how can i get hex from memory and get assembly? in c

Question

i stored function in memory, and i want to get assembly code from my memory.

first i did

int Operation(int a)
{
    __asm__(
        ".intel_syntax;"
        "mov %%eax, %1;"
        "add %%eax, 1;"
        "add %%eax, 1;"
        "mov %0, %%eax;"
        ".att_syntax;": "=r"(a): "r"(a) :"eax"
    );
    return a;
}

i wrote a function code

and then

uint8_t* func = (uint8_t*)Operation;
    int i = 0;
    int segment_id;
    uint8_t* shared_memory;
    segment_id = shmget(1234, PAGE_SIZE, IPC_CREAT | S_IRUSR | S_IWUSR);
    shared_memory = (uint8_t*)shmat(segment_id, NULL, 0);
    do
    {
    shared_memory[i++] = *func;
    } while (*func++ != 0xC3);

    shmdt(shared_memory);

i made shared memory and stored function in memory

and in another c,

int main(void)
{
        uint8_t* shared_memory;
    int segment_id;

    int (*func)(int a);
    int i=0;
    int rtrn;
    segment_id = shmget(1234, PAGE_SIZE, 0);
    struct shmid_ds shmid_ds,*buf;
    buf=&shmid_ds;
    rtrn=shmctl(segment_id,IPC_STAT,buf);

buf->shm_perm.uid=getpid();

buf->shm_perm.mode=511;
rtrn=shmctl(segment_id,IPC_SET,buf);
    rtrn=shmctl(segment_id,IPC_STAT,buf);
    shared_memory = (uint8_t*)shmat(segment_id, NULL, SHM_EXEC);



    func=shared_memory;
    uint8_t* a=shared_memory;
    do
    {
        printf("%X\n",*a);
        a++;
        i++;
    //printf("%p   %X\n",&shared_memory[i++],shared_memory[i++]);
    } while (i != 500);
    i=func(1);
    printf("%d\n```",i);

i can execute function with " i= func(1);"

what i want to do is get assembly code from memory.

so i got hex code starting from "shared memory"

and i got result

so i thought if i disassemble those hex, i can get assembly code that i wrote in function, but i got different disassemble result that i expected

what i expected was function code that i wrote like this: "mov %%eax, %1;"

"add %%eax, 1;" "add %%eax, 1;" "mov %0, %%eax;"

what was wrong in my code or idea?

You disassembled 64 bit code in 32 bit mode. Alternatively, you might have wanted to create 32 bit code to start with. PS: your inline asm is not very good, I am surprised it even assembles. — Jester, Nov 28 '21 at 01:45
64bit? 32bit? i don't know what do they mean what should i do? — soon, Nov 28 '21 at 01:56
Switch whatever disassembler you used into 64 bit mode. Also make sure you are running the exact code you posted because that disassembly, even when correctly using 64 bit, seems to be for something different. — Jester, Nov 28 '21 at 01:57
You did it wrong it nothing changed. Also don't be surprised to see function prologue and epilogue generated by the compiler. You will likely get something similar to `push rbp; mov rbp, rsp; mov [rbp-4], edi`. The first suspicious thing is the `add eax, 0x18` which should be your `add eax, 1`. — Jester, Nov 28 '21 at 02:16
Ahha, and that is likely because you copied the hex wrong. You have `83 c0 01 83 c0 01` but you left the leading zeroes out so that got turned into `83 c0 18 3c 01` which explains how `add eax, 0x01` turned into `add eax, 0x18`. Anyway, your code is fine, you are using the disassembler wrong. — Jester, Nov 28 '21 at 02:21
wow you are right i changed printf with %.2X and i got right assembly that i expected. thank you so much bro. i love u. I'm new with programming, so my code is not good. THANK YOU!!! — soon, Nov 28 '21 at 02:41
You should only ever use `.intel_syntax noprefix`, not `.intel_syntax` alone (with the default `prefix`). That mutant hybrid of Intel syntax but with AT&T decorators like `%eax` instead of `eax` is super confusing and horrible (and not supported by clang). Also, don't switch syntaxes inside an asm template; compile your whole file with `gcc -masm=intel` if that's what you want. (Although unfortunately clang doesn't support that.) See [How to set gcc to use intel syntax permanently?](https://stackoverflow.com/q/38953951) — Peter Cordes, Nov 28 '21 at 03:23

how can i get hex from memory and get assembly? in c

0 Answers0