|
Hi Ryan,
The client is responsible for the function desc. If it sends the wrong data, then it's expected that bad things will happen. I kinda figured that inline assembler would be needed to push the params onto the stack, but that's exactly what I don't know how to do.
Cheers,
Tom Archer - Archer Consulting Group
"So look up ahead at times to come, despair is not for us. We have a world and more to see, while this remains behind." - James N. Rowe
|
|
|
|
|
Tom Archer wrote:
I kinda figured that inline assembler would be needed to push the params onto the stack, but that's exactly what I don't know how to do.
OK. I'll give a few examples. Hopefully you can extend them.
Say you've got the address of a function in a variable called funcPtr and you need to pass a float and an int and the function returned a char , then you could do something like this (assuming C style calling convention):
char callFunction(void *funcPtr, float parm1, int parm2)
{
__asm push parm1
__asm push parm2
__asm call funcPtr
} Of course this can be extended for more arguments, and it should work for doubles (64-bit values) as well. I'm not sure how it works for values less than 32 bits. I think the compiler pushes an entire zero-extended 32-bit value, so you'll need to take that into account (store smaller values in a 32-bit temporary variable first).
You should be able to put this in a loop as follows:
char callFunction(void *funcPtr, int *values, int numValues)
{
for (int i=0; i<numValues; i++)
{
__asm push values[i]
}
__asm call funcPtr
} It should work alright, but I have never had to do this, so I'm not 100% certain. If it has trouble with the array index, assign values[i] to a temporary variable first (make sure it's local to the function, not the for loop, or you'll have problems with stack corruption).
As I mentioned before, another way I've done it is to allocate a block of memory for the actual parameter contents as they would appear on the stack, and the copy it all in one go. It makes the inline assembly much easier and predictable:
char callFunction(void *funcPtr, void *stackPtr, int stackSize)
{
__asm sub esp,stackSize
__asm mov esi,stackPtr
__asm mov edi,esp
__asm mov ecx,stackSize
__asm rep movsb
__asm call funcPtr
} This version I have taken directly from some code I have written and tested, so I know it works. This is what I would recommend doing, as you can then assemble the stack information without using inline assembly (pointer arithmatic is much easier to understand ) and just copy the data and call the function using a simple consistent method.
[edit]If you use the last technique, remember that for the C calling convention the parameters are passed in such a way that the highest address has the right-most parameter.[/edit]
Hopefully that gives you enough information to get it working.
Cheers,
Ryan "Punctuality is only a virtue for those who aren't smart enough to think of good excuses for being late" John Nichol "Point Of Impact"
|
|
|
|
|
I just realised my first two examples were wrong The parameters should be pushed in the opposite order for both of them. The third is still correct though.
Sorry about that
Ryan "Punctuality is only a virtue for those who aren't smart enough to think of good excuses for being late" John Nichol "Point Of Impact"
|
|
|
|
|
Thanks Ryan for all your help.
Cheers,
Tom Archer - Archer Consulting Group
"So look up ahead at times to come, despair is not for us. We have a world and more to see, while this remains behind." - James N. Rowe
|
|
|
|
|
hi
Check out "Smashing the Stack for fun and profit" by Aleph One. great docu for understanding stack manipulation with lots of codes snippets . http://www.phrack.org/phrack/49/P49-14.
xx
|
|
|
|
|
Brilliant stuff. Thanks!
Cheers,
Tom Archer - Archer Consulting Group
"So look up ahead at times to come, despair is not for us. We have a world and more to see, while this remains behind." - James N. Rowe
|
|
|
|
|
Well, just wild guess and I tried it just today at morning, but under some limitations you can go (probably) this way:
If you can stick with the C call convention (no pascal, at least I think), and you can specify fixed type for return parameter, you can define the function signature as follows:
typedef DWORD (__stdcall *pFunction)(...);
Then you can call it in this way:
int execute()
{
MyruntimeFunc = (pFunction)GetProcAddress( NULL,"TestFunction");
MyruntimeFunc( 1 );
return -1;
}
extern "C"
{
__declspec( dllexport ) DWORD TestFunction( DWORD ard )
{
int x = 0;
return 0;
};
}
Because TestFunction knows what to look for on the stack, she'll find it. You only have to make you sure that you'll put the correct types (very important, (BYTE)1 is here not the same as (DWORD)1 ) in correct order.
It's just a morning idea, before I finally wake up, but maybe it will help you. I tested it inside one single .exe file, so maybe some of my assumptions are bad. But at least I tried
|
|
|
|
|
Hi,
is it possible, to start an executable file as a child process? And if not, how can i get an handle on the program I've started?
thanks, Michael
|
|
|
|
|
|
Can some please guide me to run an exe without clicking it & restarting the pc after modification in registry. Is there any way that it can be achieved ?
Regards,
Ibraheem
|
|
|
|
|
CreateProcess()
// Afterall, I realized that even my comment lines have bugs
If the sun were to blow up, it would take us 7-8 minutes to realize it.
|
|
|
|
|
how will it load itself (without clicking or any user interaction) .... ???? can u plz briefly explain
Regards
|
|
|
|
|
It's you who needs to explain. When do you want it to run ? If you want it to run on reboot, follow Tom's advice. If you want your code to cause it to run, use CreateProcess or ShellExecute. If you want it to run every time your PC starts, put it in the Run registry key, or the startup folder.
If you want precise advice, ask precise questions.
Christian Graus - Microsoft MVP - C++
|
|
|
|
|
Alrtie ... plz see my new post ... I hope u get a better idea now
Regards,
Ibraheem
|
|
|
|
|
Christian is right. It is a little bit hard to interpret your question so I tried to guess. CreateProcess will launch the exe from within your code. ShellExecute too (this is easier to use but not recommended by Microsoft). It is impossible (a telepath would prove me wrong) to start a program without telling the computer to do so. Tom and Ravi gave you excellent answers when it comes to the exe being executed at startup without any user interaction.
// Afterall, I realized that even my comment lines have bugs
Time is the fire in which we burn.
|
|
|
|
|
Toni78 wrote:
ShellExecute too (this is easier to use but not recommended by Microsoft).
Sorry, I meant to say WinExec, not ShellExecute.
// Afterall, I realized that even my comment lines have bugs
If the sun were to blow up, it would take us 7-8 minutes to realize it.
|
|
|
|
|
|
Alrtie ... plz see my new post ... I hope u get a better idea now
Regards,
Ibraheem
|
|
|
|
|
Following on Tom's post, here's[^] a useful link that describes the Run and RunOnce registry keys.
/ravi
My new year's resolution: 2048 x 1536
Home | Articles | Freeware | Music
ravib@ravib.com
|
|
|
|
|
Okay . I accept my mistake :P ... Well what i exactly want is say i have an executable . I know this executable can be runned by clicking it or any sort of user interaction ... or can be runned when the pc reboots ... but let say i want to run on a specific let say 10.00 am .... now other executable from outside runs that exe but this exes starts running by its own .... I hope i am little bit clear now .... Is it possible ??? and what exactly createprocess do ... can it help me in achieving this goal. i can explain it in more detail if any1 of u still dont reach to the point what I want .....
Thanx anyways
Regards,
Ibraheem
|
|
|
|
|
Use Task Scheduler to run the executable at the desired time. That is the simplest way.
|
|
|
|
|
Yea ... but again that would have been set by user interaction ... I want zero user interaction just like when window reboots a program can start running but I want more that is program starts of its own. That is, reboot of the window should not be needed. It starts executing of its own, even if the pc has not been restarted. Is it possible ?
Regards,
Ibraheem
|
|
|
|
|
All methods require some level of interaction. If there is no interaction how will the computer know what you want it to do?
Putting an entry in the registry at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run will cause your application to run when a user logs on. This does require interaction but it is very minimal and only needs to be done once.
Also if there is no interaction at all how will you get your application onto the target machine?
|
|
|
|
|
Sounds like it's a virus....
Christian Graus - Microsoft MVP - C++
|
|
|
|
|
If I understand correctly what you are asking it is impossible.
No program can spontaneously start executing without some trigger.
If a program is not running it is not loaded into memory, it is
just a file on the disk. How can a disk file load itself into
memory and start running without an outside agent instructing it
to do so?
Steve T
|
|
|
|