C # inline-asm/Embedded x86 assembly,

C # inline-asm/Embedded x86 assembly,

C # Can it be embedded in assembly? In my eyes, C # is impossible as a middle-and upper-layer Language.

Why do I think the middle-and upper-layer languages place assembly code? I can see from C # retaining pointers.

Many people will not believe that C # can use assembly code, but C # will be more troublesome. C # cannot be used directly.

Inline-asm (inline-asm): C # Only auto-asm dynamic assembly is supported.

C # the unique easy language, VB, and C ++ languages can all be used. However, I have seen most of them in dynamic assembly.

In plug-ins and remote Assembly injection, it is actually an extension of dynamic assembly technology, but it is difficult

After compiling the code, JIT writes the assembly code to the managed process remotely for execution.

Technologies that run in Shell programs and "memory run" are too lazy to discuss these ideas.

You can see a simple x86/call Assembly Embedded in C # And called

After executing this article, you will find that it is not too difficult. I wrote a lot of nonsense in a blog post, that is

This is just an easy language http://blog.csdn.net/u012395622/article/details/46400569.

We know that when the software runs, all the code will be placed in the virtual memory and executable code will be in the memory.

The memory protection is generally PAGE_EXECUTE_READ and 32, but after my research on. NET

The executable code should be PAGE_EXECUTE_READWIRTE and 64. If it is P/invoke

The DLL protection on is 32, so we cannot use read-only protection during embedded assembly.

If we need to use. NET to delegate the Call, it must be readable and writable.

The difference between using the API to Call and using 32 is that I have studied how to use the byte set in memory in easy language.

What is the result of memory protection in C #? 4/PAGE_READWRITE

Easy language CALL while C # CALL is always confusing to me.

Hosting heap differs from non-hosting heap, but I 'd like to ask some experts for help.

Because X86 Assembly requires switching the target platform to x86, C # Calls the Assembly

Do not skip this step if an error occurs in the code.

First, you need to define a delegate with parameters. The focus is that there is such a sentence in the Assembly.

Call dword ptr [ebp + 8] // call parameter 1

 

[Csharp]View plaincopy

1. [UnmanagedFunctionPointer (CallingConvention. Cdecl)]
2. Public delegate IntPtr CallMethod (IntPtr ptr );

Because it is an inline assembly under VC and finally transplanted to C # The call method of the function under VC is cdcel.

 

What's more, the following is based on the cdcel export function format, so the _ stdcall method cannot be used.

 

[Csharp]View plaincopy

1. [STAThread]
2. Static void Main (string [] args)
3. {
4. Byte [] buf_asm = {
5. // Push ebp
6. // Mov ebp, esp
7. // Sub esp, 0C0h
8. // Push ebx
9. // Push esi
10. // Push edi
11. // Lea edi, [ebp-0C0h]
12. // Mov ecx, 30 h
13. // Mov eax, 0 CCCCCCCCh
14. // Rep stos dword ptr es: [edi]
15. 85,139,236,129,236,192, 0, 0, 0, 83, 86, 87,141,189, 64,
16. 255,255,255,185, 48, 0, 0, 0,184,204,204,204,204,243,171,
17. // Call dword ptr [ebp + 8]
18. 255, 85, 8,
19. // Pop edi
20. // Pop esi
21. // Pop ebx
22. // Mov esp, ebp
23. // Pop ebp
24. // Ret
25. 95, 94, 91,139,229, 93,195
26. };
27. IntPtr ptr_asm = SetHandleCount (buf_asm );
28. VirtualProtect (ptr_asm, buf_asm.Length );
29. CallMethod call_method = Marshal. GetDelegateForFunctionPointer (ptr_asm, typeof (CallMethod) as CallMethod;
30. Call_method (Marshal. GetFunctionPointerForDelegate (new Action (Hello_x86 )));
31. }

First, write the Assembly You Want To embed in the byte array format and then use

The SetHandleCount function is used to obtain the address pointer.

 

[Csharp]View plaincopy

1. Static void VirtualProtect (IntPtr, int size)
2. {
3. Int outMemProtect;
4. If (! VirtualProtect (ptr, size, 64, out outMemProtect ))
5. Throw new Exception ("Unable to modify memory protection .");
6. }

The above function is used to modify the memory protection, but to enable the delegate to interact, including the compilation code to be called by each other.

 

[Csharp]View plaincopy

1. Static void Hello_x86 ()
2. {
3. Console. Title = (new StackFrame (). GetMethod (). Name;
4. Console. WriteLine ("I was x86 assembly call a test function .");
5. Console. ReadKey (false );
6. }

The above function is a test function. This function does not make much sense. It only indicates that it uses the Assembly call.

 

This function then outputs a response message indicating that the function is written into the memory assembly for calling.

Dependent external functions

[Csharp]View plaincopy

1. [DllImport ("kernel32.dll", CharSet = CharSet. Auto)]
2. Public static extern IntPtr SetHandleCount (byte [] value );
4. [DllImport ("kernel32.dll", SetLastError = true)]
5. Public static extern bool VirtualProtect (IntPtr lpAddress, int dwSize, int flNewProtect, out int lpflOldProtect );

Dependent namespace

 

 

[Csharp]View plaincopy

1. Using System;
2. Using System. Runtime. InteropServices;
3. Using System. Diagnostics;

 

 

Copyright Disclaimer: This article is an original article by the blogger and cannot be reproduced without the permission of the blogger.