从C调用的putchar地址++ [英] Calling putchar address from C++
问题描述
在一个 previous问题,我问是不是可以写和在内存中执行汇编指令。我得到了一些漂亮的答卷,有点更多的研究后,我想通了,如何做到这一点。现在,我可以做到这一点,我有麻烦搞清楚什么写内存(以及如何正确地做到这一点)。我知道有些装配和助记符如何转化到OP codeS,但我无法弄清楚如何使用op codeS正确。
下面是我在试图让工作的例子:
无效(*测试)()= NULL; //创建函数指针,初始化为NULL
无效* hold_address = VirtualAlloc的(NULL,5 * 1024,MEM_COMMIT,PAGE_EXECUTE_READWRITE); //分配内存,使可读/写/可执行
unsigned char型asm_commands [] = {将0x55,0x89上,为0xE5,0X83,0xEC,为0x18,0xC7,0x04的0X24,×41,0xE8,0X1E,0xB3,为0x01,0x00时,0xC9,0xC3}; //创建装配命令,十六进制值的数组
的memcpy(hold_address,asm_commands,sizeof的(asm_commands)[0] * 10); //数组复制到保留内存
测试=(无效(*)())hold_address; //设置函数指针,开始分配的内存
测试(); //调用函数
只要将0xC3到asm_commands阵列作品(和函数只是返回),但是这是无聊。我在那里,现在该系列运算codeS(和地址)都应该打印出来的字符A(资本)。我得到了运codeS和地址从调试一个简单的程序,调用printf(A),并找到在内存中调用。眼下,程序返回0xC00000096错误,特权命令。我认为该错误试图调用的putchar直接处理系统,这系统不一样造成的。我也觉得我可以给我的程序Ring 0的访问绕过这一点,但我几乎不知道还有什么比很多潜在的问题,这就需要其他的。
那么,有没有办法要么调用printf()函数(组装运算codeS),而不需要更高的权限?
我使用的是Windows 7中,64位,code :: Blocks的10.05(GNU GCC编译)。
这里的调试printf()的调用(在OllyDebug)的截图:
unsigned char型asm_commands [] = {将0x55,0x89E5 ...
哇,挂,停在那儿。 0x89E5 不是一个 unsigned char型的有效值,和你的编译器可能应该抱怨这个。 (如果没有,请检查您的设置;你可能已经禁用了一些非常重要的警告)
您需要在此初始化了分割你的code为单个字节,例如
将0x55 {,0x89上,为0xE5,...
In a previous question, I asked if it was possible to write and execute assembly commands in memory. I got some nice responses, and after a bit more research, I figured out how to do it. Now that I can do it, I am having trouble figuring out what to write to memory (and how to do it correctly). I know some assembly and how the mnemonics translate to opcodes, but I can't figure out how to use the opcodes correctly.
Here's an example I'm trying to get working:
void(*test)() = NULL; //create function pointer, initialize to NULL
void* hold_address = VirtualAlloc(NULL, 5*1024, MEM_COMMIT, PAGE_EXECUTE_READWRITE); //allocate memory, make writable/ readable/ executable
unsigned char asm_commands[] = {0x55, 0x89, 0xE5, 0x83, 0xEC, 0x18, 0xC7, 0x04, 0x24, 0x41, 0xE8, 0x1E, 0xB3, 0x01, 0x00, 0xC9, 0xC3}; //create array of assembly commands, hex values
memcpy(hold_address, asm_commands, sizeof(asm_commands)[0]*10); //copy the array into the reserved memory
test = (void(*)())hold_address; //set the function pointer to start of the allocated memory
test(); //call the function
Just placing 0xC3 into the asm_commands array works (and the function just returns), but that's boring. The series of opcodes (and addresses) I have in there right now are supposed to print out the character "A" (capital a). I got the opcodes and addresses from debugging a simple program that calls printf("A") and finding the call in memory. Right now, the program returns a 0xC00000096 error, "privileged command". I think the error stems from trying to call the system putchar address directly, which the system doesn't like. I also think I can bypass that by giving my program Ring 0 access, but I hardly know what that entails other than a lot of potential problems.
So is there any way to either call the printf() function (in assembly opcodes) without needing higher privileges?
I'm using Windows 7, 64-bit, Code::Blocks 10.05 (GNU GCC Compiler).
Here's a screenshot of the debugged printf() call (in OllyDebug):
unsigned char asm_commands[] = {0x55, 0x89E5…
Whoa, hang on, stop right there. 0x89E5 isn't a valid value for an unsigned char, and your compiler should probably be complaining about this. (If not, check your settings; you've probably disabled some very important warnings.)
You'll need to split your code in this initializer up into individual bytes, e.g.
{0x55, 0x89, 0xE5, …
这篇关于从C调用的putchar地址++的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
