0

This is hacking for a useful (non-malicious) purpose and I'm not sure what I want can be done but I'd like to try. I'm running software that is closed source so I can't modify the original function call. The call is:

sprintf(string, this->LabelFormat, value)

And this->LabelFormat is %-#6.3g by default. The purpose is to format labels for a legend of doubles, so value is a number.

I can set this->LabelFormat to whatever I want. I would like to perform a mapping from numbers to strings, for example:

value | string
--------------
  0.0 | None
  1.0 | I
  2.0 | J
  3.0 | K

and so on. Is it at all possible to manipulate the format string to perform a specified mapping for me since I cannot modify the original code?

tpg2114
  • 14,112
  • 6
  • 42
  • 57
  • Is is built using dynamic linking? If it is, you could replace libc with a modified version that does what you want. – Dirk Holsopple Dec 28 '12 at 18:14
  • @DirkHolsopple It is, but `sprintf` is called dozens of other places in the code and I only want the mapping to occur in this one place. – tpg2114 Dec 28 '12 at 18:15
  • In that case, you can (inside this modified sprintf) grab the return pointer from the stack and check - if it's the one you need, modify it, otherwise just pass it through. You will need some assembler/disassembler basics to pull that off. – DCoder Dec 28 '12 at 18:17
  • 3
    If you can change the format string, just add some magic number to the front of the string when you want the modified behavior. In the modified sprintf, check for the magic number, if it isn't there, use the original behavior, if it is, use the modified behavior. – Dirk Holsopple Dec 28 '12 at 18:21
  • 1
    @DirkHolsopple You should make this an answer, I think that's how I will go about this. It turns out I already asked how to replace standard functions with custom ones before ( http://stackoverflow.com/questions/9272155/replacing-extrordinarily-slow-pow-function ), I don't know why I didn't make the connection – tpg2114 Dec 28 '12 at 18:49

3 Answers3

3

What you are looking for is possible with API Hooking

API hooking consists of intercepting a function call in a program and redirecting it to another function. By doing this, the parameters can be modified, the original program can be tricked if you choose to return an error code when really it should be successful, and so on. All of this is done before the real function is called, and in the end, after modifying/storing/extending the original function/parameters, control is handed back over to the original function until it is called again.

You would have to intercept the original call to the function with the sprintf and overwrite the this->LabelFormat with the desired value before handing over control to the function.

For further information, go to Detours - Microsoft Research

user1055604
  • 1,624
  • 11
  • 28
0

I think it is not possible with format string only. You should add extra machine instructions somewhere. For example, you can replace sprintf function with your own.

Dims
  • 47,675
  • 117
  • 331
  • 600
0

If you have access to value before setting LabelFormat then all you have to do is set LabelFormat to the string you want to be displayed (without any % codes in it at all). The function will then ignore the extra parameter but it will have printed what you wanted. If you don't also have aaccess to value then I don't see any way to do the mapping with only format codes.

Mark B
  • 95,107
  • 10
  • 109
  • 188