读书人
栏目

日前写的一些好玩的code小片段与君共

发布时间: 2014-01-22 14:50:12 作者: rapoo

最近写的一些好玩的code小片段,与君共享


#include <stdlib.h>
#include <stdio.h>
#include <sys/mman.h>
#include <string.h>

#define PAGESIZE 4096

int main(int argc, char *argv[])
{
    void *p1 = &&L1;
    unsigned char *buf = calloc(sizeof(unsigned char),30);
    void *aligned_addr = (char*)(((unsigned long)buf) & ~(PAGESIZE - 1));
    int errno = mprotect(aligned_addr, PAGESIZE, PROT_WRITE | PROT_READ | PROT_EXEC);
    if(errno != 0) {
        printf("error %d:%s\n",errno,strerror(errno));
        return errno;
    }

    unsigned int offset = (unsigned int)((unsigned long)p1 - (unsigned long)buf - 5);

    buf[0] = '\xe9';
    buf[1] = (unsigned char)(offset & 0xFF);
    buf[2] = (unsigned char)(offset >> 8 & 0xFF);
    buf[3] = (unsigned char)(offset >> 16 & 0xFF);
    buf[4] = (unsigned char)(offset >> 24 & 0xFF);

    asm volatile(
            "jmp *%0\n\t"
            :
            :"r"((void *)buf)
            );
    goto L1;
    return 0;
L1:
    printf("hit L1,congratulation!\n");
    return 0;
}



[解决办法]
对学习编程者的忠告:
眼过千遍不如手过一遍!
书看千行不如手敲一行!
手敲千行不如单步一行!
单步源代码千行不如单步对应汇编一行!

[解决办法]
http://ibiblio.org/gferg/ldp/GCC-Inline-Assembly-HOWTO.html#s5
[解决办法]
goto那么老远,只是为了执行一个goto,回来继续goto,楼主newB。

另外,我只是来接分的。
[解决办法]
无聊的过来把它改成windows版本的
#include <stdlib.h>
#include <stdio.h>
#include <windows.h>
#include <string.h>

#define PAGESIZE 4096

int main(int argc, char *argv[])
{
    void *p1;
    DWORD OldProtect;
    unsigned char *buf = (unsigned char*)calloc(sizeof(unsigned char), 30);
    void *aligned_addr = (char*)(((unsigned long)buf) & ~(PAGESIZE - 1));
    int errno = VirtualProtect(aligned_addr, PAGESIZE, PAGE_EXECUTE_READWRITE, &OldProtect);
    if(errno != TRUE) {
        printf("error %d:%s\n",errno,strerror(errno));
        return errno;
    }
    
    __asm 
    {
        lea eax, L1
        mov p1, eax
    }
    unsigned int offset = (unsigned int)((unsigned long)p1 - (unsigned long)buf - 5);
    
    buf[0] = '\xe9';
    buf[1] = (unsigned char)(offset & 0xFF);
    buf[2] = (unsigned char)(offset >> 8 & 0xFF);
    buf[3] = (unsigned char)(offset >> 16 & 0xFF);
    buf[4] = (unsigned char)(offset >> 24 & 0xFF);
    
    __asm 
    {
        mov eax,buf
        jmp eax 
 
    }
    return 0;

L1:
    printf("hit L1,congratulation!\n");
    return 0;
}

[解决办法]
如果发现楼上代码编译不通过,那修改 errno 变量名即可,在vs08中发现 errno 变量是编译器内置的,无法使用。
lz这是要做 inline hook 的节奏吗?
[解决办法]
受教了~
我觉得最后一步太可怕
[解决办法]
即使用-O0也没用。再次表示GCC水深啊,谨慎!
[解决办法]
应该是hot hook的节奏
读书人网 >C++

热点推荐

触屏版 | 电脑版

读书人网 m.reader8.net