Fetching in a new function into program's memory and calling it

**♪~ ᕕ(ᐛ)ᕗ** · 01-26-2015

Alright so I had this idea: I will allocate a space in the memory and will write into it a function, can I call that function later on using assembly?
Like:

Code:

DWORD ptr = (DWORD)malloc( <size> );
memcpy(&ptr, <function>, <size>);
__asm{
    mov eax, ptr
    call eax
};

I'm a total noob on C++ (especially ASM), so is this possible?

**Knochove** · 01-26-2015

and how are you going to calculate the size of a function? it's not something you can just do by doing

Code:

sizeof(&function);

Also you can't just directly copy a function from one place to another using :

Code:

memcpy(&ptr, <function>, <size>);

maybe a combination of malloc + function pointers could work, but I'm unsure.

And judging from the fact that you said "I'm a total noob on C++ (especially ASM), so is this possible?" I'm not sure you'll be able to implement this as this allows deeper knowledge of how things work (eg. stack, what happens during function calls).

**Hitokiri~** · 01-26-2015

1.) Fix memory access to allow +Execute ( [ malloc -> HeapAlloc ] only allows read/write access )
2.) Fix RVAs in function and replace explicit addresses dynamically.

That's how I did it.

**_seals_** · 01-27-2015

Originally Posted by Hitokiri~

1.) Fix memory access to allow +Execute ( [ malloc -> HeapAlloc ] only allows read/write access )
2.) Fix RVAs in function and replace explicit addresses dynamically.

That's how I did it.

This looks cool, will try to work on something like this.

- - - Updated - - -

Originally Posted by Knochove

and how are you going to calculate the size of a function? it's not something you can just do by doing

Code:

sizeof(&function);

Also you can't just directly copy a function from one place to another using :

Code:

memcpy(&ptr, <function>, <size>);

maybe a combination of malloc + function pointers could work, but I'm unsure.

And judging from the fact that you said "I'm a total noob on C++ (especially ASM), so is this possible?" I'm not sure you'll be able to implement this as this allows deeper knowledge of how things work (eg. stack, what happens during function calls).

By that I meant that I don't have enough experience with native languages and low level programming, but I of course know about stack and heap and what happens during a function call. Yes I do not have enough to perform this task all by myself but hey, we can all learn.

**bloodx_** · 02-01-2015

why would you do this ?

Dont get the sense of that..

**Hindi93** · 02-03-2015

What you are looking for is called "Function Hooking" or "Detouring", google that and you'll find it.

Thread: Fetching in a new function into program's memory and calling it

Thread Tools

Display