Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 11-03-2007, 21:34
yaa
 
Posts: n/a
Question Calculating the size in bytes of a C++ function

Hello,

I'm writing a little proggie that injects code inside a running process without using the DLL loading approach and I got to the point of code injection itself and here an issue arises ... calculating how big my piece of code is. Obviously how the compiler lays out the code inside your binary may play a role depending on how you try to calculate the size ...

Anyhow, I seem to be able to calculate a size that is always greater than the real size ... so this would be enough for it to work but I was wondering if there is any nice trick C/C++ gurus may suggest.

Obviously I could check how many bytes this function gets compiled into using a disassembler or a debugger ... but doing everything directly from the IDE editor and using C/C++ code would be so much better!!

yaa

Last edited by yaa; 11-04-2007 at 00:31.
Reply With Quote
  #2  
Old 11-03-2007, 22:14
evlncrn8 evlncrn8 is offline
VIP
 
Join Date: Sep 2005
Posts: 179
Rept. Given: 36
Rept. Rcvd 54 Times in 24 Posts
Thanks Given: 49
Thanks Rcvd at 117 Times in 69 Posts
evlncrn8 Reputation: 54
exports, is a quick and dirty way...

make an export above your proc 'proc start'
make an export below your proc 'proc end'
end - start = size

tons of ways to do it really
Reply With Quote
  #3  
Old 11-04-2007, 00:22
yaa
 
Posts: n/a
Above and below have very relative meanings ...
Above and below where? In source code? And what are you suggesting, to export a function before and one after and calculate the difference to get the size?

How about sharing someone else of those *tons of ways*?


yaa
Reply With Quote
  #4  
Old 11-04-2007, 02:31
Darren Darren is offline
Friend
 
Join Date: May 2003
Posts: 27
Rept. Given: 3
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 15
Thanks Rcvd at 5 Times in 4 Posts
Darren Reputation: 0
void main()
{
do whatever main function does
}

void dummy()
{
}

#define mainsize ((DWORD)dummy-(DWORD)main)


This will calculate size of main function
Reply With Quote
  #5  
Old 11-04-2007, 04:11
yaa
 
Posts: n/a
But this is not true. It depends entirely on how your compiler and linker lay out your code in the binary. Without doing anything special and without touching optimization flags, taking your example, I even got to the point that dummy's code was placed BEFORE main's code in the compiled binary!

yaa

Last edited by yaa; 11-04-2007 at 04:35.
Reply With Quote
  #6  
Old 11-04-2007, 10:26
deroko's Avatar
deroko deroko is offline
cr4zyserb
 
Join Date: Nov 2005
Posts: 217
Rept. Given: 13
Rept. Rcvd 30 Times in 14 Posts
Thanks Given: 7
Thanks Rcvd at 33 Times in 16 Posts
deroko Reputation: 30
Code:
int main(){
        int size;
        __asm{
                mov eax, offset mylabel
                sub eax, offset main
                mov size, eax
        }
        printf("0x%.08X\n", size);

__asm{
        mylabel:
        }
        return 0;
}
smthing like this? If I remember correctly msvc will compile this without a problem even without asm code, so just put label at the end of procedure and calculate it's size... that should do the trick.
__________________
http://accessroot.com
Reply With Quote
  #7  
Old 11-04-2007, 20:33
Git's Avatar
Git Git is offline
Old Git
 
Join Date: Mar 2002
Location: Torino
Posts: 1,115
Rept. Given: 220
Rept. Rcvd 265 Times in 157 Posts
Thanks Given: 108
Thanks Rcvd at 216 Times in 124 Posts
Git Reputation: 200-299 Git Reputation: 200-299 Git Reputation: 200-299
Agreed Deroko, I think that is about the only way of getting close to the the answer. It still won't be exact because of any epilogue the compiler issues, but I can't think of a way of getting any closer.

Git
Reply With Quote
  #8  
Old 11-05-2007, 01:39
Darren Darren is offline
Friend
 
Join Date: May 2003
Posts: 27
Rept. Given: 3
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 15
Thanks Rcvd at 5 Times in 4 Posts
Darren Reputation: 0
Quote:
Originally Posted by yaa
But this is not true. It depends entirely on how your compiler and linker lay out your code in the binary. Without doing anything special and without touching optimization flags, taking your example, I even got to the point that dummy's code was placed BEFORE main's code in the compiled binary!

yaa
Maybe this is correct when dealing with the main function, but I've used many times this example below and found it to work fine, but i do always compile it from a seperate .cpp this method can be useful for when adding complicated hooks or patches to a piece of code and placing the new function in a cave or new section

Code:
void funct1()
{
    funct1code...
}

void funct2()
{
    funct2code...
}

void funct3()
{
    funct3code...
}

void dummy()
{
}

#define funct1size ((DWORD)funct2-(DWORD)funct1))
#define funct2size ((DWORD)funct3-(DWORD)funct2))
#define funct3size ((DWORD)dummy-(DWORD)funct3))

Last edited by Darren; 11-05-2007 at 02:07.
Reply With Quote
  #9  
Old 11-07-2007, 09:15
!k-0t1c! !k-0t1c! is offline
Friend
 
Join Date: Mar 2006
Posts: 12
Rept. Given: 0
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
!k-0t1c! Reputation: 1
Your best bet, in my opinion, would be emitting different recognizeable byte sequences using

__asm { emit BYTE0; emit BYTE1; ...}

at the beginning and at the end of the function
This will however turn out to be a bit complicated for non-voids, as if you'll insert the sequence below the return instruction it'll get ignored, and if you'll insert it above the return you won't account for that...

Alternatively, if you don't need to dynamically get the value from time to time but you need it for processing after compilation of an executable, you can consider generating a mapfile for your compiled code and parse that.


Regards
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
int3 and stolen bytes ! Newbie_Cracker General Discussion 4 03-14-2007 16:48
Calculating relative jnz opcode sizes in a custom code generator redbull General Discussion 3 09-15-2005 23:54
Damaged stolen bytes *RemedY* General Discussion 9 05-22-2004 16:58
22 stolen bytes? SvensK General Discussion 2 11-06-2003 17:13


All times are GMT +8. The time now is 14:07.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )