复制内存中的函数并执行它
我想知道在C中如何将函数的内容复制到内存中并执行它?
我正在尝试做这样的事情:
typedef void(*FUN)(int *);
char * myNewFunc;
char *allocExecutablePages (int pages)
{
template = (char *) valloc (getpagesize () * pages);
if (mprotect (template, getpagesize (),
PROT_READ|PROT_EXEC|PROT_WRITE) == -1) {
perror ("mprotect");
}
}
void f1 (int *v) {
*v = 10;
}
// allocate enough spcae but how much ??
myNewFunc = allocExecutablePages(...)
/* Copy f1 somewere else
* (how? assume that i know the size of f1 having done a (nm -S foo.o))
*/
((FUN)template)(&val);
printf("%i",val);
谢谢您的回答
I would like to know how in C in can copy the content of a function into memory and the execute it?
I'm trying to do something like this:
typedef void(*FUN)(int *);
char * myNewFunc;
char *allocExecutablePages (int pages)
{
template = (char *) valloc (getpagesize () * pages);
if (mprotect (template, getpagesize (),
PROT_READ|PROT_EXEC|PROT_WRITE) == -1) {
perror ("mprotect");
}
}
void f1 (int *v) {
*v = 10;
}
// allocate enough spcae but how much ??
myNewFunc = allocExecutablePages(...)
/* Copy f1 somewere else
* (how? assume that i know the size of f1 having done a (nm -S foo.o))
*/
((FUN)template)(&val);
printf("%i",val);
Thanks for your answers
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
您似乎已经弄清楚了有关保护标志的部分。如果您知道函数的大小,现在您可以执行 memcpy() 并将 f1 的地址作为源地址传递。
一个重要的警告是,在许多平台上,您将无法从正在复制的函数(f1)中调用任何其他函数,因为相对地址被硬编码到函数的二进制代码中,并将其移动到不同的函数中。将其放置在内存中可能会使这些相对地址变坏。
You seem to have figured out the part about protection flags. If you know the size of the function, now you can just do memcpy() and pass the address of f1 as the source address.
One big caveat is that, on many platforms, you will not be able to call any other functions from the one you're copying (f1), because relative addresses are hardcoded into the binary code of the function, and moving it into a different location it the memory can make those relative addresses turn bad.
这是因为 function1 和 function2 在内存中的大小完全相同。
我们的 memcopy 需要 function2 的长度,所以应该做的是:
int diff = (&main - &function2);
您会注意到,您可以根据自己的喜好编辑函数 2,并且它一直工作得很好!
顺便说一句,巧妙的技巧。不幸的是,g++编译器确实吐出了从void *到int的无效转换...但实际上使用gcc它可以完美编译;)
修改源:
输出:
另一个需要注意的是调用printf将出现段错误,因为由于相对地址,printf很可能找不到出问题了...
This happens to work because function1 and function2 are exactly the same size in memory.
We need the length of function2 for our memcopy so what should be done is:
int diff = (&main - &function2);
You'll notice you can edit function 2 to your liking and it keeps working just fine!
Btw neat trick. Unfurtunate the g++ compiler does spit out invalid conversion from void* to int... But indeed with gcc it compiles perfectly ;)
Modified sources:
Output:
Another to note is calling printf will segfault because printf is most likely not found due to relative address going wrong...
Hacky 解决方案和简单的概念证明对我有用(并且在 Mac OS X/GCC 4.2.1 上编译时没有警告):
Hacky solution and simple proof of concept that works for me (and compiles without warning on Mac OS X/GCC 4.2.1):
我在C语言中多次尝试过这个问题,得出的结论是仅使用C语言无法完成该问题。我的主要烦恼是找到要复制的函数的长度。
标准C语言没有提供任何获取函数长度的方法。然而,可以使用汇编语言和“节”来找到长度。一旦找到长度,复制和执行就很容易了。
最简单的解决方案是创建或定义包含该函数的链接器段。编写一个汇编语言模块来计算并公开声明该段的长度。使用该常数来确定函数的大小。
还有其他涉及设置链接器的方法,例如预定义区域或固定位置并复制这些位置。
在嵌入式系统领域,大多数将可执行内容复制到 RAM 的代码都是用汇编语言编写的。
I have tried this issue many times in C and came to the conclusion that it cannot be accomplished using only the C language. My main thorn was finding the length of the function to copy.
The Standard C language does not provide any methods to obtain the length of a function. However, one can use assembly language and "sections" to find the length. Once the length is found, copying and executing is easy.
The easiest solution is to create or define a linker segment that contains the function. Write an assembly language module to calculate and publicly declare the length of this segment. Use this constant for the size of the function.
There are other methods that involve setting up the linker, such as predefined areas or fixed locations and copying those locations.
In embedded systems land, most of the code that copies executable stuff into RAM is written in assembly.
这可能是一个黑客解决方案。您可以在函数(要复制的)之后直接创建一个虚拟变量或函数,获取该虚拟变量/函数的地址,然后使用该函数地址使用地址进行求和排序算术以获得函数大小吗?这可能是可能的,因为内存是线性且有序(而不是随机)分配的。这也将使函数复制保持在 ANSI C 可移植性质内,而不是深入研究系统特定的汇编代码。我发现C相当灵活,只需要把事情想清楚就可以了。
This might be a hack solution here. Could you make a dummy variable or function directly after the function (to be copied), obtain that dummy variable's/function's address and then take the functions address to do sum sort of arithmetic using addresses to obtain the function size? This might be possible since memory is allocated linearly and orderly (rather than randomly). This would also keep function copying within a ANSI C portable nature rather than delving into system specific assembly code. I find C to be rather flexible, one just needs to think things out.