#1
|
|||
|
|||
Calculating the size in bytes of a C++ function
Hello,
I'm writing a little proggie that injects code inside a running process without using the DLL loading approach and I got to the point of code injection itself and here an issue arises ... calculating how big my piece of code is. Obviously how the compiler lays out the code inside your binary may play a role depending on how you try to calculate the size ... Anyhow, I seem to be able to calculate a size that is always greater than the real size ... so this would be enough for it to work but I was wondering if there is any nice trick C/C++ gurus may suggest. Obviously I could check how many bytes this function gets compiled into using a disassembler or a debugger ... but doing everything directly from the IDE editor and using C/C++ code would be so much better!! yaa Last edited by yaa; 11-04-2007 at 00:31. |
#2
|
|||
|
|||
exports, is a quick and dirty way...
make an export above your proc 'proc start' make an export below your proc 'proc end' end - start = size tons of ways to do it really |
#3
|
|||
|
|||
Above and below have very relative meanings ...
Above and below where? In source code? And what are you suggesting, to export a function before and one after and calculate the difference to get the size? How about sharing someone else of those *tons of ways*? yaa |
#4
|
|||
|
|||
void main()
{ do whatever main function does } void dummy() { } #define mainsize ((DWORD)dummy-(DWORD)main) This will calculate size of main function |
#5
|
|||
|
|||
But this is not true. It depends entirely on how your compiler and linker lay out your code in the binary. Without doing anything special and without touching optimization flags, taking your example, I even got to the point that dummy's code was placed BEFORE main's code in the compiled binary!
yaa Last edited by yaa; 11-04-2007 at 04:35. |
#6
|
||||
|
||||
Code:
int main(){ int size; __asm{ mov eax, offset mylabel sub eax, offset main mov size, eax } printf("0x%.08X\n", size); __asm{ mylabel: } return 0; }
__________________
http://accessroot.com |
#7
|
||||
|
||||
Agreed Deroko, I think that is about the only way of getting close to the the answer. It still won't be exact because of any epilogue the compiler issues, but I can't think of a way of getting any closer.
Git |
#8
|
|||
|
|||
Quote:
Code:
void funct1() { funct1code... } void funct2() { funct2code... } void funct3() { funct3code... } void dummy() { } #define funct1size ((DWORD)funct2-(DWORD)funct1)) #define funct2size ((DWORD)funct3-(DWORD)funct2)) #define funct3size ((DWORD)dummy-(DWORD)funct3)) Last edited by Darren; 11-05-2007 at 02:07. |
#9
|
|||
|
|||
Your best bet, in my opinion, would be emitting different recognizeable byte sequences using
__asm { emit BYTE0; emit BYTE1; ...} at the beginning and at the end of the function This will however turn out to be a bit complicated for non-voids, as if you'll insert the sequence below the return instruction it'll get ignored, and if you'll insert it above the return you won't account for that... Alternatively, if you don't need to dynamically get the value from time to time but you need it for processing after compilation of an executable, you can consider generating a mapfile for your compiled code and parse that. Regards |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
int3 and stolen bytes ! | Newbie_Cracker | General Discussion | 4 | 03-14-2007 16:48 |
Calculating relative jnz opcode sizes in a custom code generator | redbull | General Discussion | 3 | 09-15-2005 23:54 |
Damaged stolen bytes | *RemedY* | General Discussion | 9 | 05-22-2004 16:58 |
22 stolen bytes? | SvensK | General Discussion | 2 | 11-06-2003 17:13 |