Collecting buffer calls in C

Question

Collecting buffer calls in C

Is it possible?

I want to place Intel assembly code in a char buffer and then execute that code from C program

If I put the assembly code in a buffer, can I include it in the function pointer and call this?

I am using GCC and linux

+2

c assembly buffer call

Jamie Oct 20 '09 at 2:59

source to share

6 answers

Michael Ekstrand · Answer 1 · 2009-10-20T03:09:54+0000

Do you want to execute Intel assembly code or machine code? If you want to execute machine code, then yes you can, provided that the memory page that holds the character buffer is not marked with NX (no execution).

If you are talking about assembler, then no, you will first need to run the code through assembler (on Un * x systems, standard is usually called as

; on Linux it should be the same as gas

), and then run the resulting machine code.

Robert Massaioli · Answer 2 · 2009-10-20T03:02:28+0000

Yes, you can. Infact is how a buffer overflow attack can work. Learn more about Google buffer overflow attacks. Breaking in a direct assembly will always work (as long as the assembly is correct).

Emil sit · Answer 3 · 2009-10-20T03:02:49+0000

Perhaps Google can help you write a buffer overflow exploit ?

0

Emil sit Oct 20 '09 at 3:02

source to share

Paul Hsieh · Answer 4 · 2009-10-20T03:35:11+0000

Maybe - syntax:

char buff[/* enough space */];
/* fill in buff with the right opcodes that conform to the Linux ABI */
((void (*)()) buff) ();

The problem is that modern x64s have a "W ^ X" or "NX bit" mode that prevents the above code from executing from data pointers. There is an API to solve this problem, but I'm not familiar with Linux; it seems like a little googling indicates that you are actually marking your .o files at link time to disable the NX bit. It seems like a bad idea to me (instead, you should be able to advance the executable data area at runtime, or allocate the writeable area from the executable memory region, but hey, that's just my opinion - maybe it really is difficult to do.)

Assuming you don't have NX bits or W ^ X problem, just do it above and get the ball.

Mark Bessey · Answer 5 · 2009-10-20T03:53:00+0000

This actually works as you'd expect, as long as you use the function pointer syntax correctly. Besides security, you can use this method to optimize performance.

I should know better than entering the code with my phone, but ...

unsigned char buffer[]={blah, blah, blah ...};
void (*p)() = (void (*))buffer;
p();

hirschhornsalz · Answer 6 · 2009-10-20T14:46:18+0000

If you want to do something like "pop% [register] push% [register]" as you write in your comment, yes, it is possible, but it is not easy.

You need to either write an assembler or insert an open source assembler into your application. You load your assembler with a char array, generate machine code (preferably PIC code so you can omit the reference and move) in another buffer, and execute the code in that buffer using a function pointer.

If you can ensure that the platform you run the code on has an "how" or "gas" you can get away with a quick and dirty hack to call the "how" with your bundled code and object code. of.

Collecting buffer calls in C

More articles: