#include <stdio.h>
int main(int argc, char** argv)
{
void (*p) (void);
/* this obviously won't work, but what string could I put in
here (if anything) to make this execute something meaningful?
Does any OS allow instructions to be read from
the stack rather than text area of the process image? */
char *c = "void f() { printf(\"Hello, world!\"); }";
p = ( void (*)() )c;
p();
return 0;
}
views:
120answers:
3
+2
A:
Sure it is possible. Buffer Overflow exploits use it.
See Shellcode for what kind of strings you can place.
Basically what you can do it put machine code on the stack and jump to the address. This will cause execution (if the OS/machine allows it, see NX bit).
You could perhaps even try to do a memcpy from some function address onto a string on the stack and then try jumping to the address on the stack.
Moron
2010-07-11 23:57:43
Thank you, could you elaborate a bit on how I would jump to the address after memcpy? And how big a chunk of memory would i memcpy? Would I have to know how the function is represented in assembly language for that?
2010-07-12 00:40:38
Note though that we're talking about inserting binary executable code here -- you're not just going to be able to buffer overflow C and expect the processor to know WTF you're talking about.
Billy ONeal
2010-07-12 00:41:33
@rahulkumar42: You can try casting the string address as a function pointer and try calling it. You don't really need to know how the function is represented, the machine will do the interpretation for you. The size to copy depends on the function you are copying and might be difficult to find out about.
Moron
2010-07-12 00:55:28
+5
A:
Sort of, but not really, there is no eval() in c, like in many scripting languages.
However, what you are describing is sort of like a Buffer Overflow exploit.
Where, you use a string to write "code" (not c syntax, but machine code) into the address space after the buffer. Here's a nice little tutorial of the topic.
Don't use this information to write a virus :(
Stephen
2010-07-12 00:03:06
There is an `eval()` of sorts: write a C compiler, compile the string into machine code, then run it.
Chris Lutz
2010-07-12 00:12:50
Thanks, my intention is to write a program that modifies itself during execution, perhaps even unpredictably. Nothing malicious, just as a learning exercise.
2010-07-12 00:36:24
@Chris : good point ;) @rahul : Definitely a good learning experience, sounds fun :)
Stephen
2010-07-12 00:41:07
@Chris Lutz: That is easily the least useful remark I have seen all week.
j_random_hacker
2010-07-12 01:08:36
@j_random_hacker - A certain level of pedantry is required to be a programmer.
Chris Lutz
2010-07-12 01:17:24
@Chris, glad you didn't take it too hard. I'm also a pedant at heart, so perhaps I was just projecting... :)
j_random_hacker
2010-07-12 04:48:00
+4
A:
You could use libtcc to compile and run C source code:
const char *code = "int main(int argc, char**argv) { printf(\"Hello, world!\"); return 0; }";
TCCState *tcc = tcc_new();
if (tcc_compile_string(tcc, code))
{
// an error occurred compiling the string (syntax errors perhaps?)
}
int argc = 1;
char *argv[] = { "test" };
int result = tcc_run (tcc, argc, argv);
// result should be the return value of the compiled "main" function.
// be sure to delete the memory used by libtcc
tcc_delete(tcc);
A coouple of issues:
- You can only compile
libtccon a supported architecture. - You need to have a
mainfunction.
dreamlax
2010-07-12 00:38:40