Gah, I just remembered I still need to finish my kernel patch to allow for the mmaping of /proc/[PID]/mem

You don't really need to know why I needed that to understand why it's an awful idea, but that's not going to stop me.

@lethalbit I mean like, that's so fucking fun, but holy shit why

@kurisu So I've got this fun little ffi-like library I've written that lets you call any function in memory as long as you know the address and have a general idea of its parameters.

So like `callf(0x07FEEDBEF, "%s%d", "Hello World", 1337)` right?

Well, it occurred to me that using that, I could map any arbitrary process memory into mine as a host and just kinda make use of its internals while it's running.


@lethalbit the problem is getting the other program mapped at the correct base address without conflicts. With PIC you can use random executables functions, but as soon as you start using it's heap you need to map to the same addresses. ASLR helps a lot with avoiding conflicts with that but mmaps base address argument is only a hint.

@kurisu Yeah, there is no doubt a lot of issues with it, and with some clever trickery it'd be possible to align everything properly.

I just thought it'd be a fun side experiment, not like It'd be useful for anything or I'd push the patch upstream.


@lethalbit also why not just cast the function address to a function pointer? Do you need to dynamically provide arguments (I guess this is useful for some kind of repl)

@kurisu you can cast it to a function pointer but you need to know the signature of the function at compile time in that case.

callf was designed not for a REPL per-say but to not need any compile time information about the target being called, it's all runtime.

This includes spitting out the proper machine code at runtime to handle the call.

@lethalbit do you write out machine code on the fly?? Or just some asm to get the calling convention done and possibly put the args in the stack

@kurisu The only way to get it to work as flexibly as I want is to write it on the fly. (well, not the *only* way, but it's more fun this way)

@lethalbit it doesn't seem all to necessary to me, just write some code to push args onto the stack, then have some generic asm which saves then sets the registers and jumps to the pointer

@kurisu Well, it depends on the calling convention and ABI among other things, while it's possible to do it all statically with some boilerplate asm that wouldn't be as much fun.

@lethalbit and yeah, I get it. It is useless if you use a hardcoded string as the argument to callf though :)

@kurisu I mean, that was an example, you could pull everything from stdin if you *really* wanted to.

Eh, it's just fun.

Sign in to participate in the conversation

Welcome to your niu world ! We are a cute and loving international community O(≧▽≦)O !
We are a moderated instance, that aren't supporting harassment nor hateful speech. But we aren't a "safe" space, we won't prevent you to interact with instances that aren't respecting our rules.
"Be conservative in what you send and liberal in what you receive." - Netiquette
The main language used here is English, but for most of us this isn't our main language, so it's a great place to learn!