Contextual differences in inline assembly code

Question

Along the lines with the first answer here I tried to encapsulate some assembly code in a C++ function.

When I put this code in a function (inline or not) and pass the shellcode as an argument to the function it gives me an access violation 0xC0000005 at the call instruction, with or without DEP enabled. However, when I define the shellcode inside the function just before VirtualProtect, it works fine.

Current function code:

inline void ExecuteShellcode(char shellcode[])
{
    /*char shellcode[] = \
    "shellcode"; // If I use this local variable instead of the argument it works tho
    */
    DWORD tempstore;
    if (VirtualProtect(shellcode, sizeof(shellcode), PAGE_EXECUTE_READWRITE, &tempstore))
    {
        __asm lea eax, shellcode;
        __asm call eax; Access violation 0xC0000005
    }
}

Why does __asm call not work with non-local variables in this instance?

tkausl: `sizeof(shellcode)` is 4.. Which is way too small. Michael: When I look in the debugger the globally allocated pointer contains the same value as the one passed to `VirtualProtect` — user-1289389812839, Oct 27 '16 at 18:33
The reason is that inside the function the compiler doesn't know the length of the character array passed as a parameter. `sizeof(shellcode)` would be the size of a pointer to the character array. When `shellcode` is a local variable the size is known. — Michael Petch, Oct 27 '16 at 18:51
Pass the size as a separate parameter to the function `ExecuteShellCode` — Michael Petch, Oct 28 '16 at 02:07
I should point out that had you defined the string as `char *shellcode="Hello World";` and done sizeof(shellcode) you would have also got 4 (the size of the pointer). This [SO Question and answers](http://stackoverflow.com/questions/1704407/what-is-the-difference-between-char-s-and-char-s-in-c) touch on the subject. — Michael Petch, Oct 28 '16 at 02:12

Contextual differences in inline assembly code

0 Answers0