1

~ Is it possible to read the bytes of a function, put them into an array, create a function pointer to the beginning address of the array and then execute the function pointer

So obviously there are a lot of things that would need to be done, the best method I have currently for getting the bytes in a function is to create a pointer, and iterate through each memory address until I hit the RET (0xc3) instruction. I've managed to Frankenstein together some code, but no matter what happens I get an access violation, which leads me to my question, is this even possible, is there a procedure that needs to be followed to allow this to happen.

Rough Example:

void function() {
    //do something
    return;
}

int main() {
    size_t size = sizeofFunc(function); //uses method listed earlier
    unsigned char* bytes = new unsigned char[size];
    // for each memory address from 'function' to 'function + size' put contents into 'bytes'
    void(*vFuncPtr)(void) = (void(*)(void))bytes;
    vFuncPtr(); // Access Violation, is this even possible???
}
Nathan Morris
  • 113
  • 4
  • This may be dependent on an OS. Modern processors have the ability to mark data segments as not executable. Related: [https://stackoverflow.com/questions/38113551/can-i-execute-code-that-resides-in-data-segment-elf-binary](https://stackoverflow.com/questions/38113551/can-i-execute-code-that-resides-in-data-segment-elf-binary) – drescherjm Nov 03 '20 at 14:14

1 Answers1

0

Here is the way to do it :

void function() {
    printf("hello\n");
    return;
}

int main()
{
   char* bytes = new char[4];
   bytes = reinterpret_cast<char*>(function);

   void(*vFuncPtr)(void) = (void(*)(void))bytes;

   vFuncPtr();

   return 0;
}
Dmitry
  • 1,912
  • 2
  • 18
  • 29
  • 2
    This doesn't "store a function in a a byte array". It's just calling a function through a pointer. It also leaks memory as a bonus. – Blastfurnace Nov 03 '20 at 14:11
  • Function - is an address, to you can store this address any way you like and then call it using a function pointer. "store a function in a byte array" sounds strange. This is how I understood the problem – Dmitry Nov 03 '20 at 14:14
  • Read the question again. They're asking how to read binary code into a block of memory and then execute that code. It's possible but requires some OS specific code to mark an arbitrary block of memory as executable. – Blastfurnace Nov 03 '20 at 14:17
  • @Blastfurnace do you mind elaborating on what code or rather the process to mark a block of code as executable. Im on windows, but any tips would be helpful – Nathan Morris Nov 03 '20 at 14:21
  • I've done it several times - I've not found any source from where that should be read - a heap, a file or smth....and their code snippet matches my understanding. If my answer does not suit - that it should no be accepted. As I see that I'm not the only one for the similar answer – Dmitry Nov 03 '20 at 14:25
  • 2
    @NathanMorris I haven't found a great duplicate but it's [something like this question](https://stackoverflow.com/questions/40936534/how-to-alloc-a-executable-memory-buffer). – Blastfurnace Nov 03 '20 at 14:25