Results 1 to 9 of 9

Thread: C++ calculate size of method

  1. #1
    undefined
    Join Date
    Mar 2007
    Location
    Australia
    Posts
    27

    C++ calculate size of method

    hello,

    does anyone know if its possible to calculate the size of a method in c++ during runtime? i want to inject some of my c++ code into another application and from what i have read so far, i need to know the size of the method i want to inject. any ideas on this?

    thanks.
    -------
    nothing
    -------

  2. #2
    Subtract the ending address from the starting address?

  3. #3
    undefined
    Join Date
    Mar 2007
    Location
    Australia
    Posts
    27
    yeah thats what i thought would work, but how do i obtain a pointer to the start or end of a method? i played a bit with inline asm which works as long as the methods are aligned one after the other in the executable but i dont know how to do it in plain c++.
    -------
    nothing
    -------

  4. #4
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,143
    Blog Entries
    5
    Something like this maybe?
    It's possible certain compiler options might shift the location of InjectedCode_End, so you'd be screwed I guess. I seem to remember an issue with debug vs release mode as well, so you'd have to check.

    void __declspec( naked ) InjectedCode()
    {
    //
    }

    /***********************************************************

    InjectedCode_End

    A reference to calculate size of the above routine

    ***********************************************************/

    void InjectedCode_End()
    {

    }



    ULONG size = (unsigned char*)InjectedCode_End - (unsigned char*)InjectedCode;

  5. #5
    King of Redonda
    Join Date
    Jul 2006
    Posts
    109
    Blog Entries
    4
    I would recommend against doing this because whatever you come up with, it's going to be violation of standards. Function pointers simply cannot be casted. Let me quote C99:
    Quote Originally Posted by C99 section 6.3.2.3
    Even with an explicit cast, it is invalid to convert a function pointer to an object pointer or a pointer to void, or vice versa.
    So what you are doing is dependant on compiler quirks. If your compiler decides to rearrange your code, or treats the cast different than what you expected, your program will not work. Which leads me to the second point...

    Even if you manage to copy the raw bytes of the function, it is probably not offset independant and it contains references to other parts of your program. The former might be fixed by applying relocations to your bytes. The latter is pretty much out of your hands, because every compiler can do as it likes. Visual C++ usually calls the security cookie functions at the begin and the end of every function for instance.

    My conclusion is: if you want to inject code, use asm or inject a DLL.
    <[TN]FBMachine> i got kicked out of barnes and noble once for moving all the bibles into the fiction section

  6. #6
    _gd_
    Guest
    As Kayaker mentioned, using the address-of operator on functions presents a problem in msvc debug mode builds.
    All function references are indirected by a jump stub.

    I've recently been trying to hunt down the setting which controls this behaviour but I've had no luck.
    Even when copying the release compiler settings into the debug section the result was the same.
    So I strongly suspect that it's controlled by a linker setting.

    My workaround was to put the function in a seperate masm source file.
    Another option would be to hardcode markers into the function pro and epi-log.
    And then doing a binary search for those markers to determine the start and length of the function.
    Ie.:
    Code:
    struct args {
        void* ptr;
        void (__stdcall* pfn)(void*);
    };
    void __declspec(naked) __stdcall foo(void* bar) {
        // Start marker
        __asm __emit 0x11
        __asm __emit 0x11
        __asm __emit 0x11
        __asm __emit 0x11
    
        // Prolog code
        // This is required if you want to access arguments
        __asm push ebp
        __asm mov ebp, esp
    
        //
        // Your code goes here.
        // NOTE: You cannot use local variables since the compiler
        //  has not way of allocating space on the stack for them.
        //
        register args* pargs = reinterpret_cast<args*>(bar);
        if (args && args->pfn) {
            args->pfn(args->ptr);
        }
    
        // Epilog code
        __asm pop ebp
        // Pop the argument(s) on return
        __asm retn 4
    
        // End marker
        __asm __emit 0x22
        __asm __emit 0x22
        __asm __emit 0x22
        __asm __emit 0x22
    }
    Yet another possibility would be to detect the jump stubs and following them.
    Depending on what you need, dll-injection might also be an option.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  7. #7
    To get rid of jump stubs turn off incremental linking.

  8. #8
    if you are lucky, it might work _some time. but forget about.

    Looks like you don't know the real madness behind C++ code generation.
    Unless you write code in your method like "A=B+C;" (being them simple types!) your code will likely _not run.

    C++ compilers can create at _any time temporary objects, call out-of-order destructor's and many other little incubus amenities -not talking about hidden functions ('cookies' and the like).

    However, if you really wish to, you can add an asm meaningless sequence prepended by a 'ret' instruction. you can then scan forward at runtime and 'catch' your mark. It won't work if you declare any object type or if you use any object-class, as the compiler will likely generate hidden temporaries for you on many situations (you can avoid this, but that's out of post) which can be destroyed right after their usage -if u'r lucky- or at end of the function call -if you are unlucky.

    Leave it be such idea, imho.
    I want to know God's thoughts ...the rest are details.
    (A. Einstein)
    --------
    ..."a shellcode is a command you do at the linux shell"...

  9. #9
    <script>alert(0)</script> disavowed's Avatar
    Join Date
    Apr 2002
    Posts
    1,281
    See http://blogs.msdn.com/geffner/archive/2006/02/10/using-assembly-buffers-in-c-without-using-hex-strings.aspx

Similar Threads

  1. How to calculate angular distance between sectors?
    By DEEP CRACK in forum Advanced Reversing and Programming
    Replies: 4
    Last Post: April 2nd, 2014, 10:00
  2. [help]function size
    By roxaz in forum Advanced Reversing and Programming
    Replies: 28
    Last Post: November 14th, 2008, 01:56
  3. How does Ollydbg calculate 32bit values of segment
    By 1bitshort in forum OllyDbg Support Forums
    Replies: 1
    Last Post: January 6th, 2004, 02:28
  4. How to calculate which jump I want to use...
    By Six Black Roses in forum Malware Analysis and Unpacking Forum
    Replies: 2
    Last Post: March 12th, 2002, 19:28
  5. How do I calculate target in vbox?
    By dec in forum Advanced Reversing and Programming
    Replies: 2
    Last Post: May 28th, 2001, 20:52

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •