How to get c function Bytes and convert it into char

Question

I looking a way to load function and cast it into a char ; I'd like to get bytes of it .

void myFunc();
int main()
{
   char myChar =(char)&myFunc; // stuff like that
   return 0;
}
void myFunc()
{
   printf("hi!");
}

I hava tried to dereference my adress pointer @user2482551:

here is my new code:

#include <stdio.h>

void myFunc(){
    printf("hi");

}
int main(){
    unsigned int* c = (unsigned int*)(&myFunc);

    printf("%d\n",*c);
    return 0;
}

OUTPUT : -443987883

Do you know what does it mean ?

what do you want `myChar` to be? a pointer to a function? or the string `"hi!"`? — Pavel, May 24 '14 at 21:23
@Pavel it has the aroma of a SMC (self-modifying code) attempt. — WhozCraig, May 24 '14 at 21:29
@WhozCraig Well any modern OS will probably end any 'SMC' attempt with a single 'segmentation fault' :) — Andro, May 24 '14 at 21:36
No I'd like to get function "bytes" which are the RAM at the adress of `&myFunc` — Grg_Lnt, May 24 '14 at 21:59
This is so compiler, architecture, and OS dependent that it should not even be something you ask about on stack overflow. — Joel Dentici, May 24 '14 at 21:59
@user2777579 If you want to do that use Candy man's answer. Then you dereference myChar and that will be the byte. It will probably be meaningless since instructions are not going to be 8 bits anyway. — Joel Dentici, May 24 '14 at 22:01
Similar to http://stackoverflow.com/questions/23785815/why-dereferencing-the-main-function-does-not-show-memory-content/23787780#23787780, the answer(s) to that apply here also. — Clifford, May 24 '14 at 22:26
Ohhh right i missed that !! I guess i have to find a function in kernel.dll to do that ? (I am on windows) — Grg_Lnt, May 24 '14 at 23:29

score 1 · Answer 1 · answered May 24 '14 at 21:18

1

I'd say you want

char* myChar =(char*)&myFunc; // stuff like that

You cannot convert an address to a char, but of course you can convert it to a pointer-to-char char*.

Also, define the function above main, or if not, declare its prototype void myFunc(); above main. Otherwise main() does not "see" it and you get a compile time error.

answered May 24 '14 at 21:18

vsoftco

55,410
12
139
252

Yes Sorry for the msitake – Grg_Lnt May 24 '14 at 21:20
of course, myChar will only contain address of the function, nut the byte representation of the complete function. – Andro May 24 '14 at 21:24
@CandyMan not sure I get it... what do you mean by the "byte representation of the function"? The actual values of the physical memory addresses where `f` is stored? Like a memory dump? – vsoftco May 24 '14 at 21:27
1

I just want to point out to the OP, since the title was 'get C function bytes' that myChar will not contain the machine code for 'printf("hi");' – Andro May 24 '14 at 21:28
Yes didn't wrote that ( for prototype ) but when casting to char* and printing it, i just get things like that : `Ê*ëÕHâý Hì` – Grg_Lnt May 24 '14 at 21:29
@CandyMan completely agree! I don't know actually of any simple way of getting the machine code, as I do not know how to get the "size" of the function. – vsoftco May 24 '14 at 21:29
@CandyMan agreed. And depending on the platform, it may not even contain the correct *code* address of the function in the first place. – WhozCraig May 24 '14 at 21:29
1

@user2777579 you shouldn't "print" the `char*`, it is a pointer pointing to some stuff in the memory, not a `C`-like string. It will print until if finds a `\0` in the memory. – vsoftco May 24 '14 at 21:30
@WhozCraig, why wouldn't `char* myChar` contain the correct code address? At least up to the operating system level physical mapping? – vsoftco May 24 '14 at 21:33
@vsoftco I guess one could get the machine code with the appropriate offset (assuming that the code is laid sequentially in the memory). Never really tried that, because there is really no reason for doing that. – Andro May 24 '14 at 21:35
@CandyMan it likely will be sequential. The address of the function will likely be the address of the first instruction in the function. Also, the instructions will likely not be 8 bit, so multiple chars would span a single instruction. – Joel Dentici May 24 '14 at 21:57
@vsoftco because function pointers and data pointers are not necessarily the same size. [See this answer](http://stackoverflow.com/questions/13696918/c-cast-void-pointer-to-function-pointer/13697654#13697654). – WhozCraig May 24 '14 at 23:02
"you can convert it to a pointer-to-char" - not in standard C, although it is a common extension – M.M May 24 '14 at 23:18
@CandyMan this approach would be usable to retrieve the machine code (if the compiler allows the conversion of function pointer to char pointer). – M.M May 24 '14 at 23:19

Gregor Ophey · Accepted Answer · 2014-05-24T22:30:45.990

1

The following will get the address of myFunc and step bytewise through memory starting from that address when you type a key:

void myFunc();
int main()
{
   void* ptr = &myFunc; // stuff like that
   while(getchar() != -1) {
     printf("%d", *((char*)ptr++));
   }
   return 0;
}
void myFunc()
{
   printf("hi!");
}

Here's the output I get:

[gregor@localhost tmp]$ ./faddr

85
72
-119
-27
-65
-109
6

I wouldn't be able to tell if this is actually stepping through the machine code for the function ... Maybe you have a way to check this? E.g use something simpler like:

int myFunc() 
{
   return 0;
}

edited May 24 '14 at 22:30

answered May 24 '14 at 22:25

Gregor Ophey

817
6
12

2

"tell if this is actually stepping through the machine code " -- it does. Printing the result as unsigned hex shows `55 48 89 E5 30 C0 48 8D 0D 41 00 00 00 48 89 CF E8 09 00 00 00 5D C3 ..`, starting with a `push`. Stopped at `C3` because that's a `RET` instruction. – Jongware May 24 '14 at 22:49
2

Note this isn't really portable, since you're not supposed to convert function pointers to `void *`, but if you're trying to get at machine code then you're probably not going to care. – Crowman May 24 '14 at 22:56

How to get c function Bytes and convert it into char

2 Answers2