Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • World
  • Users
  • Groups
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Code Project
  1. Home
  2. General Programming
  3. C / C++ / MFC
  4. Replacement for Inline Assembly

Replacement for Inline Assembly

Scheduled Pinned Locked Moved C / C++ / MFC
questionc++
9 Posts 6 Posters 0 Views 1 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • Richard Andrew x64R Offline
    Richard Andrew x64R Offline
    Richard Andrew x64
    wrote on last edited by
    #1

    Since 64-bit C++ code does not allow inline assembly instructions, how can I execute a jmp instruction when I need to?

    The difficult we do right away... ...the impossible takes slightly longer.

    L R E C 4 Replies Last reply
    0
    • Richard Andrew x64R Richard Andrew x64

      Since 64-bit C++ code does not allow inline assembly instructions, how can I execute a jmp instruction when I need to?

      The difficult we do right away... ...the impossible takes slightly longer.

      L Offline
      L Offline
      Lost User
      wrote on last edited by
      #2

      Why would you need to?

      Veni, vidi, abiit domum

      Richard Andrew x64R 1 Reply Last reply
      0
      • Richard Andrew x64R Richard Andrew x64

        Since 64-bit C++ code does not allow inline assembly instructions, how can I execute a jmp instruction when I need to?

        The difficult we do right away... ...the impossible takes slightly longer.

        R Offline
        R Offline
        Rajesh R Subramanian
        wrote on last edited by
        #3

        Compiler intrinsics[^]?

        "Real men drive manual transmission" - Rajesh.

        1 Reply Last reply
        0
        • Richard Andrew x64R Richard Andrew x64

          Since 64-bit C++ code does not allow inline assembly instructions, how can I execute a jmp instruction when I need to?

          The difficult we do right away... ...the impossible takes slightly longer.

          E Offline
          E Offline
          Eugen Podsypalnikov
          wrote on last edited by
          #4

          // how can I execute a jmp instruction when I need to? 1. Organize a buffer for the JMP executing

          enum {
          #ifndef _WIN64
          jmpAddrIdx = 2, // Index of the Address in Jump-Buffer
          jmpLen = 10, // Length of the Jump-Buffer
          #else
          jmpAddrIdx = 3, // Index of the Address in Jump-Buffer
          jmpLen = 16, // Length of the Jump-Buffer
          #endif
          };
          static BYTE jmp[jmpLen] = {
          #ifdef _WIN64
          0x50, // push rax (len:01)
          0x48, 0xb8, // mov rax, DWORD_PTR (len:10)
          0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
          0x48, 0x87, 0x04, 0x24, // xchg rax, [rsp] (len:04)
          0xc3 // ret (len:01)
          #else
          0x50, // push eax (len:01)
          0xb8, // mov eax, DWORD_PTR (len:05)
          0x00, 0x00, 0x00, 0x00,
          0x87, 0x04, 0x24, // xchg eax, [esp] (len:03)
          0xc3 // ret (len:01)
          #endif
          };

          2. Fill the address part there in (low Bytes first)

            memcpy(&jmp\[jmpAddrIdx\], YOUR\_DESIRED\_ADDRESS, sizeof(DWORD\_PTR));
          

          3. Take the pointer of an existing global function(void) (Long enough: see jmpLen above) 4. Mark the addressed space of the function as writeable

          DWORD dwOldMode(0);
          if (VirtualProtect(pfnYourShellFcn, jmpLen, PAGE_EXECUTE_READWRITE, &dwOldMode)) {

          5. Write the jump into the function :)

          memcpy(pfnOriginal, jmp, jmpLen);

          6. Mark the space as original

          VirtualProtect(pfnYourShellFcn, jmpLen, dwOldMode, &dwOldMode);

          7. Call the pointed function :)

          (*pfnYourShellFcn)()

          8. Be thrilled.

          They sought it with thimbles, they sought it with care; They pursued it with forks and hope; They threatened its life with a railway-share; They charmed it with smiles and soap. :)

          Richard Andrew x64R CPalliniC 2 Replies Last reply
          0
          • E Eugen Podsypalnikov

            // how can I execute a jmp instruction when I need to? 1. Organize a buffer for the JMP executing

            enum {
            #ifndef _WIN64
            jmpAddrIdx = 2, // Index of the Address in Jump-Buffer
            jmpLen = 10, // Length of the Jump-Buffer
            #else
            jmpAddrIdx = 3, // Index of the Address in Jump-Buffer
            jmpLen = 16, // Length of the Jump-Buffer
            #endif
            };
            static BYTE jmp[jmpLen] = {
            #ifdef _WIN64
            0x50, // push rax (len:01)
            0x48, 0xb8, // mov rax, DWORD_PTR (len:10)
            0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
            0x48, 0x87, 0x04, 0x24, // xchg rax, [rsp] (len:04)
            0xc3 // ret (len:01)
            #else
            0x50, // push eax (len:01)
            0xb8, // mov eax, DWORD_PTR (len:05)
            0x00, 0x00, 0x00, 0x00,
            0x87, 0x04, 0x24, // xchg eax, [esp] (len:03)
            0xc3 // ret (len:01)
            #endif
            };

            2. Fill the address part there in (low Bytes first)

              memcpy(&jmp\[jmpAddrIdx\], YOUR\_DESIRED\_ADDRESS, sizeof(DWORD\_PTR));
            

            3. Take the pointer of an existing global function(void) (Long enough: see jmpLen above) 4. Mark the addressed space of the function as writeable

            DWORD dwOldMode(0);
            if (VirtualProtect(pfnYourShellFcn, jmpLen, PAGE_EXECUTE_READWRITE, &dwOldMode)) {

            5. Write the jump into the function :)

            memcpy(pfnOriginal, jmp, jmpLen);

            6. Mark the space as original

            VirtualProtect(pfnYourShellFcn, jmpLen, dwOldMode, &dwOldMode);

            7. Call the pointed function :)

            (*pfnYourShellFcn)()

            8. Be thrilled.

            They sought it with thimbles, they sought it with care; They pursued it with forks and hope; They threatened its life with a railway-share; They charmed it with smiles and soap. :)

            Richard Andrew x64R Offline
            Richard Andrew x64R Offline
            Richard Andrew x64
            wrote on last edited by
            #5

            That's a great answer. Thanks! :)

            The difficult we do right away... ...the impossible takes slightly longer.

            1 Reply Last reply
            0
            • L Lost User

              Why would you need to?

              Veni, vidi, abiit domum

              Richard Andrew x64R Offline
              Richard Andrew x64R Offline
              Richard Andrew x64
              wrote on last edited by
              #6

              Richard MacCutchan wrote:

              Why would you need to?

              I want to transfer control to a different function without disturbing the stack. (Without pushing anything more onto it.

              The difficult we do right away... ...the impossible takes slightly longer.

              1 Reply Last reply
              0
              • E Eugen Podsypalnikov

                // how can I execute a jmp instruction when I need to? 1. Organize a buffer for the JMP executing

                enum {
                #ifndef _WIN64
                jmpAddrIdx = 2, // Index of the Address in Jump-Buffer
                jmpLen = 10, // Length of the Jump-Buffer
                #else
                jmpAddrIdx = 3, // Index of the Address in Jump-Buffer
                jmpLen = 16, // Length of the Jump-Buffer
                #endif
                };
                static BYTE jmp[jmpLen] = {
                #ifdef _WIN64
                0x50, // push rax (len:01)
                0x48, 0xb8, // mov rax, DWORD_PTR (len:10)
                0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
                0x48, 0x87, 0x04, 0x24, // xchg rax, [rsp] (len:04)
                0xc3 // ret (len:01)
                #else
                0x50, // push eax (len:01)
                0xb8, // mov eax, DWORD_PTR (len:05)
                0x00, 0x00, 0x00, 0x00,
                0x87, 0x04, 0x24, // xchg eax, [esp] (len:03)
                0xc3 // ret (len:01)
                #endif
                };

                2. Fill the address part there in (low Bytes first)

                  memcpy(&jmp\[jmpAddrIdx\], YOUR\_DESIRED\_ADDRESS, sizeof(DWORD\_PTR));
                

                3. Take the pointer of an existing global function(void) (Long enough: see jmpLen above) 4. Mark the addressed space of the function as writeable

                DWORD dwOldMode(0);
                if (VirtualProtect(pfnYourShellFcn, jmpLen, PAGE_EXECUTE_READWRITE, &dwOldMode)) {

                5. Write the jump into the function :)

                memcpy(pfnOriginal, jmp, jmpLen);

                6. Mark the space as original

                VirtualProtect(pfnYourShellFcn, jmpLen, dwOldMode, &dwOldMode);

                7. Call the pointed function :)

                (*pfnYourShellFcn)()

                8. Be thrilled.

                They sought it with thimbles, they sought it with care; They pursued it with forks and hope; They threatened its life with a railway-share; They charmed it with smiles and soap. :)

                CPalliniC Offline
                CPalliniC Offline
                CPallini
                wrote on last edited by
                #7

                I'm thrilled. :thumbsup:

                Veni, vidi, vici.

                In testa che avete, signor di Ceprano?

                1 Reply Last reply
                0
                • Richard Andrew x64R Richard Andrew x64

                  Since 64-bit C++ code does not allow inline assembly instructions, how can I execute a jmp instruction when I need to?

                  The difficult we do right away... ...the impossible takes slightly longer.

                  C Offline
                  C Offline
                  Chris Losinger
                  wrote on last edited by
                  #8

                  goto!

                  image processing toolkits | batch image processing

                  Richard Andrew x64R 1 Reply Last reply
                  0
                  • C Chris Losinger

                    goto!

                    image processing toolkits | batch image processing

                    Richard Andrew x64R Offline
                    Richard Andrew x64R Offline
                    Richard Andrew x64
                    wrote on last edited by
                    #9

                    I did think of that, however I don't know if it works across functions.

                    The difficult we do right away... ...the impossible takes slightly longer.

                    1 Reply Last reply
                    0
                    Reply
                    • Reply as topic
                    Log in to reply
                    • Oldest to Newest
                    • Newest to Oldest
                    • Most Votes


                    • Login

                    • Don't have an account? Register

                    • Login or register to search.
                    • First post
                      Last post
                    0
                    • Categories
                    • Recent
                    • Tags
                    • Popular
                    • World
                    • Users
                    • Groups