Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page How to calculate the exact size of a piece of code?
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 09-06-2004, 19:54
zaratustra
 
Posts: n/a
How to calculate the exact size of a piece of code?
Hi guys,
I'm currently trying to inject some code in a target.
Say that code is a function named void Func()
(I don't want to use assembler, I'm going to coding all
in C/C++.) I use the WriteProcess API to write the code in the target.
The code is written in a buffer allocated using the
VirtualAllocEx API.
I need to calculate the exact number of bytes occupies Func()
so I can pass this information to the writeprocessmemory.
How can i do that?
cheers
z.
Reply With Quote
  #2  
Old 09-06-2004, 20:08
Neitsa
 
Posts: n/a
Hello,

Take a look at this interesting paper:

http://www.codeproject.com/threads/winspy.asp

or

http://www.codeguru.com/Cpp/W-P/system/processesmodules/article.php/c5767/

(same article)

title: Three Ways to Inject Your Code into Another Process

It's all in C++ , have fun !

Regards, Neitsa.
Reply With Quote
  #3  
Old 09-06-2004, 20:10
nikita@work
 
Posts: n/a
Quote:
Originally Posted by zaratustra
I need to calculate the exact number of bytes occupies Func() so I can pass this information to the writeprocessmemory.
How can i do that?
For example this way:

Code:
void __declspec(naked) BeginOfCode() {}

void __stdcall Wrapper()
{
   [...your code... ]
}

void __declspec(naked) EndOfCode() {}

void Inject()
{
   WriteProcess(
     ...
     Wrapper,
     EndOfCode - BeginOfCode,
     ...
}
Naked attribute used to strip any dummy code in output object
Reply With Quote
  #4  
Old 09-06-2004, 21:50
TQN TQN is offline
VIP
  
Join Date: Apr 2003
Location: Vietnam
Posts: 358
Rept. Given: 143
Rept. Rcvd 24 Times in 13 Posts
Thanks Given: 196
Thanks Rcvd at 168 Times in 51 Posts
TQN Reputation: 24
I think your method will not work. BeginOfCode and EndOfCode are empty functions. In VS and VS .NET, when compile your code in Release mode, compiler optimization can remove or move two above function to another location. So I think we need a #pragma optimize(off) at begin of block code, and another turnoff options.
Regards,
TQN
Reply With Quote
  #5  
Old 09-07-2004, 04:29
nikita@work
 
Posts: n/a
Quote:
Originally Posted by TQN
I think your method will not work. BeginOfCode and EndOfCode are empty functions
Trust me It works...
Optimizer can't strip these functions because they used in code. And of couse we have to disable incremental linking.
Reply With Quote
  #6  
Old 09-07-2004, 04:45
lifewire
 
Posts: n/a
it works, indeed. i used a similar method too, although i didn't like it much, but there is no clean solution to do so (at least, none that i know of)
Reply With Quote
  #7  
Old 09-07-2004, 06:47
xMaster
 
Posts: n/a
This will not necessarily work because function code is NOT contingues in memory. Function code can be splitted in several code segments.
The only thing do get the real size is via debug symbols.

xMaster
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
how to calculate RVA from file offset Shub-Nigurrath General Discussion 9 09-22-2009 12:33


All times are GMT +8. The time now is 01:06.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )