Introduction to the principle of dynamic loading of executable code in Windows

 

Q: Can I dynamically load the SIMD assembly code in C. C # I don't know. c/c ++ is very easy to do. It took a few hours to write an example and this blog.

 

In general, to dynamically load binary in windows, the following steps are generally taken.

 

1. First, you must obtain the binary code that can be executed. It can be compiled in a program, read from somewhere, or typed in by the user's hand.

 

2. Allocate a piece of memory with executable properties for these binary files. This is because Data Execution Prevention exists. Generally, memory pages allocated with malloc and new do not have the executable attribute. Once executed, an exception of STATUS_ACCESS_VIOLATION occurs.

 

3. The next step is to jump to the memory and execute it. You may need to write some assembly commands. During the calling process, pay attention to whether the stack is balanced.

 

 

Basically, there are three points. Let's look at the specific code below:

 

Step 1: Get the executable binary. Here I wrote a fastercopy function using the SIMD command, and then compiled it to write its binary code into an array.

 

Int emitcode [] = {clerk, 0x565340ec, clerk, 0x6f0f20ce, clerk, 0x30ce746f, 0xce7c6f0f, 0x04e70f38, 0x4ce70fcf, 0xe70f08cf, 0x0f10cf54, 0x18cf5ce7, 0xcf64e70f, expires, 0xccccc3}; The fastercopy function is written in this way.

 

View Code

Void fastercopy (void * dst, void * src, int len) {_ asm {mov esi, [src] // source array mov edi, [dst] // destination array mov ecx, [len] // number of QWORDS (8 bytes) lea esi, [esi + ecx * 8] // end of source lea edi, [edi + ecx * 8] // end of destination neg ecx // use a negative offsetcopyloop: movq mm0, qword ptr [esi + ecx * 8] movq mm1, qword ptr [esi + ecx * 8 + 8] movq mm2, qword ptr [esi + ecx * 8 + 16] movq mm3, qword ptr [esi + ecx * 8 + 24] movq mm4, qword ptr [esi + ecx * 8 + 32] movq mm5, qword ptr [esi + ecx * 8 + 40] movq mm6, qword ptr [esi + ecx * 8 + 48] movq mm7, qword ptr [esi + ecx * 8 + 56] movntq qword ptr [edi + ecx * 8], mm0 movntq qword ptr [edi + ecx * 8 + 8], mm1 movntq qword ptr [edi + ecx * 8 + 16], mm2 movntq qword ptr [edi + ecx * 8 + 24], mm3 movntq qword ptr [edi + ecx * 8 + 32], mm4 movntq qword ptr [edi + ecx * 8 + 40], mm5 movntq qword ptr [edi + ecx * 8 + 48], mm6 movntq qword ptr [edi + ecx * 8 + 56], mm7 add ecx, 8 jnz copyloop sfence // flush write buffer emms }}

Step 2: allocate the memory. The windows function VirtualAlloc is called here. Specify the PAGE_EXECUTE_READWRITE attribute in the last parameter.

 

Void * address = NULL; address = VirtualAlloc (NULL, sizeof (emitcode), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); memcpy (address, emitcode, sizeof (emitcode ));

 

Step 3: Call the code that exists in address.

 

You can write assembly code and call it by yourself:

 

_ Asm {push 20 h mov eax, dword ptr [src] push eax mov ecx, dword ptr [dst] push ecx mov ecx, dword ptr [address] call ecx add esp, 0Ch} can also be called using a function pointer. It knows what the function prototype is.

 

Typedef void (* FASTCALL) (void * dst, void * src, int len); FASTCALL fastcall; fastcall = (FASTCALL) address; fastcall (dst2. src, 64/2 ); these experiments were conducted in Win7 + VS2010 debug.

 

It is not responsible for the failure of the garden in other environments.

 

It is not responsible for failure to do so in Win7 + VS2010.