C ++ (Special Functions) from the perspective of Assembly)

 

[Disclaimer: All Rights Reserved. You are welcome to reprint it. Do not use it for commercial purposes. Contact Email: feixiaoxing @ 163.com]

 

The functions mentioned here mainly refer to inline and static functions. Inline functions are special. They have both macro properties and can also be checked by the compiler. Static functions are also special. They can only be used by functions in the same file. If the static function is in the include file, this header file will appear again in the exec file as long as it is used once. It may be difficult to understand, but please wait for a moment. The following will be an example. Finally, we use a replacement technique to modify the function pointer so that the function you call can be modified. This gives a deeper impression on the definition of all functions.

 

 

 

 

(1) inline functions

 

 

Copy to clipboardprint? Inline int add (int a, int B)

{

Return a + B;

}

Inline int add (int a, int B)

{

Return a + B;

} So how will this function be compiled during application? Can you take a look?

 

 

Copy to clipboardprint? 0040114A mov eax, 1

0040114F add eax, 2

00401152 mov dword ptr [ebp-4], eax

0040114A mov eax, 1

0040114F add eax, 2

00401152 mov dword ptr [ebp-4], eax

 

 

The inline function is a special function. During function compilation, the compiler checks the format of the inline function code according to the function requirements. However, during compilation and execution of code, the compiler copies the code to the call function according to the macro nature. Therefore, in the call function, we found that this call code is not in the form of a call, but directly in the form of a statement. However, the number of lines of code in this inline function cannot be too large, because the purpose of inline is to reduce the call opportunity.

 

Note:

 

A) Enable the INLINE optimization function during compilation. Choose PROJECT> setting> C/C ++> optimizations ], select the second item in the inline extension.

 

B) if an error is generated during compilation, you can delete the Compilation instruction/ZI. The result is that the source code cannot be debugged in one step, but only in one step at the Assembly level.

 

 

(2) What is the property of the static function?

 

Copy to clipboardprint? Static int add (int a, int B)

{

Return a + B;

}

Static int add (int a, int B)

{

Return a + B;

} A) What if there is such an add function in different source files?

 

If the function is declared as a static function in different files, it does not matter. Each static function is only used for each file, and the multi definition issue does not exist.

 

B) if the header file has such a static function declaration and definition?

 

If there is a static function in the header file, every file that calls this function will recompile the static function. The result is the same as that of a). You can try it and print the static function address to see if the address of the add function is the same.

 

 

(3) An example of modifying the function address

 

 

Copy to clipboardprint? # Include <windows. h>

 

Int add (int a, int B)

{

Return a + B;

}

 

Int sub (int a, int B)

{

Return a-B;

}

 

Void set ()

{

HANDLE hProcess = GetCurrentProcess ();

DWORD pOldFlag = 0;

BOOL result = 0;

Result = VirtualProtectEx (hProcess, (LPVOID) add, 0x10, PAGE_EXECUTE_READWRITE, & pOldFlag );

If (result! = 0)

{

Printf ("% d \ n", GetLastError ());

}

}

 

Void process ()

{

Char * n = (char *) add;

Char * t = (char *) sub;

* N = 0xFF;

* (N + 1) = 0x25;

* (Int *) (n + 2) = (int) & t;

Int data = add (3, 2 );

Assert (1 = data );

Return;

}

# Include <windows. h>

 

Int add (int a, int B)

{

Return a + B;

}

 

Int sub (int a, int B)

{

Return a-B;

}

 

Void set ()

{

HANDLE hProcess = GetCurrentProcess ();

DWORD pOldFlag = 0;

BOOL result = 0;

Result = VirtualProtectEx (hProcess, (LPVOID) add, 0x10, PAGE_EXECUTE_READWRITE, & pOldFlag );

If (result! = 0)

{

Printf ("% d \ n", GetLastError ());

}

}

 

Void process ()

{

Char * n = (char *) add;

Char * t = (char *) sub;

* N = 0xFF;

* (N + 1) = 0x25;

* (Int *) (n + 2) = (int) & t;

Int data = add (3, 2 );

Assert (1 = data );

Return;

} For a brief introduction, the above Code includes four functions. The add function and sub function are mainly used to replace the test. The set function is a piece of code that modifies the access attribute of the code segment, the process function is a piece of code used for testing. The purpose of this Code is to call the add function and find that the sub function is actually called. So how can we do this? The key lies in two aspects: (1) modifying the access attribute of the add function code segment; (2) modifying the content of the first byte of the add function, so we need to change the content of the add function to jmp sub, so we need to modify the attribute first, and then modify the content