I am interested in some examples of these.
Thanks.
1. Insert codepaths that are never followed
* Insert conditional branches that are never taken (and preferably point
into the middle of other instructions)
Is this an example ?
cmp A, B ; condition
jge L30 ; conditional branch
mov ebx, CONST1 ; ebx holds X
jmp L31 ; unconditional branch
L30:
mov ebx, CONST2
L31:
* Change direct calls and jumps to indirect calls and jumps with targets
computed at runtime
I think that Alex (Antariy) had some examples posted to the old forum. I think that as it worked out, you didn't save any time because setting write permission for the code segment caused a cache flush to enable it and you lost the time anyway.
Dave.
Thanks, time savings isn't a factor.
Andy
the "speed factor" depends on how many times you change the target vs how many times the code is executed
the simplest way to do what you are talking about is to use a variable to hold the address
.DATA?
lpfnBranchVector LPVOID ?
.CODE
mov lpfnBranchVector,Label0
;
;
mov lpfnBranchVector,Label1
;
;
jmp dword ptr lpfnBranchVector
if "Label1" happens to be inside a PROC, use double-colons to make it a public symbol
SomeProc PROC
Label1::
ret
SomeProc ENDP
the harder way, and much more cumbersome, is to use self-modifying code
you can calculate the relative address and write it into the code stream
because the code section is normally write-protected, you can use VirtualProtect to temporarily alter it
This jumps to label1, but it's not clear to me how ?
.code
start:
mov lpfnBranchVector,Label0
mov lpfnBranchVector,Label1
jmp dword ptr lpfnBranchVector
Label0:
fn MessageBox,0,str$(eax),"Label0",MB_OK
Label1:
fn MessageBox,0,str$(eax),"Label1",MB_OK
sorry, Andy
maybe i wasn't clear in my example....
the idea is that you set the vector to different values throughout your code
i.e., if "this" is true, then set it to LabelThis
if "that" is true, then set it to LabelThat
when it comes time to execute the branch, it will go to the most recent value set
one of the things i sometimes use this for is to "disable" a function
in the data section, i might have
.DATA
lpfnFunc LPVOID Function
then, on some type of event, i might want to disable it
so, i use a dummy return
i may put the dummy at the end of Function, or i may give it its' own proc
Function PROC
;function code here
Dummy::
ret
Function ENDP
now, on some event, i may want to disable the function
mov lpfnFunc,Dummy
on some other event, i may want to re-enable it
mov lpfnFunc,Function
when i call the function,
call dword ptr lpfnFunc
it will behave according to whether or not it is enabled
Quote from: dedndave on February 17, 2013, 02:44:29 PM
sorry, Andy
maybe i wasn't clear in my example....
the idea is that you set the vector to different values throughout your code
i.e., if "this" is true, then set it to LabelThis
if "that" is true, then set it to LabelThat
when it comes time to execute the branch, it will go to the most recent value set
It's hard to understand when you are terse.
I can understand because I often assume my listener knows as many details as I do.
I have not been doing assembly for 20 years.
So are you saying use an .if .else statement ?
< the harder way, and much more cumbersome, is to use self-modifying code
< you can calculate the relative address and write it into the code stream
< because the code section is normally write-protected, you can use VirtualProtect to temporarily alter it
I am very interested in an implementation of this.
andy
My fingers are getting numb with old age. :icon13:
let's just say that "events" may change the "condition" or "state"
the events could be anything - a button push, a time-elapse, the end of a file reached, a buffer is full, etc
the events are used to alter the state by updating the variable
when it comes time to execute the function or branch, it will do so, based on the current state
the only examples of this in code that i currently have are in large projects
so - they don't make good examples
you'd have to read through a lot of code to get the little bit you want to see
Thanks.
Andy
Only afraid of 2 things, Women and the Police.
Burt Reynolds
after you have played with that a bit, you may be interested in "state machines" and "state variable models"
in programming, you have a number of tools that may be used to control program flow
conditional branches, unconditional branches, loops, call/ret's, and so on
if you want to take it up a notch, state machines are another tool that may be used
http://en.wikipedia.org/wiki/Finite-state_machine (http://en.wikipedia.org/wiki/Finite-state_machine)
in electronics, state machines are implemented in circuitry quite often
they can be implemented in code to create complex state machines with minimal code
we also have "state-variable filters"
these are typically analog circuits that can create some very versatile filters
they can be easily tuned and can have very sharp cut-offs, etc
these types of filters can also be implemented in code
http://en.wikipedia.org/wiki/State_variable (http://en.wikipedia.org/wiki/State_variable)
http://en.wikipedia.org/wiki/State_variable_filter (http://en.wikipedia.org/wiki/State_variable_filter)