C RSS C RSS

Running Machine Code from Memory

Reply

Join Date: Mar 2005
Posts: 464
Reputation: invisal is a jewel in the rough invisal is a jewel in the rough invisal is a jewel in the rough 
Solved Threads: 49
invisal's Avatar
invisal invisal is offline Offline
Posting Pro in Training

Running Machine Code from Memory

 
0
  #1
Aug 29th, 2009
Recently, I have wonder how to execute machine code instruction from memory in C/C++. I am aware of data execution protection. Anyway, I have this piece of code:

C Syntax (Toggle Plain Text) 
  1. int main()
  2. {
  3. 	// allocate 2 bytes for storing machine code
  4. 	char* mc_add = (char*)malloc(sizeof(char)*2);
  5. 	int reg_eax; // for storing register EAX
  6.  
  7. 	_asm mov eax, 0x10; // assign EAX = 16
  8. 	_asm mov ecx, 0x01; // assign ECX = 1
  9.  
  10. 	// ADD EAX, ECX  == 0x01C1
  11. 	*mc_add = 0x01;
  12. 	*(mc_add+1) = 0xC1;
  13.  
  14.         // *  I want to execute machine code instructuion from mc_add here *
  15.  
  16. 	_asm mov reg_eax, eax; // get register EAX
  17.  
  18. 	printf("Register EAX is%d", reg_eax); // print EAX
  19.  
  20. 	free(mc_add); // free machine code
  21.  
  22. 	return 0;
  23. }
Using: Microsoft Visual Studio 2008
Last edited by invisal; Aug 29th, 2009 at 7:17 am.
Yesterday is a history, tomorrow is a mystery, today is a gift.
Behind every smile is a tear.
Visal .In
Reply With Quote Quick reply to this message  
Join Date: Mar 2005
Posts: 464
Reputation: invisal is a jewel in the rough invisal is a jewel in the rough invisal is a jewel in the rough 
Solved Threads: 49
invisal's Avatar
invisal invisal is offline Offline
Posting Pro in Training

Re: Running Machine Code from Memory

 
0
  #2
Aug 30th, 2009
I have finally found the solution to my problem, so I am going to share it to anyone who interest the same thing as what I am

C Syntax (Toggle Plain Text) 
  1.  
  2. int main()
  3. {
  4. 	// allocate 8 bytes for storing machine code
  5. 	char *mc_mov = (char*)VirtualAlloc(0, 8, 0x1000, 0x40);
  6. 	int reg_eax; // for storing register EAX
  7.  
  8. 	*mc_mov = 0xC7; // MOV (Immediate 32 bit to 32-bit register)
  9. 	*(mc_mov+1) = 0xC0; // MOV to register EAX
  10. 	*(mc_mov+2) = 0x00; // Immediate 32 bit data = 0x00000000
  11. 	*(mc_mov+3) = 0x00;
  12. 	*(mc_mov+4) = 0x00;
  13. 	*(mc_mov+5) = 0x00;
  14. 	*(mc_mov+6) = 0xC2; // Return 16
  15. 	*(mc_mov+7) = 0x10; 
  16.  
  17. 	CallWindowProc((WNDPROC)mc_mov, 0, 0, 0, 0);
  18.  
  19. 	_asm mov reg_eax, eax; // get register EAX
  20.  
  21. 	printf("Register EAX is %d", reg_eax); // print EAX
  22.  
  23. 	VirtualFree((LPVOID)mc_mov, 8, 0x4000); // free machine code
  24.  
  25. 	return 0;
  26. }
Last edited by invisal; Aug 30th, 2009 at 12:39 am.
Yesterday is a history, tomorrow is a mystery, today is a gift.
Behind every smile is a tear.
Visal .In
Reply With Quote Quick reply to this message  
Join Date: Nov 2008
Posts: 951
Reputation: MosaicFuneral is just really nice MosaicFuneral is just really nice MosaicFuneral is just really nice MosaicFuneral is just really nice MosaicFuneral is just really nice 
Solved Threads: 92
MosaicFuneral's Avatar
MosaicFuneral MosaicFuneral is offline Offline
Posting Shark

Re: Running Machine Code from Memory

 
0
  #3
Aug 30th, 2009
Actually I have a simple library I wrote for executing machine code off an executable page.

The basis of it all for single page without a pointer(to arguments pushed on the stack) is simply:
  • typedef int (*fp)();
  • fp *code = new fp [original.size()];
  • memmove((void*)code, original.data(), original.size());
  • In a wrapper function, return ((fp)code)();
  • delete [] code;

Argument support is mind-numbingly easy.

I was working on an experimental metamophic engine, and assembler for it around the begining of summer, but sort of gave up when a bug with literals had me grinding my teeth.
Last edited by MosaicFuneral; Aug 30th, 2009 at 3:55 pm.
"Jedenfalls bin ich überzeugt, daß der Alte nicht würfelt."
"I became very sensitive to what will happen to all this and all of us." -Two geniuses named Albert
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the C Forum
Thread Tools Search this Thread



#include adobe api array arrays asterisks binarysearch calculate char cm copyanyfile copyimagefile copypdffile cprogramme creafecopyofanytypeoffileinc createcopyoffile csyntax database directory dynamic feet fflush fgets file fork forloop frequency getlasterror givemetehcodez global graphics gtkgcurlcompiling hacking hardware highest homework i/o include incrementoperators input interest kernel kilometer linked linkedlist linux linuxsegmentationfault list lists locate logical_drives loopinsideloop. match matrix meter microsoft motherboard mqqueue mysql number odf open opensource owf pattern pdf performance pointer posix probleminc process program programming pyramidusingturboccodes radix read recursion recv repetition research scanf scheduling scripting segmentationfault send sequential shape socket socketprograming stack standard string systemcall turboc unix user voidmain() wab win32api windows.h
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC