Created
January 24, 2020 08:31
-
-
Save MSDN-WhiteKnight/6911763be17dddaee20260417ecb1861 to your computer and use it in GitHub Desktop.
C++ x86 Test
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
//http://c-jump.com/CIS77/CPU/x86/lecture.html | |
#include <stdio.h> | |
#include <stdint.h> | |
#include <tchar.h> | |
#include <Windows.h> | |
#include <DbgHelp.h> | |
#pragma comment(lib, "Dbghelp.lib") | |
struct Function { | |
const char* name; | |
uintptr_t addr; | |
size_t size; | |
bool success; | |
}; | |
BOOL CALLBACK EnumSymProc(PSYMBOL_INFO pSymInfo, ULONG SymbolSize, PVOID context) { | |
Function* pfstruct = (Function*)context; | |
if (strcmp(pSymInfo->Name, pfstruct->name) == 0) { | |
pfstruct->addr = pSymInfo->Address; | |
pfstruct->size = SymbolSize; | |
pfstruct->success = true; | |
return FALSE; //закончить поиск | |
} | |
return TRUE; //продолжить поиск | |
} | |
bool GetFuncBounds(const char* fname, uintptr_t& addr, size_t& size) { | |
bool ret; | |
Function fstruct; | |
fstruct.name = fname; | |
fstruct.size = 0; | |
fstruct.success = false; | |
HANDLE hProcess = GetCurrentProcess(); //текущий процесс | |
char Mask[] = "*!*"; | |
BOOL status; | |
status = SymInitialize(hProcess, NULL, TRUE); //загрузка символов | |
if (status == FALSE) | |
{ | |
printf("SymInitialize failed. Error code: 0x%x\n", (UINT)GetLastError()); | |
return false; | |
} | |
//поиск символов | |
if (SymEnumSymbols(hProcess, 0, Mask, &EnumSymProc, (void*)&fstruct)) | |
{ | |
if (fstruct.success != false) { | |
//возвращаем адрес и размер функции | |
addr = fstruct.addr; | |
size = fstruct.size; | |
ret = true; | |
} | |
else { | |
printf("Symbol [%s] not found\n", fname); | |
ret = false; | |
} | |
} | |
else | |
{ | |
printf("SymEnumSymbols failed. Error code: 0x%x\n", (UINT)GetLastError()); | |
ret = false; | |
} | |
SymCleanup(hProcess); | |
return ret; | |
} | |
//********************************** | |
void Func() { | |
printf("Hello, World!\n"); | |
} | |
int _tmain(int argc, _TCHAR* argv[]) | |
{ | |
uintptr_t addr = 0; | |
size_t size = 0; | |
void(*pFunc) () = Func; | |
pFunc(); | |
if (GetFuncBounds("Func", addr, size)) { | |
for (size_t i = 0; i < size; i++) { | |
uintptr_t p = (uintptr_t)(((char*)addr) + i); | |
char c = *(((char*)addr) + i); | |
printf("0x%x: [0x%x]\n", (unsigned int)p,(unsigned int)(unsigned char)c); | |
} | |
} | |
else { | |
printf("Error!\n"); | |
} | |
uintptr_t addrPrintf = 0; | |
size_t sizePrintf = 0; | |
if (GetFuncBounds("printf", addrPrintf, sizePrintf)) { | |
printf("printf: 0x%x; size=%d bytes\n", (unsigned int)addrPrintf,(int)sizePrintf); | |
} | |
else { | |
printf("Error!\n"); | |
} | |
getchar(); | |
return 0; | |
} | |
/* | |
void Func() | |
0xc51190: [0x51] | |
0xc51191: [0x68] | |
0xc51192: [0x84] | |
0xc51193: [0x21] | |
0xc51194: [0xc5] | |
0xc51195: [0x0] | |
0xc51196: [0xe8] //call (near, relative to next instruction) | (int)0xfffffe75 = -395 | 0xc51010 printf | |
0xc51197: [0x75] | |
0xc51198: [0xfe] | |
0xc51199: [0xff] | |
0xc5119a: [0xff] | |
0xc5119b: [0x83] //add (sign-extended lmm8) esp,4 | |
0xc5119c: [0xc4] | |
0xc5119d: [0x4] | |
0xc5119e: [0x59] //pop ecx | |
0xc5119f: [0xc3] //ret | |
Addr: 0xc51010 Size:54 //printf | |
*/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment