C ++和完全动态的功能 [英] C++ and FULLY dynamic functions
问题描述
我有弯路问题。少走弯路,大家都知道,只有5个字节的空间(即一个JMP电话和一个4字节地址)之间移动。正因为如此,不可能在一个类(方法),您不能提供'这个'指针'钩子'的功能,因为根本就没有足够的空间(<一个href=\"http://stackoverflow.com/questions/10436431/detouring-and-using-a-thiscall-as-a-hook-gcc-calling-convention\">here's这个问题更彻底解释)。所以我一直在集思广益整天的解决方案,现在我想你对该问题的看法,所以我不不知道,如果有可能还是不开始一天3-5个项目。
I have a problem with detours. Detours, as you all know, can only move among 5 bytes of space (i.e a 'jmp' call and a 4 byte address). Because of this it is impossible to have the 'hook' function in a class (a method), you cannot supply the 'this' pointer because there is simply not enough space (here's the problem more thoroughly explained). So I've been brainstorming all day for a solution, and now I want your thoughts on the subject so I don't begin a 3-5 day project without knowing if it would be possible or not.
我有3个进球开始,我想要的'钩子'的功能是类方法,我想整个的做法是面向对象(无静态函数或全局对象)和最差/最难的部分,是完全动态。这是我的(理论上)溶液;与组装可以在运行时修改功能(一个很好的例子是任何迂回的方法)。所以,因为我可以动态修改的功能,我不应该还能够动态地创建他们?例如;我分配内存,假设〜30字节(通过的malloc /新)。那岂不是可能只需更换对应于不同的装配商二进制数的所有字节(如0xE9是JMP),然后直接调用地址(因为它包含一个函数)?
I had 3 goals initially, I wanted the 'hook' functions to be class methods, I wanted the whole approach to be object-oriented (no static functions or global objects) and, the worst/hardest part, to be completely dynamic. This is my (in theory) solution; with assembly one can modify functions at runtime (a perfect example is any detouring method). So since I can modify functions dynamically, shouldn't I also be able to create them dynamically? For example; I allocate memory for, let's say ~30 bytes (through malloc/new). Wouldn't it be possible to just replace all bytes with binary numbers corresponding to different assembly operators (like 0xE9 is 'jmp') and then call the address directly (since it would contain a function)?
请注意:我知道事先的返回值,所有的参数,我想绕路的所有功能,而且由于我使用的GCC的thiscall约定是几乎等同于_cdecl有一个
NOTE: I know on beforehand the return value, and all the arguments to all functions that I want to detour, and since I'm using GCC, the thiscall convention is practically identical to the _cdecl one.
这就是我的想法/即将被执行;我创建了一个功能类。这个构造函数的参数的变参量(除了第一个参数,它描述了目标函数的返回值)。
So this is my thought/soon-to-be implementation; I create a 'Function' class. This constructor takes a variadic amount of arguments (except the first argument, which describes the return value of the target function).
每个参数是参数的钩子将收到一个描述(大小,以及它是否是一个指针或不)。因此,让我们说,我想创建一个函数类为int * RandomClass :: IntCheckNum(短ARG1); 。然后,我只想要做这样的:函数func(类型(4,真),类型(4,真),式(2,FALSE)); 。其中类型被定义为键入(UINT大小,布尔指针)。然后通过装配,我可以动态创建功能(注:这都将是使用_cdecl调用约定)。因为我可以计算参数和总规模数
Each argument is a description of the arguments the hook will receive (the size, and whether it is a pointer or not). So let's say I want to create a Function class for a int * RandomClass::IntCheckNum(short arg1);. Then I would just have to do like this:Function func(Type(4, true), Type(4, true), Type(2, false));. Where 'Type' is defined as Type(uint size, bool pointer). Then through assembly I could dynamically create the function (note: this would all be using _cdecl calling convention) since I can calculate the number of arguments and total size.
编辑:随着例如类型(4,真)是返回值(INT *),则scond 类型(4,真)是RandomClass this指针和键入(2,FALSE)描述了第一个参数(短ARG1)。
With the example, Type(4, true) is the return value (int*), the scondType(4, true) is the RandomClass 'this' pointer and Type(2, false) describes the first argument (short arg1).
通过此实现,我可以轻松拥有类方法作为回调,但它需要组装code的广泛量(这我也不尤其是在经历过)。
最后,唯一的非动态的东西将是我的回调类中的方法(这也需要pre和后回调)。
With this implementation I could easily have class methods as callbacks, but it would require an extensive amount of assembly code (which I'm not even especially experienced at). In the end, the only non-dynamic thing would be the methods in my callback class (which also would require pre and post callbacks).
所以我想知道;这可能吗?需要多少工作需要,而且我是大大超过我的头在这里?
So I wanted to know; is this possible? How much work would it require, and am I way over my head here?
编辑:对不起,如果我presented一切都有点模糊,但如果你想要的东西更全面地解释说,做询问
I'm sorry if I presented everything a bit fuzzy, but if there is something you want more thoroughly explained, do ask!
EDIT2:我也想知道,如果我能找到的十六进制值,所有装配运营商的地方?名单将有助于一吨!和/或如果可能的话以某种方式保存在asm(); code在内存地址(我很怀疑)。
I'd also like to know, if I can find the hex values for all assembly operators somewhere? A list would help a ton! And/or if it is possible to somehow 'save' the asm(""); code at a memory address (which I highly doubt).
推荐答案
在描述什么是通常被称为的thunk,而且是相当普遍实现。从历史上看,最常见的目的已经16位和32位code之间的映射(由autogenerating调用现有的16位(或相反)一个新的32位功能)。我相信,一些C ++编译器产生类似的功能,调整基类指针,在多重继承的子类的指针,也。
What you describe is usually called "thunking", and is quite commonly implemented. Historically, the most common purpose has been mapping between 16-bit and 32-bit code (by autogenerating a new 32-bit function that calls an existing 16-bit one or vice versa). I believe some C++ compilers generate similar functions to adjust base class pointers to subclass pointers in multiple inheritance, also.
这当然似乎是一个可行的解决您的问题,我不预见到任何大的问题。只要确保你分配在你的操作系统所需的任何标志的内存,以确保内存的可执行文件(最现代的操作系统给出了默认非可执行内存)。
It certainly seems like a viable solution to your problem, and I don't foresee any huge issues. Just make sure you allocate the memory with any flags needed in your operating system to make sure the memory is executable (most modern OSs give out non-executable memory by default).
您可能会发现此链接有用的,特别是如果在Win32中工作:的http://www.$c$cproject.com/Articles/16785/Thunking-in-Win32-Simplifying-Callbacks-to-Non-sta
You may find this link helpful, particularly if working in Win32: http://www.codeproject.com/Articles/16785/Thunking-in-Win32-Simplifying-Callbacks-to-Non-sta
对于寻找组装业务的十六进制值,我所知道的最好的参考是附录的NASM汇编手册(我不只是说,因为我帮着写)。有可用的副本,在这里: http://www.posix.nl/linuxassembly/nasmdochtml/nasmdoca html的
Regarding finding the hex values of assembly operations, the best reference I know of is the Appendix to the manual of the NASM assembler (and I don't just say that because I helped write it). There's a copy available here: http://www.posix.nl/linuxassembly/nasmdochtml/nasmdoca.html
这篇关于C ++和完全动态的功能的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
