API tools faq
paste
Advertisement
atomen

My detour so far

atomen
May 5th, 2012
140
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 2.46 KB | None | 0 0
raw download clone embed print report
  1. // Header files
  2. #include <stdio.h>
  3. #include <sys/mman.h>
  4. #include <unistd.h>
  5. #include <udis86.h>
  6. #include "global.h" // Contains typedefines for byte, ulong, ushort etc...
  7. #include <cstring>
  8.  
  9. bool ProtectMemory(void * addr, int flags)
  10. {
  11.     // Constant holding the page size value
  12.     const size_t pageSize = sysconf(_SC_PAGE_SIZE);
  13.    
  14.     // Calculate relative page offset
  15.     size_t temp = (size_t) addr;
  16.     temp -= temp % pageSize;
  17.    
  18.     // Update address
  19.     addr = (void*) temp;
  20.    
  21.     // Update memory area protection
  22.     return !mprotect(addr, pageSize, flags);
  23. }
  24.  
  25. size_t SizeRequired(void * target, int len)
  26. {
  27.     // Temporary variable
  28.     size_t required = 0;
  29.    
  30.     ud_t disas;
  31.     ud_init(&disas);
  32.    
  33.     // Setup the disassembly buffer
  34.     ud_set_input_buffer(&disas, (byte*) target, 14/*20*/);
  35.     ud_set_mode(&disas, 32);
  36.    
  37.     // Loop until there is enough memory for a jump
  38.     while((required += ud_disassemble(&disas)) < len);
  39.    
  40.     // Return the amount
  41.     return required;
  42. }
  43.  
  44.  
  45. const byte jmpOp[] = { 0xE9, 0x00, 0x00, 0x00, 0x00 };
  46.  
  47. int Test(void)
  48. {
  49.     printf("This is testing\n");
  50.     return 5;
  51. }
  52.  
  53. int MyTest(void)
  54. {
  55.     printf("This is ******\n");
  56.     return 9;
  57. }
  58.  
  59. typedef int (*TestType)(void);
  60.  
  61. int main(int argc, char * argv[])
  62. {
  63.     // Fetch addresses
  64.     byte * test = (byte*) &Test;
  65.     byte * myTest = (byte*) &MyTest;
  66.    
  67.     // Call original
  68.     Test();
  69.    
  70.     size_t req = SizeRequired((void*) test, sizeof(jmpOp));
  71.    
  72.     // Update memory access for 'test' function
  73.     ProtectMemory((void*) test, PROT_EXEC | PROT_WRITE | PROT_READ);
  74.    
  75.     // Allocate memory for the trampoline
  76.     byte * trampoline = new byte[sizeof(jmpOp) + req];
  77.    
  78.     // Do copy operations
  79.     memcpy(trampoline, test, req);
  80.     memcpy(test, jmpOp, sizeof(jmpOp));
  81.    
  82.     // Setup trampoline
  83.     trampoline += req;
  84.     *trampoline = 0xE9;
  85.    
  86.     // I think this address is incorrect, how should I calculate it? With the current
  87.     // status (commented 'sizeof(jmpOp)') the compiler complains about "Illegal Instruction".
  88.     // If I uncomment it, and use either + or -, a segmentation fault will occur...
  89.     *(uint*)(trampoline + 1) = ((uint) test - (uint) trampoline) + sizeof(jmpOp) - req;
  90.     trampoline -= req;
  91.    
  92.     // Make the trampoline executable (and read/write)
  93.     ProtectMemory((void*) trampoline, PROT_EXEC | PROT_WRITE | PROT_READ);
  94.    
  95.     // Setup detour
  96.     *(uint*)(test + 1) = ((uint) myTest - (uint) test) - sizeof(jmpOp);
  97.    
  98.     // Call 'detoured' func
  99.     Test();
  100.    
  101.     // Call trampoline (crashes)
  102.     ((TestType) trampoline)();
  103.    
  104.     Test();
  105.     return 0;
  106. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!