Home > Archive > VC Language > January 2006 > Function pointer
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| Lubomir 2006-01-26, 7:08 pm |
| Hi,
I am trying to get a pointer to a function, so I could "see" (access by
pointer) the binary code of this function. when i look into disassembly
windows, the first binary values should be 55 8B EC ...
My pointer returns some different values, however. I used the following
syntax:
char *p = (char *)Test; // Test is the function I want to access
char c[] = {0x55, ...};
if (p[0] == c[0])
{
cout << "it works" << endl;
}
Any idea what I should change?
Thanks,
Lubomir
| |
| Ben Voigt 2006-01-26, 7:08 pm |
|
"Lubomir" <Lubomir@discussions.microsoft.com> wrote in message
news:5D5F2918-784E-407E-81DE-DFB65D504E77@microsoft.com...
> Hi,
>
> I am trying to get a pointer to a function, so I could "see" (access by
> pointer) the binary code of this function. when i look into disassembly
> windows, the first binary values should be 55 8B EC ...
>
> My pointer returns some different values, however. I used the following
> syntax:
Why don't you dump out the first 100 bytes or so that you read from p...
Maybe it's not starting on the instruction you expect.
Also, is the function statically linked or in a DLL? You may get an import
stub instead of the actual function.
>
> char *p = (char *)Test; // Test is the function I want to access
> char c[] = {0x55, ...};
>
> if (p[0] == c[0])
> {
> cout << "it works" << endl;
> }
>
> Any idea what I should change?
>
> Thanks,
>
> Lubomir
| |
| Scherbina Vladimir 2006-01-26, 7:08 pm |
| "Lubomir" <Lubomir@discussions.microsoft.com> wrote in message
news:5D5F2918-784E-407E-81DE-DFB65D504E77@microsoft.com...
> Hi,
>
> I am trying to get a pointer to a function, so I could "see" (access by
> pointer) the binary code of this function. when i look into disassembly
> windows, the first binary values should be 55 8B EC ...
>
> My pointer returns some different values, however. I used the following
> syntax:
maybe because compiler might generate different prologs for a function ?
i.e.
1.
push ebp
mov ebp, esp
....
2.
pushad
....
etc.
try to make naked modifier for a function to control it's prolog:
int __declspec(naked) Test(void)
{
__asm
{
push ebp ; what you need here...
mov ebp,esp
pop ebp
mov eax, 13
ret
}
}
--
Vladimir
| |
| Lubomir 2006-01-26, 7:08 pm |
| The function is global, placed in the same file from where it is called.
"Ben Voigt" wrote:
>
> "Lubomir" <Lubomir@discussions.microsoft.com> wrote in message
> news:5D5F2918-784E-407E-81DE-DFB65D504E77@microsoft.com...
>
> Why don't you dump out the first 100 bytes or so that you read from p...
>
> Maybe it's not starting on the instruction you expect.
>
> Also, is the function statically linked or in a DLL? You may get an import
> stub instead of the actual function.
>
>
>
>
| |
| Norman Bullen 2006-01-26, 9:57 pm |
| Lubomir wrote:
> Hi,
>
> I am trying to get a pointer to a function, so I could "see" (access by
> pointer) the binary code of this function. when i look into disassembly
> windows, the first binary values should be 55 8B EC ...
>
> My pointer returns some different values, however. I used the following
> syntax:
>
> char *p = (char *)Test; // Test is the function I want to access
> char c[] = {0x55, ...};
>
> if (p[0] == c[0])
> {
> cout << "it works" << endl;
> }
>
> Any idea what I should change?
>
> Thanks,
>
> Lubomir
If you're compiling with default debug settings, the linker get the
"incremental linking" switch. This causes it construct what they call an
"Incremental Link Table". This is a series of JMP instructions, one for
each function that is linked. The JMP instructions have the address of
the function and references to those functions are replaced with
references to the appropriate JMP instruction.
To find out if this is what's happening to you, look for 0xE9 at the
address of the function. (0xE9 is a JMP.)
Norm
--
--
To reply, change domain to an adult feline.
|
|
|
|
|