.Hello,
I am facing a problem related Inline assembler in c++ in order calling C++ functions at runtime.
Suppose the function to which I need to call is just taking UDT(User defined data type) as object. But my problem is I am not aware of of that user defined type in code. That UDT is not defined there in the caller's code.
Suppose I know about the data which I need to fill for that object.(But actual object I can't make as type is not available there in caller's code).
So I thought as following solution and put little effort in the code so that I'll be able to transfer the call to the target function at runtime. I just created the block of heap in memory enough holding the data and fill that block with random data and made the call towards target function with the help of inline assembler code.
I can calculate the size of that User Defined type which's appearing in the signature somehow but as I wrote earlier that type isn't defined there in caller's code.
Suppose my targeted C++ function's signature was
foo(WESContext a_wesContext) //where WESContext was User defined type which wasn't declared in caller's code. and I am doing ...
void *pWESContext = malloc(sizeOfWESContext);
BSTR *bstrUserName = (BSTR*)pWESContext;
*bstrUserName = SysAllocString(CT2OLE(CA2T(results.at(0).c_str())));
bstrUserName++;
BSTR *bstrMachineIp = (BSTR*)bstrUserName;
*bstrMachineIp = SysAllocString(CT2OLE(CA2T(results.at(1).c_str())));
bstrMachineIp++;
BSTR *bstrCertificate = (BSTR*)bstrMachineIp;
*bstrCertificate = SysAllocString(CT2OLE(CA2T(results.at(2).c_str())));
bstrCertificate++;
BSTR *bstrBrowseClientHandle = (BSTR*)bstrCertificate;
*bstrBrowseClientHandle = SysAllocString(CT2OLE(CA2T(results.at(3).c_str())));
bstrBrowseClientHandle++;
BSTR *bstrSessionID = (BSTR*)bstrBrowseClientHandle;
*bstrSessionID = SysAllocString(CT2OLE(CA2T(results.at(4).c_str())));
bstrSessionID++;
BSTR *bstrTaskID = (BSTR*)bstrSessionID;
*bstrTaskID = SysAllocString(CT2OLE(CA2T(results.at(5).c_str())));
U'll wonder that when that User defined type(WESContext) is'nt declared in the code, how then I just filled the data accordingly and estimated that block taking data of BSTR's..
Leave this. I have extracted the details of this type from some type library or by parsing PE file format and concluded that WESContext is just composed of 4 BSTR's.
CALL:
int sizeOfWESContext = sizeof(WESContext);
_asm
{
sub esp,sizeOfWESContext
mov ecx,0Eh
lea esi,[pWESContext]
mov edi,esp
rep movs dword ptr es:[edi],dword ptr [esi]
call foo
mov edx, ret ; ret would be some return value
}
Now here strange problem occurs for which I just posted enough detail here.
when control reaches at 'call' instruction, sometime it just passes the call keyword and shifts to next instruction without calling target function(i.e foo).
Sometimes it just calls the function successfully but the block of memory in which data has been filled in before calling function of whom starting address is loaded in lea as..
lea esi,[pWESContext]
it's data get's corrupted. Some fields' get corrupted. Sometimg it gets corrupted as whole. Not even a single byte successfully transfered on to the stack of WESContext block.
Sometime (one or 2 times I observed), that whole block successfully trasnfered as it was being filled(as I am filling) before calling.
So you people are the assembler's guru. I am a new bie..I need to call functions at runtime of every kind. here I am stuck. Kindly help me out. I would be very much obliged.
Regards
Usman
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}