy the function to another memory location. You could then modify it (I
>> know it would be modifing the machine code) and then call the modified
>> function via a function pointer?
>>

> Yes and no.
> If you cast the function pointer to an unsigned char *, then most compilers
> will allow you to read the instructions until you hit upon a return
> instruction, which will be the end of the function.


Not necessarily.

(a) A function may have multiple return points -- there's no need for there
to be a single exit point in the code.

(b) The compiler is at liberty to put returns in front of the function
body, if that leads to more efficient code.

(c) A tail-optimised function may have no returns at all, just jumps to
other functions.

A Poul Anderson quote occurs to me, but I can't remember where it comes
from.

--
"Well begun is half done." - Proverb

Hewlett-Packard Limited Cain Road, Bracknell, registered no:
registered office: Berks RG12 1HN 690597 England

 
Reply With Quote
 
Walter Roberson
Guest
Posts: n/a
 
      02-18-2008
In article <(E-Mail Removed)>,
Malcolm McLean <(E-Mail Removed)> wrote:

>If you cast the function pointer to an unsigned char *, then most compilers
>will allow you to read the instructions until you hit upon a return
>instruction, which will be the end of the function.


Qui?? Many a function would have multiple return instructions.

On all of the machines that I have had experience with that allowed
the code to be examined under program control, there was no limit
such as "until a return instruction: reading was possible until
you ran off the end of the readable memory in that address block
(the exact end of which was not necessarily predicatable and might
not have anything to do with the location of return instructions.)

But then I've used processors that didn't -have- return
instructions, just branch instructions that took the destination
location from memory or a register.

Some systems might put a "guard page" (or guard segment) after the
end of a routine to catch overruns, but that's more common for
data segments than for instruction segments.
--
"The slogans of an inadequate criticism peddle ideas to fashion"
-- Walter Benjamin
 
Reply With Quote
 
Bartc
Guest
Posts: n/a
 
      02-18-2008

"Malcolm McLean" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> "MisterE" <(E-Mail Removed)> wrote in message news:
>> Is it possible to create a pointer to a function, and then get its size
>> (the actual size the function takes in machine code), such that you can
>> copy the function to another memory location. You could then modify it (I
>> know it would be modifing the machine code) and then call the modified
>> function via a function pointer?
>>

> Yes and no.
> If you cast the function pointer to an unsigned char *, then most
> compilers will allow you to read the instructions until you hit upon a
> return instruction, which will be the end of the function.


I take it you've never actually tried this?

--
Bart


 
Reply With Quote
 
Richard Tobin
Guest
Posts: n/a
 
      02-18-2008
In article <fpbnag$pt2$(E-Mail Removed)2p3.fr>,
Guillaume Dargaud <(E-Mail Removed) t> wrote:

>There's also the fact that on some modern processors, you'd need (?) to copy
>the code in a data segment, and this is non-executable.


Whether it's executable is typically controlled by the operating
system, and on systems that make data non-executable by default there
is bound to be some method for changing that.

For example, on unix the mmap() system call allows you to specify the
desired permissions for an allocated area of memory, and mprotect()
allows you to change it.

(In practice, on many systems even the stack is executable, which is
the commonest way to exploit buffer overflows.)

-- Richard
--
:wq
 
Reply With Quote
 
Malcolm McLean
Guest
Posts: n/a
 
      02-18-2008

"Bartc" <(E-Mail Removed)> wrote in message
news:7Deuj.9218$(E-Mail Removed). ..
>
> "Malcolm McLean" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> "MisterE" <(E-Mail Removed)> wrote in message news:
>>> Is it possible to create a pointer to a function, and then get its size
>>> (the actual size the function takes in machine code), such that you can
>>> copy the function to another memory location. You could then modify it
>>> (I know it would be modifing the machine code) and then call the
>>> modified function via a function pointer?
>>>

>> Yes and no.
>> If you cast the function pointer to an unsigned char *, then most
>> compilers will allow you to read the instructions until you hit upon a
>> return instruction, which will be the end of the function.

>
> I take it you've never actually tried this?
>

Here we go

int compstr(const void *e1, const void *e2)
{
const char * const *str1 = e1;
const char * const *str2 = e2;

return (int) strcmp(*str1, *str2);
}

int main(void)
{
int i;
unsigned char *fptr;

fptr = (unsigned char *) compstr;
for(i=0;i<10;i++)
printf("%d, ", fptr[i]);
printf("\n");
return 0;
}

I get the output 139, 68, 36, 8, 139, 76, 36, 4, 139, 16

It seems to me that it's reading the machine code of the function OK. What I
haven't done is tried to disassemble.

--
Free games and programming goodies.
http://www.personal.leeds.ac.uk/~bgy1mm

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Same directory structure on development machine and final machine.... UJ ASP .Net 2 02-20-2006 08:09 PM
Xp machine causes ME machine to get error 'unable to browse networ =?Utf-8?B?Sm9obg==?= Wireless Networking 1 12-01-2005 03:15 PM
Auto-attach to process '[1084] aspnet_wp.exe' on machine <Machine =?Utf-8?B?UmVzaG1hIFByYWJodQ==?= ASP .Net 0 01-21-2005 05:33 AM
please help me in distinguish redefining functions, overloading functions and overriding functions. Xiangliang Meng C++ 1 06-21-2004 03:11 AM



Advertisments