I'm reversing some assembly code and I'm consistently coming across certain structures that have an address at the very beginning of the structure.
This address seems to be a pointer to the beginning of an array of function addresses related to that specific structure.
I've also noticed that the first function in the array is usually related to deallocated/cleaning up of the structure.
Does anyone know what this type of structuring is called? I'd like to learn how this works
That's the "vtable" a.k.a. "virtual method table".
Related
I'm new to c++ and Access. I'm working with a project calls dll (compiled by c++) from Access.
I want to understand how are the parameters passed into the dll.
The input data for dll is prepared in Access, and we call the dll from Access.
We associate "RunFunction" with the dll we want to call.
The line in Access calls the dll:
Results = RunFunction(Data.age, Data.calendar, Data.timesheet, Data.extra)
The cpp code that complies the dll:
double __stdcall RunFunction(double * iData, double(*iCalendar)[100], double(*iTimesheet)[100])
First question, from the cpp code, I found the *iData(in c++) actually contains all info from Data (in Access).
Why it could happen? I thought only Data.age is passed into *iData, not the whole Data?
Second question, the the RunFunction from Access has four input parameters, while c++ only takes three, why it doesn't this cause any issue?
First, consider that inside Access the value of Data.age might be inside a buffer containing the entire record or some other structure. So when the address of that one value is passed to you in C++, you can explore neighboring addresses and see what’s in it. Don’t do that!
Second, look at the way __stdcall works. It was designed in the early days of C when function arguments were not checked at all! You can pass fewer or more parameters on the caller side and not mess up the stack. If you pass extra, no big deal. If you leave off some, then using the rightmost names in the function will give garbage values and witing to them can cause all sorts of problems including clobbering the return address.
I would like to know is there a way to pass a struct pointer to a lua script,
and reach it's members from lua without copy (for read and write purposes).
So, for example is it possible to overwrite a member of a c struct directly through of its pointer?
(I am using luajit)
In addition to Tim's answer, you can also go for light userdata. You don't end up with a copy of your data in the Lua stack, all you push to Lua is a pointer.
Lua has no understanding of what is in this pointer, whether it still points to valid memory, or how to access any objects in this pointer, so you'll have to handle all of this yourself in C. I am usually sending a pointer to an item on a list, so if there's any risk that entry has been deleted from the list, I first iterate over the list to validate the pointer (not a big deal if your lists are short). To access items within the pointer in Lua, you need to write get/set functions in C that you can call from Lua.
To get started, here are the entries on pushing and retrieving the lightuserdata:
lua_pushlightuserdata - push an entry on the stack
lua_touserdata - retrieve the pointer value
lua_islightuserdata - validate entry is light userdata
Programming in Lua entry on light userdata
Seeing as you have tagged this for luajit, you can combine the light userdata (as mentioned by others) with FFI for direct struct member access, see the tutorial here: http://luajit.org/ext_ffi_tutorial.html
The way to do this is with a lua userdata. Here are a couple examples: link, another link.
This is something that recently crossed my mind, quoting from wikipedia: "To initialize a function pointer, you must give it the address of a function in your program."
So, I can't make it point to an arbitrary memory address but what if i overwrite the memory at the address of the function with a piece of data the same size as before and than invoke it via pointer ? If such data corresponds to an actual function and the two functions have matching signatures the latter should be invoked instead of the first.
Is it theoretically possible ?
I apologize if this is impossible due to some very obvious reason that i should be aware of.
If you're writing something like a JIT, which generates native code on the fly, then yes you could do all of those things.
However, in order to generate native code you obviously need to know some implementation details of the system you're on, including how its function pointers work and what special measures need to be taken for executable code. For one example, on some systems after modifying memory containing code you need to flush the instruction cache before you can safely execute the new code. You can't do any of this portably using standard C or C++.
You might find when you come to overwrite the function, that you can only do it for functions that your program generated at runtime. Functions that are part of the running executable are liable to be marked write-protected by the OS.
The issue you may run into is the Data Execution Prevention. It tries to keep you from executing data as code or allowing code to be written to like data. You can turn it off on Windows. Some compilers/oses may also place code into const-like sections of memory that the OS/hardware protect. The standard says nothing about what should or should not work when you write an array of bytes to a memory location and then call a function that includes jmping to that location. It's all dependent on your hardware and your OS.
While the standard does not provide any guarantees as of what would happen if you make a function pointer that does not refer to a function, in real life and in your particular implementation and knowing the platform you may be able to do that with raw data.
I have seen example programs that created a char array with the appropriate binary code and have it execute by doing careful casting of pointers. So in practice, and in a non-portable way you can achieve that behavior.
It is possible, with caveats given in other answers. You definitely do not want to overwrite memory at some existing function's address with custom code, though. Not only is typically executable memory not writeable, but you have no guarantees as to how the compiler might have used that code. For all you know, the code may be shared by many functions that you think you're not modifying.
So, what you need to do is:
Allocate one or more memory pages from the system.
Write your custom machine code into them.
Mark the pages as non-writable and executable.
Run the code, and there's two ways of doing it:
Cast the address of the pages you got in #1 to a function pointer, and call the pointer.
Execute the code in another thread. You're passing the pointer to code directly to a system API or framework function that starts the thread.
Your question is confusingly worded.
You can reassign function pointers and you can assign them to null. Same with member pointers. Unless you declare them const, you can reassign them and yes the new function will be called instead. You can also assign them to null. The signatures must match exactly. Use std::function instead.
You cannot "overwrite the memory at the address of a function". You probably can indeed do it some way, but just do not. You're writing into your program code and are likely to screw it up badly.
I'm pretty much a beginner at C++. Just started learning it a few weeks ago. I'm really interested in improving my skills as a programmer, and there's something that's been confusing me in the last few days. It is pointers. Pointers and the reference operator. My question is, what exactly is the functionality of the pointers and reference operator? How will I know when to use them, and what are their purposes and common usages. Any examples consisting of common algorithms using dereference and reference will be greatly appreciated.
how can I use reference and dereference to become a better programmer, and improve my algorithms(and possibly make them simpler)?
Thanks :D
Definitely check this question out, the accepted answer explains pointers and common errors with them in a nice manner.
Update: a few words of my own
Pointers are bunches of bits, like any other kind of variable. We use them so much because they have several very convenient properties:
Their size (in bytes) is fixed, making it trivial to know how many bytes we need to read to get the value of a pointer.
When using other types of variables (e.g. objects), some mechanism needs to be in place so that the compiler knows how large each object is. This introduces various restrictions which vary among languages and compilers. Pointers have no such problems.
Their size is also small (typically 4 or 8 bytes), making it very fast to update their values.
This is very useful when you use the pointer as a token that points to a potentially large amount of information. Consider an example: we have a book with pictures of paintings. You need to describe a painting to me, so I can find it in the book. You can either sit down and paint an exact copy of it, show it to me, and let me search the book for it; or you can tell me "it's in page 25". This would be like using a pointer, and so much faster.
They can be used to implement polymorphism, which is one of the foundations of object-oriented-programming.
So, to find out how to use pointers: find cases where these properties will come in handy. :)
There's some things a programmer needs to understand before diving into pointers and C++ references.
First you must understand how a program works. When you write variables out, when you write statements, you need to understand what's happening at a lower level; it's important to know what happens from a computer stand-point.
Essentially your program becomes data in memory (a process) when you execute it. At this point you must have a simple way to reference spots of data - we call these variables. You can store things and read them, all from memory (the computers memory).
Now imagine having to pass some data to a function - you want this function to manipulate this data - you can either do this by passing the entire set of data, or you can do it by passing its address (the location of the data in memory). All the function really needs is the address of this data, it doesn't need the entire data itself.
So pointers are used exactly for this sort of task - when you need to pass address of data around - pointers in fact are just regular variables that contain an address.
C++ makes things a bit easier with references (int &var) but the concept is the same. It lets you skip the step of creating a pointer to store the address of some data, and it does it all automatically for you when passing data to a function.
This is just a simple introduction of how they work - you should read up on Google to search fo more detailed resources and all the cool things you can do with pointers/references.
Better name of the operator is "Address of" operator. Because it returns the address of the operand.
In C++ you will use pointers (and both reference/dereference operators) when dealing with dynamically allocated memory or when working with pointer arithmetic.
Pointers are also used to break down static bindings since they imply dynamic binding (through the address stored in the pointer, which can change dynamically).
For all other uses, it is usually better to use references instead of pointers.
to be short:
reference are some improvment of pointers that inherited from C to C++
its a bit safer because it helps you avoid using "*" in your functions and that cause you less segmentation faults.
or like my frines say "avoid the starwars"
there is a lot to learn about it !!!!
look for the use of "&" for sending and receiving values by refrence
understand the use of "&" for getting variable adress
its a very very big question, if you can be more specific it will be better.
I've got a function that takes a list of CRuntimeClass pointers in order to setup a view. I'd like to return without doing anything if the function is called with a list of the same classes that are already setup. Saving the pointer values and comparing them on the next call is currently working, but I want to verify that that's a legal thing to do, and not something that just happens to work. Maybe my doc-search-fu is lacking, but I can't find anywhere that guarantees the pointer value returned from the RUNTIME_CLASS() macro for a given class will be the same for the life of the program. The closest I could find is in the docs for CObject::GetRuntimeClass():
There is one CRuntimeClass structure for each CObject-derived class.
That implies that the pointer value shouldn't change, but doesn't exactly state it. Does anyone have something a bit more concrete on that? Or is there a better way to compare the CRuntimeClasses?
No such guarantee is documented, albeit that it is likely. You are supposed to use CObject::IsKindOf().
Taking a peek at afx.h plus a little of debugging shows that RUNTIME_CLASS() returns a pointer to a static member: static CRuntimeClass class##class_name (as it can be seen in the definition of DECLARE_DYNAMIC(class_name) macro).
As the member is static, the pointer to it does not change during runtime. In other words static is your guarantee.