C++ 在C+中将部件转换为机器代码+;
我寻找任何库或函数来将汇编代码字符串转换为机器代码, 例如:C++ 在C+中将部件转换为机器代码+;,c++,assembly,C++,Assembly,我寻找任何库或函数来将汇编代码字符串转换为机器代码, 例如: char asmString[] = {"mov eax,13H"}; byte[] output; // array of byte output = asm2mach(asmString); // {0xB8, 0x13, 0x00, 0x00, 0x00} 其动机是注入机器代码以在程序中调用asm函数。此注入主要有3个步骤:VirtualAllocEx、WriteProcessMemory和CreateRemoteThread
char asmString[] = {"mov eax,13H"};
byte[] output; // array of byte
output = asm2mach(asmString); // {0xB8, 0x13, 0x00, 0x00, 0x00}
bool injectAsm(const char* exeName,const byte* code, int size)
{
LPVOID allocAddr = NULL;
HANDLE ThreadProcess = NULL;
HANDLE hProcess = OpenProcessEasy(exeName);
allocAddr = VirtualAllocEx(hProcess, NULL, size, MEM_COMMIT, PAGE_READWRITE);
if(allocAddr){
if(WriteProcessMemory(hProcess, allocAddr, code, size, NULL)) {
ThreadProcess = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)allocAddr, NULL, 0, NULL);
WaitForSingleObject(ThreadProcess, INFINITE);
VirtualFreeEx(hProcess,allocAddr, 0, MEM_RELEASE);
CloseHandle(ThreadProcess);
return true;
}
}
if(allocAddr){
VirtualFreeEx(hProcess, allocAddr, 0, MEM_RELEASE);
}
return false;
}
int main()
{
byte code[] = {0xB8, 0x10, 0xED, 0x4A, 0x00, 0xFF, 0xD0, 0xC3, 0x90};
injectAsm("game.exe",code,sizeof(code));
system("pause");
return 0;
}
您应该定义您真正想要的: 是否要在运行时生成机器代码?然后使用诸如、或之类的库
asmjit备选,您应该考虑在运行时生成一些(例如)C代码,然后分叉编译,并在运行时动态加载和使用所得到的函数(例如,使用和<代码> DLSYM)。看
详细信息显然是操作系统和特定于处理器的。这里有一个项目,可以将一串汇编代码(英特尔或ARM)转换为相应的字节
它是用Objective-C编写的,但是源代码在那里。我希望这能有所帮助。我建议同时使用和。AsmTK是一个新项目,它使用AsmJit作为工具包,并在其上添加了额外的功能。注意,目前AsmTK需要asmjit:next分支工作,因为这是一个新功能 这是一个使用AsmTK解析某些asm的最小示例:
#include <stdio.h>
#include <stdlib.h>
#include <asmtk/asmtk.h>
using namespace asmjit;
using namespace asmtk;
static const char someAsm[] =
"test eax, eax\n"
"jz L1\n"
"mov eax, ebx\n"
"mov eax, 0xFFFFFFFF\n"
"pand mm0, mm1\n"
"paddw xmm0, xmm1\n"
"vpaddw ymm0, ymm1, ymm7\n"
"vaddpd zmm0 {k1}{z}, zmm1, [rax] {1tox}\n"
"L1:\n";
int main(int argc, char* argv[]) {
CodeHolder code;
// Here select the target architecture - either X86 or X64.
code.init(CodeInfo(Arch::kTypeX64));
X86Assembler a(&code);
AsmParser p(&a);
Error err = p.parse(someAsm);
if (err) {
printf("ERROR: %0.8x (%s)\n", err, DebugUtils::errorAsString(err));
return 1;
}
// The machine-code is now stored in CodeHolder's first section:
code.sync();
CodeBuffer& buffer = code.getSection(0)->buffer;
// You can do whatever you need with the buffer:
uint8_t* data = buffer.data;
size_t length = buffer.length;
return 0;
}
我建议将此类功能包装到一个新的RemoteRuntime中,使其成为一个简单的函数调用,如果需要,我可以提供帮助。我没有函数,但是。。如果您使用套接字向该站点发送请求,我想它可能会起作用:我使用该站点将操作码转换为二进制表示(字节)。否则,我就没有主意了。注意:asm是一个保留关键字。另外,您的asm(
moveax,0x13{0xB8,0x13,0x00,0x00,0x00}记住 ASM可以是关键字。对布兰登:我知道这个站点,但是我想让一些C++ LIB在运行时转换它们。丹尼尔:是的,你说得对!我改了。你真的应该编辑你的问题,以提供更多的背景和动机。你用的是什么编译器,什么操作系统?您正在编写什么样的软件?链接的项目需要执行shell脚本,这需要安装第三方汇编程序才能工作。此外,它似乎在标签方面存在一些问题。
bool addToRemote(HPROCESS hRemoteProcess, CodeHolder& code) {
// VMemMgr is AsmJit's low-level VM manager.
VMemMgr vm(hRemoteProcess);
// This will tell `vm` to not destroy allocated blocks when it
// gets destroyed.
vm.setKeepVirtualMemory(true);
// Okay, suppose we have the CodeHolder from previous example.
size_t codeSize = code.getCodeSize();
// Allocate a permanent memory of `hRemoteProcess`.
uint64_t remoteAddr = (uint64_t)
vm.alloc(codeSize, VMemMgr::kAllocPermanent);
// Temporary buffer for relocation.
uint8_t* tmp = ::malloc(code.getCodeSize());
if (!tmp) return false;
// First argument is where to relocate the code (it must be
// current's process memory), second argument is the base
// address of the relocated code - it's the remote process's
// memory. We need `tmp` as it will temporarily hold code
// that we want to write to the remote process.
code.relocate(tmp, remoteAddr);
// Now write to the remote process.
SIZE_T bytesWritten;
BOOL ok = WriteProcessMemory(
hRemoteProcess, (LPVOID)remoteMem, tmp, codeSize, &bytesWritten);
// Release temporary resources.
::free(tmp);
// Now the only thing needed is the CreateRemoteThread thingy...
return ok;
}