- Find data somewhere on the stack - 1 Update
- cmsg cancel <fqudbg5da2dgv4nm26nni1jjfjg29ffuks@4ax.com> - 15 Updates
| Frederick Virchanza Gotham <cauldwell.thomas@gmail.com>: Apr 23 01:51PM -0700 The problem with arbitrarily pushing data onto the stack for it to be retrieved by some other function later on down the chain of function calls, is that each function in the chain of function calls may increment and decrement the stack pointer here and there, and so we won't know what offset to apply to the stack pointer in order to retrieve our data. They say that if you generate a 128-Bit random number, then it's a one of a kind and you don't have to worry about it ever being duplicated. So let's generate our own UUID: #define UUID "\x24\x31\x07\x26\x35\x2c\x4f\x9a\x99\x65\xe1\x10\x65\x62\x92\xcc" So if we push this UUID onto the stack, and then place our data right beside it on the stack, then later on we can search the stack for this UUID and we'll find our data right beside it. Now at first I was going to write x86_64 assembler to push an arbitrary number of bytes onto the stack, but that would malfunction if the compiler didn't use the frame pointer perfectly, which I don't think you're even guaranteed if you supply '-fno-omit-frame-pointer'. Luckily though, some compilers have a built-in function called 'alloca' which you can read about here: https://man7.org/linux/man-pages/man3/alloca.3.html So I'll use the function "__builtin_alloca" to decrement the stack pointer, I'll copy the UUID onto the stack along with my data, and then later on I can search for my UUID on the stack in order to retrieve the data which will be located right beside it. I got this working, here it is up on GodBolt: https://godbolt.org/z/ofYPc74Gc A week ago I shared some code here on comp.lang.c++ for how to write a thunk in machine code onto the stack and then execute the stack. Well, using the technique described in this post, we could instead look for the addresses of lambda objects on the stack without having to execute the stack. I'll write a new thunk generator tomorrow that uses this technique. Here's the contents of GodBolt copy-pasted: #include <cstddef> // size_t #include <cstring> // memcpy // The unique 128-Bit value we'll use to find our data on the stack #define UUID "\x24\x31\x07\x26\x35\x2c\x4f\x9a\x99\x65\xe1\x10\x65\x62\x92\xcc" extern "C" char *stack_pointer(void); // get the current value of the stack pointer // The following is an x86_64 assembler implementation // of a function to retrieve the current stack pointer __asm("stack_pointer: \n mov %rsp,%rax \n ret"); // The following function pushes any amount of bytes of data // onto the stack. It's implemented as a macro instead of a // real function because of the use of '__builtin_alloca'. // I have appended '_x8975w' to the name of every local variable // so that we don't get a name clash with the caller. #define push_onto_stack(arg_src,arg_count) \ do \ { \ using std::size_t; \ char const *const src_x8975w = (arg_src); \ size_t const count_x8975w = (arg_count); \ char *dst_x8975w = static_cast<char*>( \ __builtin_alloca(count_x8975w + 16u + sizeof(size_t))); \ std::memcpy(dst_x8975w, UUID, 16u); \ dst_x8975w += 16u; \ std::memcpy(dst_x8975w, &count_x8975w, sizeof count_x8975w); \ dst_x8975w += sizeof count_x8975w; \ std::memcpy(dst_x8975w, src_x8975w, count_x8975w); \ } while (false); char *retrieve_from_stack(std::size_t *const p = nullptr) __attribute__((no_sanitize_address)); char *retrieve_from_stack(std::size_t *const p) // amount of bytes retrieved goes in *p { char *sp = stack_pointer(); // Instead of simply using 'memcmp' which will // be intercepted by '-fsanitize' to flag a // stack-buffer-underflow, I have written a loop Loop: { while ( UUID[0] != *sp++ ) /* Do Nothing */; // ++sp because stack grows down on x86 for ( unsigned i = 1u; i < 16u; ++i, ++sp ) { if ( UUID[i] != *sp ) goto Loop; } } // If control reaches here, we found the UUID on the stack // Note: alignment for size_t is guaranteed by __builtin_alloca if ( nullptr != p ) *p = *static_cast<size_t const*>(static_cast<void const*>(sp)); sp += sizeof *p; return sp; } #include <iostream> using std::cout, std::endl; void Func3(void) { cout << "Hello from Func3\n"; size_t n; cout << "Retrieved data = '" << retrieve_from_stack(&n) << "', count bytes = " << n << endl; } void Func2(void) { cout << "Hello from Func2\n"; Func3(); } void Func(void) { cout << "Hello from Func\n"; Func2(); } int main(void) { push_onto_stack("Monkeys eat bananas", sizeof "Monkeys eat bananas"); Func(); } |
| Doctor Who <doc@tardis.org>: Apr 23 08:57PM +0200 Post in violation of terms-of-service cancelled by Sir Cancelot <cancelbot@eternal-september.org> From: Doctor Who <doc@tardis.org> Subject: Re: lamda-optimization Message-ID: <fqudbg5da2dgv4nm26nni1jjfjg29ffuks@4ax.com> Newsgroups: comp.lang.c++ |
| Doctor Who <doc@tardis.org>: Apr 23 08:57PM +0200 Post in violation of terms-of-service cancelled by Sir Cancelot <cancelbot@eternal-september.org> From: Doctor Who <doc@tardis.org> Subject: Re: lamda-optimization Message-ID: <0g5fbglkgur7er41qgvbto72d31ssm8siv@4ax.com> Newsgroups: comp.lang.c++ |
| Doctor Who <doc@tardis.org>: Apr 23 08:57PM +0200 Post in violation of terms-of-service cancelled by Sir Cancelot <cancelbot@eternal-september.org> From: Doctor Who <doc@tardis.org> Subject: Re: lamda-optimization Message-ID: <kh5ebg9difm5a9rp3btvk85c2oe60qtn6o@4ax.com> Newsgroups: comp.lang.c++ |
| Doctor Who <doc@tardis.org>: Apr 23 08:57PM +0200 Post in violation of terms-of-service cancelled by Sir Cancelot <cancelbot@eternal-september.org> From: Doctor Who <doc@tardis.org> Subject: Re: lamda-optimization Message-ID: <uiafbgt38f1fnhev1h2prvjuq01jhnt4qr@4ax.com> Newsgroups: comp.lang.c++ |
| Doctor Who <doc@tardis.org>: Apr 23 08:57PM +0200 Post in violation of terms-of-service cancelled by Sir Cancelot <cancelbot@eternal-september.org> From: Doctor Who <doc@tardis.org> Subject: Re: lamda-optimization Message-ID: <l43fbg92kfnb5o0ds0qrs9ealae23cbjs9@4ax.com> Newsgroups: comp.lang.c++ |
| Doctor Who <doc@tardis.org>: Apr 23 08:57PM +0200 Post in violation of terms-of-service cancelled by Sir Cancelot <cancelbot@eternal-september.org> From: Doctor Who <doc@tardis.org> Subject: Re: lamda-optimization Message-ID: <525fbg9ue4ice5h2930hmiff4l59lq3q7u@4ax.com> Newsgroups: comp.lang.c++ |
| Doctor Who <doc@tardis.org>: Apr 23 08:57PM +0200 Post in violation of terms-of-service cancelled by Sir Cancelot <cancelbot@eternal-september.org> From: Doctor Who <doc@tardis.org> Subject: Re: lamda-optimization Message-ID: <nvkebgp3pvkcmbet0auqe3clrjv4p8glcn@4ax.com> Newsgroups: comp.lang.c++ |
| Doctor Who <doc@tardis.org>: Apr 23 08:57PM +0200 Post in violation of terms-of-service cancelled by Sir Cancelot <cancelbot@eternal-september.org> From: Doctor Who <doc@tardis.org> Subject: Re: lamda-optimization Message-ID: <2r5fbg514knubm2mkr93p0qoq2119n91md@4ax.com> Newsgroups: comp.lang.c++ |
| Doctor Who <doc@tardis.org>: Apr 23 08:57PM +0200 Post in violation of terms-of-service cancelled by Sir Cancelot <cancelbot@eternal-september.org> From: Doctor Who <doc@tardis.org> Subject: Re: lamda-optimization Message-ID: <oktdbghqujenqb24g5h9rkk03peh375c55@4ax.com> Newsgroups: comp.lang.c++ |
| Doctor Who <doc@tardis.org>: Apr 23 08:57PM +0200 Post in violation of terms-of-service cancelled by Sir Cancelot <cancelbot@eternal-september.org> From: Doctor Who <doc@tardis.org> Subject: Re: Have you ever noticed ... Message-ID: <qotdbg9mkvkhe0obbmsvtgpnglld4vp3ls@4ax.com> Newsgroups: comp.lang.c++ |
| Doctor Who <doc@tardis.org>: Apr 23 08:57PM +0200 Post in violation of terms-of-service cancelled by Sir Cancelot <cancelbot@eternal-september.org> From: Doctor Who <doc@tardis.org> Subject: Re: lamda-optimization Message-ID: <gmafbgdc2m1dca657tbo7t8ih62uie19vp@4ax.com> Newsgroups: comp.lang.c++ |
| Doctor Who <doc@tardis.org>: Apr 23 08:57PM +0200 Post in violation of terms-of-service cancelled by Sir Cancelot <cancelbot@eternal-september.org> From: Doctor Who <doc@tardis.org> Subject: Re: lamda-optimization Message-ID: <91gfbghrjhvjmllsss0ubsjps5b2fpi66v@4ax.com> Newsgroups: comp.lang.c++ |
| Doctor Who <doc@tardis.org>: Apr 23 08:57PM +0200 Post in violation of terms-of-service cancelled by Sir Cancelot <cancelbot@eternal-september.org> From: Doctor Who <doc@tardis.org> Subject: Re: lamda-optimization Message-ID: <72gfbgt14j6tcf9q4b4anquohldnlftnbb@4ax.com> Newsgroups: comp.lang.c++ |
| Doctor Who <doc@tardis.org>: Apr 23 08:57PM +0200 Post in violation of terms-of-service cancelled by Sir Cancelot <cancelbot@eternal-september.org> From: Doctor Who <doc@tardis.org> Subject: Re: lamda-optimization Message-ID: <3sfebg1q4a3nivpvk4qauuv9uqnpe4ug8j@4ax.com> Newsgroups: comp.lang.c++ |
| Doctor Who <doc@tardis.org>: Apr 23 08:57PM +0200 Post in violation of terms-of-service cancelled by Sir Cancelot <cancelbot@eternal-september.org> From: Doctor Who <doc@tardis.org> Subject: Re: lamda-optimization Message-ID: <n1gfbg9etqs8fqfh582qivnd4rqvtchr4h@4ax.com> Newsgroups: comp.lang.c++ |
| You received this digest because you're subscribed to updates for this group. You can change your settings on the group membership page. To unsubscribe from this group and stop receiving emails from it send an email to comp.lang.c+++unsubscribe@googlegroups.com. |
No comments:
Post a Comment