Machine code: Difference between revisions

From Rosetta Code
Content added Content deleted
(added sbcl and clisp)
No edit summary
Line 30: Line 30:
NumPut("0x" . SubStr(hex, 2 * A_Index - 1, 2), code, A_Index - 1, "Char")
NumPut("0x" . SubStr(hex, 2 * A_Index - 1, 2), code, A_Index - 1, "Char")
}</lang>
}</lang>

=={{header|BBC BASIC}}==
{{works with|BBC BASIC for Windows}}
'''Note''' that ''BBC BASIC for Windows'' includes an 80386/80486 assembler as standard!

<lang bbcbasic> REM Claim 9 bytes of memory
SYS "GlobalAlloc",0,9 TO code%

REM Poke machine code into it
P%=code%
[OPT 0
mov EAX, [ESP+4]
add EAX, [ESP+8]
ret
]

REM Run code
SYS code%,7,12 TO result%
PRINT result%

REM Free memory
SYS "GlobalFree",code%
END</lang>


=={{header|C}}==
=={{header|C}}==

Revision as of 21:08, 13 November 2014

Task
Machine code
You are encouraged to solve this task according to the task description, using any language you may know.

The task requires poking machine code directly into memory and executing it. This is strictly for x86 (32 bit) architectures. The machine code is the opcodes of the following simple program:

<lang asm>mov EAX, [ESP+4] add EAX, [ESP+8] ret</lang>

which translates into the following opcodes: (139 68 36 4 3 68 36 8 195) and in Hex this would correspond to the following: ("8B" "44" "24" "4" "3" "44" "24" "8" "C3")

Implement the following in your favorite programming language (take the common lisp code as an example if you wish):

  1. Poke the above opcodes into a memory pointer
  2. Excute it with the following arguments: [ESP+4] => unsigned-byte argument of value 7; [ESP+8] => unsigned-byte argument of value 12; The result would be 19.
  3. Free the Pointer

AutoHotkey

<lang AutoHotkey>MCode(Var, "8B44240403442408C3") MsgBox, % DllCall(&Var, "Char",7, "Char",12) Var := "" return

http://www.autohotkey.com/board/topic/19483-machine-code-functions-bit-wizardry/

MCode(ByRef code, hex) { ; allocate memory and write Machine Code there 

  VarSetCapacity(code, StrLen(hex) // 2)
  Loop % StrLen(hex) // 2
     NumPut("0x" . SubStr(hex, 2 * A_Index - 1, 2), code, A_Index - 1, "Char")

}</lang>

BBC BASIC

Works with: BBC BASIC for Windows

Note that BBC BASIC for Windows includes an 80386/80486 assembler as standard!

<lang bbcbasic> REM Claim 9 bytes of memory 

     SYS "GlobalAlloc",0,9 TO code%

     REM Poke machine code into it
     P%=code%
     [OPT 0
     mov EAX, [ESP+4]
     add EAX, [ESP+8]
     ret
     ]

     REM Run code
     SYS code%,7,12 TO result%
     PRINT result%

     REM Free memory
     SYS "GlobalFree",code%
     END</lang>

C

<lang C>#include <stdio.h>

  1. include <sys/mman.h>
  2. include <string.h>

int test (int a, int b) { 

 /*
      mov EAX, [ESP+4]
      add EAX, [ESP+8]
      ret
 */
 char code[] = {0x8B, 0x44, 0x24, 0x4, 0x3, 0x44, 0x24, 0x8, 0xC3};
 void *buf;
 int c;
 /* copy code to executable buffer */
 buf = mmap (0,sizeof(code),PROT_READ|PROT_WRITE|PROT_EXEC,
            MAP_PRIVATE|MAP_ANON,-1,0);

 memcpy (buf, code, sizeof(code));
 /* run code */
 c = ((int (*) (int, int))buf)(a, b);
 /* free buffer */
 munmap (buf, sizeof(code));
 return c;

}

int main () { 

 printf("%d\n", test(7,12));
 return 0;

}</lang>

Common Lisp

<lang lisp>;;Note that by using the 'CFFI' library, one can apply this procedure portably in any lisp implementation;

in this code however I chose to demonstrate only the implementation-dependent programs.
CCL
Allocate a memory pointer and poke the opcode into it

(defparameter ptr (ccl::malloc 9))

(loop for i in '(139 68 36 4 3 68 36 8 195) 

  for j from 0 do
  (setf (ccl::%get-unsigned-byte ptr j) i))
Execute with the required arguments and return the result as an unsigned-byte

(ccl::ff-call ptr :UNSIGNED-BYTE 7 :UNSIGNED-BYTE 12 :UNSIGNED-BYTE)

Output = 19
Free the pointer

(ccl::free ptr)

SBCL

(defparameter mmap (list 139 68 36 4 3 68 36 8 195))

(defparameter pointer (sb-alien:make-alien sb-alien:unsigned-char (length mmap)))

(defparameter callp (loop FOR i FROM 0 BELOW (length mmap) do (setf (sb-alien:deref pointer i) (elt mmap i)) finally (return (sb-alien:cast pointer (function integer integer integer)))))

(sb-alien:alien-funcall callp 7 12)

(loop for i from 0 below 18 collect (sb-alien:deref ptr i))

(sb-alien:free-alien pointer)

CLISP

(defparameter mmap (list 139 68 36 4 3 68 36 8 195))

(defparameter POINTER (FFI:FOREIGN-ADDRESS (FFI:FOREIGN-ALLOCATE 'FFI:UINT8 :COUNT 9)))

(loop for i in mmap 

  for j from 0 do
  (FUNCALL #'(SETF FFI:MEMORY-AS) i POINTER 'FFI:INT j))

(FUNCALL 

(FFI:FOREIGN-FUNCTION POINTER

(LOAD-TIME-VALUE (FFI:PARSE-C-TYPE '(FFI:C-FUNCTION (:ARGUMENTS 'FFI:INT 'FFI:INT) (:RETURN-TYPE FFI:INT) (:LANGUAGE :STDC))))) 

7 12)

(FFI:FOREIGN-FREE POINTER) </lang>

Nimrod

Translation of: C

<lang nimrod>import posix

when defined(macosx) or defined(bsd): 

 const MAP_ANONYMOUS = 0x1000

elif defined(solaris): 

 const MAP_ANONYMOUS = 0x100

else: 

 var
   MAP_ANONYMOUS {.importc: "MAP_ANONYMOUS", header: "<sys/mman.h>".}: cint

proc test(a, b: cint): cint = 

 # mov EAX, [ESP+4]
 # add EAX, [ESP+8]
 var code = [0x8B'u8, 0x44, 0x24, 0x4, 0x3, 0x44, 0x24, 0x8, 0xC3]

 # create executable buffer
 var buf = mmap(nil, sizeof(code), PROT_READ or PROT_WRITE or PROT_EXEC,
   MAP_PRIVATE or MAP_ANONYMOUS, -1, 0)

 # copy code to buffer
 copyMem(addr buf, addr code[0], sizeof(code))

 # run code
 {.emit: "`result` = ((int (*) (int, int))&`buf`)(`a`,`b`);".}

 # free buffer
 discard munmap(buf, sizeof(code))

echo test(7, 12)</lang>

PARI/GP

GP can't peek and poke into memory, but PARI can add in those capabilities via C.

Translation of: C

<lang c>#include <stdio.h>

  1. include <sys/mman.h>
  2. include <string.h>
  3. include <pari/pari.h>

int test(int a, int b) { 

 char code[] = {0x8B, 0x44, 0x24, 0x4, 0x3, 0x44, 0x24, 0x8, 0xC3};
 void *buf;
 int c;
 /* copy code to executable buffer */
 buf = mmap (0,sizeof(code),PROT_READ|PROT_WRITE|PROT_EXEC,
            MAP_PRIVATE|MAP_ANON,-1,0);

 memcpy (buf, code, sizeof(code));
 /* run code */
 c = ((int (*) (int, int))buf)(a, b);
 /* free buffer */
 munmap (buf, sizeof(code));
 return c;

}

void init_auto(void) { 

 pari_printf("%d\n", test(7,12));
 return 0;

}</lang>

Tcl

Translation of: C
Library: Critcl

<lang tcl>package require critcl

critcl::ccode { 

   #include <sys/mman.h>

}

  1. Define a command using C. The C is embedded in Tcl, and will be
  2. built into a shared library at runtime. Note that Tcl does not
  3. provide a native way of doing this sort of thing; this thunk is
  4. mandatory.

critcl::cproc runMachineCode {Tcl_Obj* codeObj int a int b} int { 

   int size, result;
   unsigned char *code = Tcl_GetByteArrayFromObj(codeObj, &size);
   void *buf;

   /* copy code to executable buffer */
   buf = mmap(0, (size_t) size, PROT_READ|PROT_WRITE|PROT_EXEC,
           MAP_PRIVATE|MAP_ANON, -1, 0); 
   memcpy(buf, code, (size_t) size);
   /* run code */
   result = ((int (*) (int, int)) buf)(a, b);
   /* dispose buffer */
   munmap(buf, (size_t) size);

   return result;

}

  1. But now we have our thunk, we can execute arbitrary binary blobs

set code [binary format c* {0x8B 0x44 0x24 0x4 0x3 0x44 0x24 0x8 0xC3}] puts [runMachineCode $code 7 12]</lang> Note that it would be more common to put that thunk in its own package (e.g., machineCodeThunk) and then just do something like this: <lang tcl>package require machineCodeThunk 1.0

set code [binary format c* {0x8B 0x44 0x24 0x4 0x3 0x44 0x24 0x8 0xC3}] puts [runMachineCode $code 7 12]</lang>

Retrieved from "https://rosettacode.org/wiki/Machine_code?oldid=237680"