Thread: a more advanced technique

  1. 07-29-2008 #1
    Yarin
    Yarin is offline
    Unregistered User Yarin's Avatar
    Join Date
    Jul 2007
    Posts
    2,158

    a more advanced technique

    Okay, this may sound like a more advanced technique (if it isn't, then I guess I'm really still a newbie. ). But I'm trying to copy a function from one program to another, not an address or anything, the whole function, assembly and all.

    I am getting the function's base address with &MyFunction, but does this really work?
    I tried to get the size by subtracting that from the address of a variable I placed directly after it, but I quickly realized that doesn't work. When I place another right before the function I see that the functions and variables aren't even stored in the same location in memory.

    So... How do I get the starting point in memory of the function? And how do I get the function size?
  2. 07-29-2008 #2
    robwhit
    robwhit is offline
    Registered User
    Join Date
    Oct 2001
    Posts
    2,129
    implementation-specific.
  3. 07-29-2008 #3
    Yarin
    Yarin is offline
    Unregistered User Yarin's Avatar
    Join Date
    Jul 2007
    Posts
    2,158
    I want to execute a function in one program in another, after the original function's program has ended.
  4. 07-29-2008 #4
    robwhit
    robwhit is offline
    Registered User
    Join Date
    Oct 2001
    Posts
    2,129
    Oh. Well just use a lib then and system or something.
  5. 07-29-2008 #5
    medievalelks
    medievalelks is offline
    Registered User
    Join Date
    Apr 2008
    Posts
    890
    Quote Originally Posted by Yarin View Post
    I want to execute a function in one program in another, after the original function's program has ended.
    Export that function to a library, either static or dynamic, and have both programs link with it.
  6. 07-29-2008 #6
    Yarin
    Yarin is offline
    Unregistered User Yarin's Avatar
    Join Date
    Jul 2007
    Posts
    2,158
    No, the whole idea of this, is that once the function is done executing, there are no traces left that it ever existed.
  7. 07-29-2008 #7
    Yarin
    Yarin is offline
    Unregistered User Yarin's Avatar
    Join Date
    Jul 2007
    Posts
    2,158
    I'm using VirtualAllocEx and WriteProcessMemory, and using CreateRemoteThread to execute the new function I've copied over.
    But when I do that, the computer instantly crashes. I'm guessing this is because the data that I copied over is not the right size or isn't the function at all. How do I accomplish this?
  8. 07-29-2008 #8
    robwhit
    robwhit is offline
    Registered User
    Join Date
    Oct 2001
    Posts
    2,129
    What is the purpose of doing this?
  9. 07-29-2008 #9
    Yarin
    Yarin is offline
    Unregistered User Yarin's Avatar
    Join Date
    Jul 2007
    Posts
    2,158
    Self delete without possible restoration of the deleting agent(s).
  10. 07-29-2008 #10
    King Mir
    King Mir is offline
    Registered User
    Join Date
    Apr 2006
    Posts
    2,149
    Quote Originally Posted by Yarin View Post
    No, the whole idea of this, is that once the function is done executing, there are no traces left that it ever existed.
    Doesn't that make it trivially impossible, since to execute the same function there must necessarily be a trace left to execute?
    It is too clear and so it is hard to see.
    A dunce once searched for fire with a lighted lantern.
    Had he known what fire was,
    He could have cooked his rice much sooner.
  11. 07-29-2008 #11
    Yarin
    Yarin is offline
    Unregistered User Yarin's Avatar
    Join Date
    Jul 2007
    Posts
    2,158
    Yes and no... Look, I have an idea on how to cover my footstep covering footsteps; to the point that it becomes innoteworthy dirt.

    The thing is, I need to know how to do this.
  12. 07-29-2008 #12
    robwhit
    robwhit is offline
    Registered User
    Join Date
    Oct 2001
    Posts
    2,129
    Seems like it would be a problem better suited for assembly language.

    Why do you want to do this? It sounds like a virus or a misguided attempt at an uninstall program.
  13. 07-29-2008 #13
    eXeCuTeR
    eXeCuTeR is offline
    Registered User
    Join Date
    Oct 2007
    Posts
    242
    If you just wanna export functions from other files, just create a DLL and include it in your code with LoadLibrary.
    Then, get the function's address by using GetProcAddress.
    Something like this..
    dll.dll:
    Code:
    __cdecl(dllexport) void func()
{
 cout << "Hello world!";
}
    includedll.cpp:
    Code:
    typedef void (*myFunc)();
myFunc func;
HANDLE dll = LoadLibrary("dll.dll");
func = (myFunc)GetProcAddress((HMODULE)dll, "func");
func();
FreeLibrary((HMODULE)dll);
    Last edited by eXeCuTeR; 07-29-2008 at 09:21 PM.
  14. 07-30-2008 #14
    matsp
    matsp is offline
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    As to why your "copy the function and execute" wont work, I suspect the problem is that the code isn't completely free of relocations (references to absolute memory locations, for example variables, constant data, vtables for C++ objects or jump tables for switch statements). You could check this by looking at the code in the executable file itself, and compare that with the code in memory - if it has changed, then you have relocations.

    You may also find that if your application itself doesn't load a DLL that is needed by the code you are calling, you may have a relocation in the code referencing the DLL, and it will most likely point to invalid memory, which would lead to a crash.

    --
    Mats
    Compilers can produce warnings - make the compiler programmers happy: Use them!
    Please don't PM me for help - and no, I don't do help over instant messengers.
  15. 07-30-2008 #15
    medievalelks
    medievalelks is offline
    Registered User
    Join Date
    Apr 2008
    Posts
    890
    Quote Originally Posted by Yarin View Post
    Yes and no... Look, I have an idea on how to cover my footstep covering footsteps; to the point that it becomes innoteworthy dirt.

    The thing is, I need to know how to do this.
    OK, I'm curious too. What are you trying to do?
« Previous Thread | Next Thread »
Popular pages Recent additions subscribe to a feed

Similar Threads

  1. A more advanced port scanner
    By fssp in forum C Programming
    Replies: 6
    Last Post: 03-23-2009, 01:14 AM
  2. What's advanced c++ contents ?
    By toysoldier in forum C++ Programming
    Replies: 8
    Last Post: 09-27-2004, 08:12 PM
  3. Advanced? Not Advanced? Anyone?
    By Jotun in forum C++ Programming
    Replies: 3
    Last Post: 04-28-2004, 08:02 PM
  4. Advanced but yet general
    By Rhodium in forum C Programming
    Replies: 6
    Last Post: 08-09-2003, 12:46 PM
  5. Advanced Linux Programming
    By drdroid in forum A Brief History of Cprogramming.com
    Replies: 2
    Last Post: 07-24-2003, 02:01 PM