mising chars and ints in initializers or assigments

Discussion:

(too old to reply)

fir

2017-08-19 15:39:44 UTC

i got such piece of code

char code[32] = {
0x6a, 0x00, //push 0
0x68, 0x00, 0x30, 0x40, 0x00, // push title
0x68, 0x1a, 0x30, 0x40, 0x00, // push caption
0x6a, 0x00, // push 0
0xff, 0x15, 0x70, 0x20, 0x40, 0x00, // call massageboxa
0x6a, 0x00, //push 0
0xff, 0x15, 0x68, 0x20, 0x40, 0x00, // call exit process
0x00,
0x00,
0x00,
0x00};

it would be much more handy to write something like that instead

char code[32] = {
0x6a, 0x00, //push 0
0x68, 0x00403000, // push title
0x68, 0x0040301a, // push caption
0x6a, 0x00, // push 0
0xff, 0x15, 0x00402070, // call massageboxa
0x6a, 0x00, //push 0
0xff, 0x15, 0x00402068, // call exit process
0x00,
0x00,
0x00,
0x00};

can i get something like that in c?

(yet better it woul be to have

int title = 0x00403000;
int caption = 0x0040301a;
int messageboxa = 0x00402070;
int exitprocess = 0x00402068;

char code[32] = {
0x6a, 0x00, //push 0
0x68, title , // push title
0x68, caption, // push caption
0x6a, 0x00, // push 0
0xff, 0x15, messagebox , // call massageboxa
0x6a, 0x00, //push 0
0xff, 0x15, exitprocess , // call exit process
0x00,
0x00,
0x00,
0x00};

xan i get comething like that?

if no maybe some other option? (it could be assigment even copy (some vsprintf syntax?) though assignment better yet it could be initialiser too, whats important is short syntax)

bartc

2017-08-19 16:01:58 UTC

Permalink

Post by fir
i got such piece of code
char code[32] = {
0x6a, 0x00, //push 0
0x68, 0x00, 0x30, 0x40, 0x00, // push title
0x68, 0x1a, 0x30, 0x40, 0x00, // push caption
0x6a, 0x00, // push 0
0xff, 0x15, 0x70, 0x20, 0x40, 0x00, // call massageboxa
0x6a, 0x00, //push 0
0xff, 0x15, 0x68, 0x20, 0x40, 0x00, // call exit process
0x00,
0x00,
0x00,
0x00};
it would be much more handy to write something like that instead
char code[32] = {
0x6a, 0x00, //push 0
0x68, 0x00403000, // push title
0x68, 0x0040301a, // push caption
0x6a, 0x00, // push 0
0xff, 0x15, 0x00402070, // call massageboxa
0x6a, 0x00, //push 0
0xff, 0x15, 0x00402068, // call exit process
0x00,
0x00,
0x00,
0x00};
can i get something like that in c?
(yet better it woul be to have
int title = 0x00403000;
int caption = 0x0040301a;
int messageboxa = 0x00402070;
int exitprocess = 0x00402068;
char code[32] = {
0x6a, 0x00, //push 0
0x68, title , // push title
0x68, caption, // push caption
0x6a, 0x00, // push 0
0xff, 0x15, messagebox , // call massageboxa
0x6a, 0x00, //push 0
0xff, 0x15, exitprocess , // call exit process
0x00,
0x00,
0x00,
0x00};
xan i get comething like that?
if no maybe some other option? (it could be assigment even copy (some vsprintf syntax?) though assignment better yet it could be initialiser too, whats important is short syntax)

For constant numbers you can try something like this:

#define tobytes(x) x&255, (x>>8)&255, (x>>16)&255, (x>>24)&255

char A[]={0x77,tobytes(0x12345678),0x88};

That will let you specify four separate byte values as one 32-bit value
(but watch the ordering).

But if the sequence is variable length, or refers to external addresses
not known at compile-time, then it's not so easy.

--
bartc

fir

2017-08-19 16:11:10 UTC

Permalink

Post by bartc

#define tobytes(x) x&255, (x>>8)&255, (x>>16)&255, (x>>24)&255
char A[]={0x77,tobytes(0x12345678),0x88};
That will let you specify four separate byte values as one 32-bit value
(but watch the ordering).
But if the sequence is variable length, or refers to external addresses
not known at compile-time, then it's not so easy.

well that should work but it violates my role of not using macros (i never use 'em)
some one is sure no any 'normal' way avaliable here?

something with prefixes/sufixes
char x[] = {1B,1L,1S,1B,1I,1U,1S}
//like here it coule be byte int long short unsigned etc
or something other ?

fir

2017-08-19 16:13:14 UTC

Permalink

Post by fir

Post by bartc

well that should work but it violates my role of not using macros (i never use 'em)
some one is sure no any 'normal' way avaliable here?
something with prefixes/sufixes
char x[] = {1B,1L,1S,1B,1I,1U,1S}
//like here it coule be byte int long short unsigned etc
or something other ?

ps yet in fact i would need to mix also strings with that,

char x[] = {0,0, "alice", 0,0,0, (int) 2000, (short) 2000, "bob" );

something about that?

bartc

2017-08-19 18:05:41 UTC

Permalink

Post by fir

Post by fir
well that should work but it violates my role of not using macros (i never use 'em)
some one is sure no any 'normal' way avaliable here?
something with prefixes/sufixes
char x[] = {1B,1L,1S,1B,1I,1U,1S}
//like here it coule be byte int long short unsigned etc
or something other ?

I doubt it. The problem is that you're populating an array that you said
is a sequence of 8-bit values, so every element will be converted to a
char type.

Post by fir
ps yet in fact i would need to mix also strings with that,
char x[] = {0,0, "alice", 0,0,0, (int) 2000, (short) 2000, "bob" );
something about that?

Only if this was fixed, then you could define a struct with fields in
exactly this pattern: byte, byte, char*, byte, etc.

But there might be a way if you are prepared to set up the data at
runtime, but it's fiddly:

#include <stdio.h>

typedef struct {
char valuetype;
void* value;
} instr;

int main(void) {
instr code[] = {
{'B', 0},
{'B', 0},
{'P', "alice"},
{'B', 0},
{'B', 0},
{'B', 0},
{'I', (void*)2000},
{'S', (void*)2000},
{'P', "bob"},
{0, 0}
};
unsigned char data[1000];
unsigned char* pdata;
void* ptr;
long long int value;
int i,datasize,temp;

pdata=data;

for (i=0; i<sizeof(code)/sizeof(code[0]); ++i) {
ptr=code[i].value;
value=(long long int)ptr;

switch (code[i].valuetype) {
case 'B':
*pdata++ = value;
break;
case 'S':
*pdata++ = value & 255;
*pdata++ = value>>8;
break;
case 'I':
for(temp=0; temp<4; ++temp) {// repeat 4 times
*pdata++ = value;
value>>=8;
}
break;
case 'P':
for(temp=0; temp<8; ++temp) {// repeat 8 times FOR 64-BIT PTRS
*pdata++ = value;
value>>=8;
}
break;
}
}

*pdata++=0x90; // nop
datasize=pdata-data;

for (i=0; i<datasize; ++i) printf("%02X ",data[i]);
puts("");
}

--
bartc

Ben Bacarisse

2017-08-19 18:51:36 UTC

Permalink

<snip>

Post by bartc

Post by fir
ps yet in fact i would need to mix also strings with that,
char x[] = {0,0, "alice", 0,0,0, (int) 2000, (short) 2000, "bob" );

<snip>

Post by bartc
But there might be a way if you are prepared to set up the data at
#include <stdio.h>
typedef struct {
char valuetype;
void* value;
} instr;
int main(void) {
instr code[] = {
{'B', 0},
{'B', 0},
{'P', "alice"},
{'B', 0},
{'B', 0},
{'B', 0},
{'I', (void*)2000},
{'S', (void*)2000},

Or maybe this:

{'I', &(int){2000}},
{'S', &(short){2000}},

might be closer to the intent. But the "char x[]" part suggests that a
packed memory area is what's wanted more like this:

char x[] = "\0\0alice\0\0\0\xd0\x07\x00\x00\xd0\x07bob";

possibly with length in the []s so as to remove the trailing null byte.

If your macro were altered to generate a string literal, you could use
that to generate the bytes for the int (and another would be needed for
the short).

Post by bartc
{'P', "bob"},
{0, 0}
};

<snip>

--
Ben.

fir

2017-08-19 19:32:18 UTC

Permalink

Post by Ben Bacarisse
<snip>

Post by bartc

Post by fir
ps yet in fact i would need to mix also strings with that,
char x[] = {0,0, "alice", 0,0,0, (int) 2000, (short) 2000, "bob" );

<snip>

{'I', &(int){2000}},
{'S', &(short){2000}},
might be closer to the intent. But the "char x[]" part suggests that a
char x[] = "\0\0alice\0\0\0\xd0\x07\x00\x00\xd0\x07bob";
possibly with length in the []s so as to remove the trailing null byte.
If your macro were altered to generate a string literal, you could use
that to generate the bytes for the int (and another would be needed for
the short).

Post by bartc
{'P', "bob"},
{0, 0}
};

<snip>
--
Ben.

i need it to make some codes shorter

check the code down below - this is code that flushes .idata (imports data) in exe file

in my exe this is stored at exe file offset 0x400 but in virtual memory it is stored at "base + 0x2000" - in the exe files those 0x2000 offsets are used as equivalent of 'pointers'

this code is so ugly and 'hardcoded'
as those was as i remember my outcome of partially reading the docs and partially reversee engeenering of exe binary of asembler or compiler - i wanted to code it fixed to only check if it just works (it works)

in this code it is code for embedding two import functions ExitProcess form kernel32.dll and MessageBoxA form user32 dll

////////////////////////////////////////////////////////////////////////////
///////////////////////IMPORTS /////////////////////////////
////////////////////// IAT /////////////////////////////

fseek( file, 0x400, SEEK_SET );

//0400

IMAGE_IMPORT_DESCRIPTOR kernel32desc= {0};
kernel32desc.OriginalFirstThunk = 0x203c; // ordinal-name pointer table
kernel32desc.Name = 0x2078; //dll name
kernel32desc.FirstThunk = 0x2068; //imp_pointers table

IMAGE_IMPORT_DESCRIPTOR user32desc= {0};
user32desc.OriginalFirstThunk = 0x2044; // ordinal-name pointer table
user32desc.Name = 0x2085; //dll name
user32desc.FirstThunk = 0x2070; //imp_pointers table

IMAGE_IMPORT_DESCRIPTOR empty_desc= {0};
//

//////////////////////////////////

//0x203c
int kernel32_hintname =0x204c;
int h0 = 0;
//44
int user32_hintname =0x205a;
int h1 = 0;

// 4c
short hnexitprocess = 0;
//4e
char a1[] = "ExitProcess";
//5a
short hnMessageBoA = 0;
//5c
char a2[] = "MessageBoxA";

//68
int imp_ExitProcess = 0x204c ;
int i0 = 0;
int imp_MessageBoxA = 0x205a ;
int i1 = 0;
//2078
char kernel32[] = "kernel32.dll";
//2085
char user32[] = "user32.dll";

fwrite((char*)&kernel32desc, 1, sizeof(kernel32desc), file);
fwrite((char*)&user32desc, 1, sizeof(user32desc), file);
fwrite((char*)&empty_desc, 1, sizeof(empty_desc), file);

fwrite((char*)&kernel32_hintname, 1, 4, file);
fwrite((char*)&h0, 1, 4, file);
fwrite((char*)&user32_hintname, 1, 4, file);
fwrite((char*)&h1, 1, 4, file);

fwrite((char*)&hnexitprocess, 1, 2, file);
fwrite((char*)a1, 1, sizeof(a1), file);
fwrite((char*)&hnMessageBoA, 1, 2, file);
fwrite((char*)a2, 1, sizeof(a2), file);

fwrite((char*)&imp_ExitProcess, 1, 4, file);
fwrite((char*)&i0, 1, 4, file);
fwrite((char*)&imp_MessageBoxA, 1, 4, file);
fwrite((char*)&i1, 1, 4, file);

fwrite((char*)kernel32, 1, sizeof(kernel32), file);
fwrite((char*)user32, 1, sizeof(user32), file);

if someone got time tell me how write it shorter (i was not yet thinking on this) - and this code is only a metter of living binary experiments with exes ;c

fir

2017-08-19 19:41:27 UTC

Permalink

this code above as i said (but may repeat) essentially flushes all needed
contents of .idata exe section (here bytes fron 0x400 to 0x600 in exe file)
though it onlu flushes 2 functions
from 2 modules in general it will be
more of symbols and modules

i need 2 cases -

1) code it in fixed way
(i mean i will know names of modules and functions and just need to write it down in code that will fwrite it to exe quick and short way) [some propositions?]

2) code it in less fixed what where i
would have input table of possibly
any "module-name" "function-name" pairs and will need to flush it programatically as an .idata section contents to disk

its not so hard but any help still apreciated and if someone would like to write its own assembler (exe-maker)
i can also provide some help as i did some work already - so it may be usefull for not only me but anybody
who like to know internals

yo

fir

2017-08-19 20:52:45 UTC

Permalink

Post by fir

Post by Ben Bacarisse
<snip>

Post by bartc

Post by fir
ps yet in fact i would need to mix also strings with that,
char x[] = {0,0, "alice", 0,0,0, (int) 2000, (short) 2000, "bob" );

<snip>

Post by bartc
{'P', "bob"},
{0, 0}
};

<snip>
--
Ben.

i need it to make some codes shorter
check the code down below - this is code that flushes .idata (imports data) in exe file
in my exe this is stored at exe file offset 0x400 but in virtual memory it is stored at "base + 0x2000" - in the exe files those 0x2000 offsets are used as equivalent of 'pointers'
this code is so ugly and 'hardcoded'
as those was as i remember my outcome of partially reading the docs and partially reversee engeenering of exe binary of asembler or compiler - i wanted to code it fixed to only check if it just works (it works)
in this code it is code for embedding two import functions ExitProcess form kernel32.dll and MessageBoxA form user32 dll
////////////////////////////////////////////////////////////////////////////
///////////////////////IMPORTS /////////////////////////////
////////////////////// IAT /////////////////////////////
fseek( file, 0x400, SEEK_SET );
//0400
IMAGE_IMPORT_DESCRIPTOR kernel32desc= {0};
kernel32desc.OriginalFirstThunk = 0x203c; // ordinal-name pointer table
kernel32desc.Name = 0x2078; //dll name
kernel32desc.FirstThunk = 0x2068; //imp_pointers table
IMAGE_IMPORT_DESCRIPTOR user32desc= {0};
user32desc.OriginalFirstThunk = 0x2044; // ordinal-name pointer table
user32desc.Name = 0x2085; //dll name
user32desc.FirstThunk = 0x2070; //imp_pointers table
IMAGE_IMPORT_DESCRIPTOR empty_desc= {0};
//
//////////////////////////////////
//0x203c
int kernel32_hintname =0x204c;
int h0 = 0;
//44
int user32_hintname =0x205a;
int h1 = 0;
// 4c
short hnexitprocess = 0;
//4e
char a1[] = "ExitProcess";
//5a
short hnMessageBoA = 0;
//5c
char a2[] = "MessageBoxA";
//68
int imp_ExitProcess = 0x204c ;
int i0 = 0;
int imp_MessageBoxA = 0x205a ;
int i1 = 0;
//2078
char kernel32[] = "kernel32.dll";
//2085
char user32[] = "user32.dll";
fwrite((char*)&kernel32desc, 1, sizeof(kernel32desc), file);
fwrite((char*)&user32desc, 1, sizeof(user32desc), file);
fwrite((char*)&empty_desc, 1, sizeof(empty_desc), file);
fwrite((char*)&kernel32_hintname, 1, 4, file);
fwrite((char*)&h0, 1, 4, file);
fwrite((char*)&user32_hintname, 1, 4, file);
fwrite((char*)&h1, 1, 4, file);
fwrite((char*)&hnexitprocess, 1, 2, file);
fwrite((char*)a1, 1, sizeof(a1), file);
fwrite((char*)&hnMessageBoA, 1, 2, file);
fwrite((char*)a2, 1, sizeof(a2), file);
fwrite((char*)&imp_ExitProcess, 1, 4, file);
fwrite((char*)&i0, 1, 4, file);
fwrite((char*)&imp_MessageBoxA, 1, 4, file);
fwrite((char*)&i1, 1, 4, file);
fwrite((char*)kernel32, 1, sizeof(kernel32), file);
fwrite((char*)user32, 1, sizeof(user32), file);
if someone got time tell me how write it shorter (i was not yet thinking on this) - and this code is only a metter of living binary experiments with exes ;c

BTW i made some thinking and what it come form this thinking temorarely is:

INPUT - input probably should go in a way like this

char* module_names[] = {"kernel32.dll", "user32.dll", "msvcrt.dll"};
char* function_names[] = {"ExitProcess", "MessageBoxA", "printf", "fwrite", "fread", "fopen", "flose" };

int2 module_function_list[] = {{0,0}, {1,1}, {2,2}, {2,3}, {2,4}, {2,5}, {2,6} };

OUTPUT - things need to be done probably should be like this

- save module names list
- save hint-function-names list

- save function names pointers lists
- save IAT (name-pointers pointer) list

- save module 'descriptors' (records)

those are not much hard operations (if im not wrong seeing this)so maybe in next step i will do that

(it could be especially easier if i dont need to track position but assume names are say not longer than 32 chars and store/adres it lie some_base + n*32 way (wasting a bit of exe space, which i dont care to much now)

Keith Thompson

2017-08-22 04:27:52 UTC

Permalink

Post by bartc

I doubt it. The problem is that you're populating an array that you said
is a sequence of 8-bit values, so every element will be converted to a
char type.

More correctly, he's populating an array that is a sequence of char
values, so every element will be converted to type char (not to any
other character type, just char).

[...]

--
Keith Thompson (The_Other_Keith) kst-***@mib.org <http://www.ghoti.net/~kst>
Working, but not speaking, for JetHead Development, Inc.
"We must do something. This is something. Therefore, we must do this."
-- Antony Jay and Jonathan Lynn, "Yes Minister"

Chad

2017-08-26 21:52:37 UTC

Permalink

I don't like having comments on the same line as the code because some debuggers add the value of the variable on the same line of code.

fir

2017-08-27 12:42:41 UTC

Permalink

Post by Keith Thompson

Post by bartc

I doubt it. The problem is that you're populating an array that you said
is a sequence of 8-bit values, so every element will be converted to a
char type.

More correctly, he's populating an array that is a sequence of char
values, so every element will be converted to type char (not to any
other character type, just char).
[...]

if so this is bad imo, initialisers
in c should be extended to work more handy

option is however in that case

char a[10] = { 0, 100000, 0 };
char a[10] = { 0, (int) 100000, 0 };
char a[10] = (char) 100000;

do that should convert 100000 to one char? if that should convert to 3 or 4 of them it may be misleading
so maybe some explicit cast should be added

char a[10] = { 0, (char[]) (int) 100000, 0 };

char a[10] = { 0, (chars) (int) 100000, 0 };

chars looks better , int is needed to know the size of that number

well dont matter now

fir

2017-08-27 10:33:05 UTC

Permalink

* sorry, in title should be 'mixing' (typo)