Assembly Language for Beginners

(Jeff_L) #1
3.21. MORE ABOUT POINTERS

If the keyword static also appears within the [ and ] of the array type derivation, then
for each call to the function, the value of the corresponding actual argument shall provide
access to the first element of an array with at least as many elements as specified by the
size expression.

3.21.6 Pointer to function.


A function name in C/C++ without brackets, like “printf” is a pointer to function ofvoid (*)()type. Let’s
try to read function’s contents and patch it:

#include <memory.h>
#include <stdio.h>

void print_something ()
{
printf ("we are in %s()\n", __FUNCTION__);
};

int main()
{
print_something();
printf ("first 3 bytes: %x %x %x...\n",
*(unsigned char*)print_something,
*((unsigned char*)print_something+1),
*((unsigned char*)print_something+2));

*(unsigned char*)print_something=0xC3; // opecode of RET
printf ("going to call patched print_something():\n");
print_something();
printf ("it must exit at this point\n");

};

It tells, that the first 3 bytes of functions are55 89 e5. Indeed, these are opcodes ofPUSH EBPandMOV
EBP, ESPinstructions (these are x86 opcodes). But then our program crashes, becausetextsection is
readonly.

We can recompile our example and maketextsection writable^39 :

gcc --static -g -Wl,--omagic -o example example.c

That works!

we are in print_something()
first 3 bytes: 55 89 e5...
going to call patched print_something():
it must exit at this point

3.21.7 Pointer as object identificator.


Both assembly language and C has noOOPfeatures, but it’s possible to write a code inOOPstyle (just
treat structure as an object).

It’s interesting, that sometimes, pointer to an object (or its address) is called as ID (in sense of data
hiding/encapsulation).

For example, LoadLibrary(), according toMSDN^40 , returns “handle to the module”^41. Then you pass this
“handle” to other functions like GetProcAddress(). But in fact, LoadLibrary() returns pointer to DLL file
mapped into memory^42. You can read two bytes from the address LoadLibrary() returns, and that would
be “MZ” (first two bytes of any .EXE/.DLL file in Windows).


(^39) http://stackoverflow.com/questions/27581279/make-text-segment-writable-elf
(^40) Microsoft Developer Network
(^41) https://msdn.microsoft.com/ru-ru/library/windows/desktop/ms684175(v=vs.85).aspx
(^42) https://blogs.msdn.microsoft.com/oldnewthing/20041025-00/?p=37483

Free download pdf