2

Hello fellow programmers :) I have a problem with the function call in the middle of the other functions that were previously copied. I'm not sure if my problem is understandable, so I've included the code and comments.

void DeleteP2(int num){
    printf("NUM: %d\n",num);
    asm("leave");//I don't want to return to Delete(), but to main()
}

void Delete(){
    int num = 50;
    DeleteP2(num);      //<==It's crashing
    printf("ERROR\n");  //<==If I comment DeleteP2(num), this one is crashing too
}
/*           Assembly code of Delete();
   0x00401521 <+0>: push   ebp
   0x00401522 <+1>: mov    ebp,esp
   0x00401524 <+3>: sub    esp,0x28
   0x00401527 <+6>: mov    DWORD PTR [ebp-0xc],0x32
   0x0040152e <+13>:    mov    eax,DWORD PTR [ebp-0xc]
   0x00401531 <+16>:    mov    DWORD PTR [esp],eax
   0x00401534 <+19>:    call   0x401500 <DeleteP2>
   0x00401539 <+24>:    mov    DWORD PTR [esp],0x404009
   0x00401540 <+31>:    call   0x4026e0 <puts>
   0x00401545 <+36>:    leave  
   0x00401546 <+37>:    ret
*/

typedef void (*DelFunc)(void);

DelFunc Create(){//Make a copy of Delete() function
    unsigned char *code = VirtualAlloc(NULL,38,MEM_COMMIT|MEM_RESERVE,PAGE_EXECUTE_READWRITE);
    unsigned char *func = (unsigned char*)Delete;
    for(int i=0;i<38;++i)code[i]=func[i];
    return (DelFunc)code;
}

int main(int argc, char *argv[]) {
    DelFunc f = Create();

    Delete();//<== That one is not crashing
    f();//<<== Stack trace error

    VirtualFree(f,0,MEM_RELEASE);
    return 0;
}

Could this be a problem with offsets? I mean that f() may need different addresses for the functions, than Delete() But I am not sure if thats the case. I would be happy from short explanation and maybe article where I would be able to learn how it works.

Improve this question
3
  • 3
    It might help if you could explain what the problem is, and where it is occurring... Commented Dec 17, 2015 at 22:15
  • If you dump the memory for the function Delete() (not a disassembly, just a memory dump), do you see 0x4026e0 around location 401534, or do you see an offset to it instead? Based on stackoverflow.com/questions/9438544/… I think it's an offset, which is no longer valid with your relocated copy of the function. I think this question is effectively a duplicate of the one I linked. Commented Dec 17, 2015 at 22:23
  • I did something like that: void (*Point)(int) = DeleteP2; void Delete(){ int num = 50; Point(num); printf("ERROR\n"); } And it works now. Commented Dec 18, 2015 at 13:10

2 Answers 2

Reset to default
1

Copying the bytes of a function to a different location and attempting to call it will not work unless the compiler generated position independent code - not all compilers for all targets can do that, or may not do it by default.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

When I call function f() i work great, for example if I make function like this one: int Delete(){return 10;} and then copy it and run it will give me 10 like any other function, the thing is that I cannot call any other function from this one
0

Well the problem was with the offsets. mah's comment directed me a bit and now I know what to do.

void DeleteP2(int num){
    printf("NUM: %d\n",num);
    asm("leave");//I don't want to return to Delete(), but to main()
}
void (*Delete2)(int);//Get location of DeleteP2
void Delete(){
    int num = 50;
    Delete2(num); //I don't want generated offset but a exact location.
}

It works great now. Thanks mah Ps I don't need position independed code generator, this trick is all I need :D

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.