ASM and C++

[Rebornxeno]

K guys, I've been googlin for a bit now and I think it's time to ask you guys. I am stoned again so sorry if this is something simple and I'm overthinking it. I'm injecting a DLL into a program to execute a function inside a different DLL by its memory location. I get the base address of the DLL, with the function I'm going to use, as I load my DLL, and add the function address to that to get the address in memory where the function is. In my DLL I need to call that function somehow, and msdn proved no help in finding a way to define that function by memory location, so I'm thinking of using __asm__("call addressinmemoryfunctionlies").

My problem is that I don't know how to define something in my c++ program that asm will understand, like a reference to a pointer holding the location where the function lies. How do I do this? Or is there a better way to go about this?

[qpHalcy0n]

The Win32 function "GetProcAddress" will retrieve you a pointer to the function.

Its return type is FARPROC which is defined thusly: typedef int (FAR WINAPI *FARPROC)();

This is really just a pointer to some function, so you can cast this to void* if you like and you mind your pointer sizes if that is an issue for you. If you're using inline assembly, pointers can be passed from functions directly to the assembly code you're using. You will want to consult the Intel x86 reference on how to "call" or invoke procedures. There are many many nuances there.

Also, smoking weed while trying to learn or be productive will do you no favors.

[Falco Girgis]

Also, smoking weed while trying to learn or be productive will do you no favors.

Seriously... of every substance ever, weed is the least likely to aide your productivity.

...and you could totally just do some reesty C-style void pointer to function pointer type-casting to invoke a function if you knew the memory address of it. That's what a function pointer is, there's no need for assembly.

I honestly can't tell whether you HAVE a pointer to a function within the DLL or whether you are trying to FIND a pointer to a function within the DLL. If it's the latter, qp answered your question.

[Rebornxeno]

Well I don't know the functions name, I just know where its stored and want to call it.

GetProcAddress:
Syntax

FARPROC WINAPI GetProcAddress(
__in HMODULE hModule,
__in LPCSTR lpProcName
);
If this returns an address to a function based on its name, then this is not what I'm looking for. I have a pointer to the address in memory where the function is.

Using call:
These instructions implement a subroutine call and return. The call instruction first pushes the current code location onto the hardware supported stack in memory (see the push instruction for details), and then performs an unconditional jump to the code location indicated by the label operand. Unlike the simple jump instructions, the call instruction saves the location to return to when the subroutine completes.

The ret instruction implements a subroutine return mechanism. This instruction first pops a code location off the hardware supported in-memory stack (see the pop instruction for details). It then performs an unconditional jump to the retrieved code location.

Syntax
call <label>
ret

When using "call pointer" I'm getting an error in my build. Undefined reference to "pointer". But, pointer holds the location of the function. How do I define pointer so that asm can use it? Does this have to be done inside a function of my DLL or can it be done upon injection?

[Falco Girgis]

Do you have a pointer as an offset in a DLL or an actual absolute memory location?

And why are you looking at assembly? Seriously, if you really do have a POINTER TO A FUNCTION, it's a simple function pointer. Cast that bitch. You're just high, and you just want to dabble in assembly. Fine, go for it.

Show us the actual assembly. You are trying to pass the "ptr" variable from C++ into assembly?

[Rebornxeno]

Of every substance I've tried, weed helps me see things differently to get past obstacles in ways I don't normally think of, and has the least drawbacks IMO.
Your right I really wanna learn assembly and I've been dabbling all over places and seeing what does what :P Kinda like learning a new language but I don't know shit to compare it against.

Code: Select all

case DLL_PROCESS_ATTACH:
            DWORD base;
            base = (DWORD)GetModuleHandle("somedll.dll");
            long unsigned int *p;
            *p = base+0x15D50;
            __asm__ volatile ("call p");
            break;

I guess my problem might be that I don't know how to use the pointer then? How do I get the code to call the function without assembly? And please tell me what I'm doing wrong if you see anything I gotta learn this stuff :P

[qpHalcy0n]

How do you call it without assembly?


1) Define function signature (we'll just call it a void func w/ no params):

Code: Select all

  typedef void (__stdcall *myFuncName)(void)      funcPtrName; 

2) Obtain address:

Code: Select all

 (void (__stdcall *myFuncName)(void))GetProcAddress(myDllModule, "myFuncName"); 

3) Invoke function:
myFuncName();


If you are dead set on doing this in assembly, then you NEED to get the actual Intel reference which enumerates to over 7000pgs. But you can just search through the reference for "call".

[Rebornxeno]

How do I go about doing that but changing step 2 from GetProcAddress() to using a pointer I already have?
-Reading up on function pointers, I think this is the information I've needed.

-edit

Okay a few minutes of reading and this is what I've got compiled with no errors.

Code: Select all

void DLL_EXPORT SomeFunction()
{

    MessageBoxA(0, "inside", "DLL Message", MB_OK | MB_ICONINFORMATION);
    typedef void (__stdcall *function)(void);
            DWORD base;
            base = (DWORD)GetModuleHandle("somedll.dll");
            long unsigned int *p = NULL;
            int (*pt2Func)(void) = NULL;
            *p = base+0x15D50;
            pt2Func = (int (*)())*p;
            pt2Func();

}

Going to test this after I smoke anotha bowl. ALL DAY ERRE DAY. Does the code look right?
Tested. Program crashed so I'm gonna say this was a success.

[Rapid Cube]

How do I go about doing that but changing step 2 from GetProcAddress() to using a pointer I already have?
-Reading up on function pointers, I think this is the information I've needed.

-edit

Okay a few minutes of reading and this is what I've got compiled with no errors.

Code: Select all

void DLL_EXPORT SomeFunction()
{

    MessageBoxA(0, "inside", "DLL Message", MB_OK | MB_ICONINFORMATION);
    typedef void (__stdcall *function)(void);
            DWORD base;
            base = (DWORD)GetModuleHandle("somedll.dll");
            long unsigned int *p = NULL;
            int (*pt2Func)(void) = NULL;
            *p = base+0x15D50;
            pt2Func = (int (*)())*p;
            pt2Func();

}

Going to test this after I smoke anotha bowl. ALL DAY ERRE DAY. Does the code look right?
Tested. Program crashed so I'm gonna say this was a success.

its crashing because you're dereferencing a null pointer.

[Rebornxeno]

Yeah whatever that means. :P All jokes aside thanks for all your help guys. As long as I understand the concept I'm sure I can fix anything that might appear. <3

[Falco Girgis]

The problem with your inline assembly call was that you were not passing the actual pointer to the scope of the assembler... You have a symbol table that exists in the compiler, then nothing in the assember's context.

You should look into extended inline assembly for GCC/whatever-your-compiler-is to see how to properly pass variables in inline assembly. It's easier when the assembly isn't inline, because you follow the x86's function-calling convention and invoke the assembly routine as though it were a C function (passing the pointer as an argument)...

But yeah, you're better off doing it with the C approach. I can guarantee you that your inline assembly would have even been slower (and uglier).