Yes, I'm trying to do something crazy again:



.code
foopointer label dword
dd 00,00,00,00;***works, but it does not
@foo:
pop esi

mov eax, 255

push esi
ret


I can reserve space,but cannot write to that space because it is in the code section. Trying to results in a protection error. So fixing at run time will not work. The pointer is basically it's own address +4. Then I can use the indirect form of call.

Only thing I can think of is self-modifying code. I dont know how to do that(I searched, but 'code' and 'modify' are very popular words here). Or a opertaor that I do not understan '$'. '$' has something to do with the present IP counter. '$' is probably my best bet, but I have seen no example code for even the systax of its use. Any other idea?

Thanks.
Posted on 2002-07-01 05:21:54 by ThoughtCriminal
Masm32 has a self modifying code example in one of the examples folder. It's called SMC. You can also get the linker settings to make the code section writable from there.
Posted on 2002-07-01 05:32:41 by Qweerdy
Yeah I just found a suggestion from f0dder in another thread to use VirtualAlloc.

Congradulations to all the board for their correct use of hypenated word forms. Searching for 'self-modifying' gave good results :alright:

So now my question is about VirtualAlloc:



BOOL VirtualProtect(
LPVOID lpAddress, // region of committed pages
SIZE_T dwSize, // size of the region
DWORD flNewProtect, // desired access protection
PDWORD lpflOldProtect // old protection
);


Alright, I know that hinstance is 4000000h and that the code section I will want to write to will start at 4001000h.(too many 0's?)

So lpAddress should be 4001000h?

dwSize - is this by 4096 byte increments? ie 4096,8192?

flNewProtect - PAGE_READWRITE?

lpflOldProtect - pointer to variable to restore once I'm done.

(Now to seach the board for VirtualAlloc.)

Thanks Qweerdy for the MASM32 tip.
Posted on 2002-07-01 06:00:11 by ThoughtCriminal
I once wrote this, to allow access to a section of my code.



lea edx, [esp -4]
push NULL
mov eax, offset start - offset data
invoke VirtualProtect, addr data, eax, PAGE_READWRITE, edx
pop edx


It creates some space on the stack for the pointer to the lpflOldProtect value, and pops it into edx at the end of the call.

So the result of the function is in eax, and the old protection value is in edx.

Mirno
Posted on 2002-07-01 06:09:03 by Mirno
ThoughtCriminal, Maybe, this will work?
foopointer dd offset @foo

; or: foopointer dd $ + 4
@foo:
pop esi

mov eax, 255

push esi
ret
Mirno,
    push NULL

invoke VirtualProtect,
offset data,
offset start - offset data, ; constant number
PAGE_READWRITE,
; only works because it is last parameter
; i.e. first put on stack
[b]esp[/b]
pop edx
:)
Posted on 2002-07-01 07:05:35 by bitRAKE
Thanks Bitrake!!

I had no idea how $ worked. Thanks for syntax example.

Thanks for VirtualAlloc sample too.:grin:
Posted on 2002-07-01 08:21:37 by ThoughtCriminal
VirtualAlloc when generating code or reading in from external sources.
VirtualProtect when you need to change something temporarily.
Linker flags if you either don't care, or need to patch code around
all the time.
Posted on 2002-07-01 17:53:41 by f0dder