I'm injecting a DLL into another process and want to call a function that is in that binary based on it's address (0x54315).
How can I actually declare a function, and then set it to this address?
#define FUNC 0x54315
void *myFuncPtr;
int main()
{
myFuncPtr = FUNC; // pretty sure this isn't how
myFuncPtr(); // call it?
}
The existing answers work, but you don't even need a variable for the function pointer. You can just do:
#define myfunc ((void (*)(void))0x54315)
and then call it as myfunc() just like you would an ordinary function. Note that you should change the type in the cast to match the actual argument and return types of the function.
You need to define myFuncPtr as a function pointer, a void* isn't callable.
Best to use a typedef for that:
typedef void (*funptr)(void);
funprt myFuncPtr;
(Assuming your function takes nothing and returns nothing.)
Then you'll get a warning on the assignment - use a type cast to "silence" it, since this is indeed what you need to do.
You're pretty much on your own with this though, if the signature doesn't match, the calling convention is wrong, or the address is wrong, the compiler cannot validate anything and you get to pick up the pieces.
Your code should work once the syntax is corrected to actually be a function pointer. I failed to read it properly for my first version of this answer. Sorry.
As stated by Mat, the proper syntax for a function pointer would be:
void (*myFuncPtr)(void) = (void (*)(void)) FUNC;
This is often simplified by using a typedef since the C function pointer syntax is somewhat convoluted.
Also, you're must be really sure the function to be called is at that same exact address every time your injected DLL runs. I'm not sure how you can be sure of that, though ...
Also, you would need to pay attention to the calling conventions and any arguments the function at FUNC might be expecting, since if you get that wrong you will likely end up with stack corruption.
Related
Suppose I have a function pointer, What's the more conventional way of assigning a function to it?
void (*myFunc)(void*)
1) Use & to get function's address, and dereference to invoke.
myFunc = &function;
(*myFunc)(input);
Or
2) Use function's name directly, and invoke without dereferencing.
myFunc = function;
myFunc(input);
Neither matter, functions decay to function pointers. As with all things that don't matter, pick one and stick to it.
Additionally, there is no stylistic requirement that you call functions with (*myFunc)(input) if you get them with &function. There is no fundamental issue with getting function pointers using myFunc = &function and then writing myFunc(input), or getting function pointers with myFunc = function and then writing (*myFunc)(input).
Fun fact: the language never treats a function call as a call to a function value. Functions always undergo decay to a function pointer type, and the function pointer is what is called. In other words:
puts("hello world!");
is implicitly converted to:
((int (*)(const char*))&puts)("hello world!");
and so (*myFunc)(input) would, similarly, resolve to ((void (*)(int))&*myFunc)(input), which seems a bit silly, but unless you care deeply about the abstract syntax tree view of your program, as we said before, it doesn't matter. It does the exact same thing.
What is the proper C syntax for a function returning pointer to another function (which again may return a pointer to some thrid function etc)? I know that we can define a function as a local variable inside another function (but we need to know the address or it is useless):
int*(*a)(int) = (void*)0;
This is local variable a which represents a function which has int as a parameter and returns pointer to int, while the address of the function is 0. How can I have a function which returns, instead of pointer to int, a pointer to a function requiring char as a parameter and returning a pointer to int? This is what I've tried:
int*(*)(char)(*a)(int) = (void*)0;
But, it is a syntax error. Is there a way to do it, or maybe, the only way is to return void* and then to cast it again to function?
Edit
I am not looking only for a solution which works. I know it can be done using typedef or just by returning a generic pointer and then casting to another function. But, I am writting a code highlighter for C and I want to cover all cases which are defined by ISO C, so I am wondering does ISO C allow double returning functions, if yes, what is the proper syntax, if no, can it be found somewhere in documentation?
You could use typedefs to simplify this (and make sure you can actually understand the code a week later):
typedef int*(*FuncA)(int);
typedef FuncA(*FuncB)();
FuncB a = (void*)0;
Obviously use more descriptive names than I have done here.
I have microcontroler that I am working with. When debugging it is necessary to call a function from that is hard coded in ROM. Technical Reference shows how to do this:
# define Device_cal (void(*)(void))0x3D7C80
and calling procedure looks like this:
(*Device_cal)()
I can't understand what actually happens here, so my question is:
How does it work?
void (*) (void) is a type. It's a pointer to a function that takes no parameter and returns void.
(void(*)(void)) 0x3D7C80 casts the 0x3D7C80 integer to this function pointer.
(*Device_cal)() calls the function.
(Device_cal)() would do the exactly the same.
The parentheses around *Device_cal and Device_cal are required because otherwise the cast to the integer would not have the higher precedence.
The #define causes (*Device_cal)() to be expanded into this immediately before compiling:
(*(void(*)(void))0x3D7C80)()
The void(*)(void) is a declaration for a function pointer that takes void and returns void types. The (*()) represents a cast for the next token in the expression (0x3D7C80). Thus this asks to treat the data at location 0x3D7C80 as a function. The final () calls the function with no arguments.
well, you "define" a pointer to function, and call it.
void(*)(void) mean a pointer to function, that gets no arguments, and return void.
If you cast 0x3D7C80 to that type, and call it, you basically call the function that its address is 0x3D7C80.
This is not an answer (that has already been done satisfactorily), but some advice:
I would suggest the following method instead:
typedef void (*tVOID_ROMFUNCTION_VOID)( void ) ;
tVOID_ROMFUNCTION_VOID Device_cal = (tVOID_ROMFUNCTION_VOID)0x3D7C80 ;
Device_cal() ;
That way you can create any number of global function pointers on initialisation while the calls look like normal statically linked functions. And you avoid confusing pre-processor macros voodoo at the same time.
By creating different function-pointer types with different signatures, the compiler will be able to perform some parameter type checking for you too.
The symbol is pasted in which creates a temporary (un named ) pointer to a function at a fixed memory location and then calls it via dereferencing.
I have a function pointer inside a struct that gets dynamically set at runtime to the address of another function in various places in my code. It is defined in my header file like this:
void *(*run)();
During compile time, I get the following warning about this:
warning: function declaration isn't a prototype
This warning is benign, because the pointer is used in many places in my code to call the function it points to, and everything works just fine. However, I would really like to silence the warning.
If I change it to this:
void *(*run)(void);
I get compile errors whever I use it, because the various functions that make use of the pointer have different numbers of arguments, and saying void inside the parenthesies tells the compiler it accepts no arguments.
I can't use a va_list or anything fancy like that, as this is simply a pointer to another function, and I use a single pointer for them all because it keeps the code clean and simple.
I can silence the warning with adding this to my compiler flags:
-Wno-strict-prototypes
But I'd rather not have to disable compiler warnings with flags if I can avoid it.
So my question is: How do I notate this function pointer in the code in such a way that the compiler is satisfied with the fact that it accepts any number of any kind of arguments?
The code works perfectly. I just want the warning to go away.
Store the pointer as a void * and cast to the appropriate function pointer type when necessary? Keep in mind that it isn't necessarily safe to call one type of function pointer as if it were another type, so the warning you're starting out with isn't entirely invalid.
You can cast a function pointer like so:
void *genericPointer = ...;
void (*fp)(int, int) = genericPointer;
fp(123, 456);
Note that:
There's no explicit casting necessary here, as void * can always be cast to any pointer type.
The initial "void" before (*fp) is the return type of the function pointer.
You are trying to do things clean - i.e. involve the compiler in checks, but the design you invented simply cannot be clean by its principle. You cannot involve compiler in prototype checks this way, because you always must know, which parameters to pass at this particular case in runtime. Compiler cannot check this and if you make a mistake, segmentation fault is on the way.
But if I remember well, something like this was maybe used also in linux kernel (?). The solution is to have a general pointer (like the one you have) and each time you call a particular function you just typecast it to the pointer to function with the particular arguments. You may need to typecast it to void * first to silence the compiler again :-)
In C, when you call a function without a prototype visible, default argument promotions are applied to all of the arguments that you pass to the function. This means that the types that you actually pass do not necessarily match the types received by the function.
E.g.
void (*g)();
void f()
{
float x = 0.5;
g(x); // double passed
}
This means that you need to know that the function that you are actually calling has a compatible signature to that implied by the arguments that you are passing after promotion.
Given that you need to know this in any case you must know the function signature of the actual function being called at the call site which is using the function pointer. With this knowledge it is usually simpler and cleaner to use a function pointer with the correct prototype and you can avoid default argument promotion entirely.
Note that as you are defining your functions with prototypes, when you assigned a pointer to your function to a function pointer without a prototype you effective converted, say, a void(*)(int, int) to a void(*)() so it is completely correct and desirable to perform the reverse conversion before calling the function. gcc allows both these conversions without emitting any warnings.
E.g.
void PerformCall( void(*p)() )
{
if (some_condition)
{
// due to extra knowledge I now know p takes two int arguments
// so use a function pointer with the correct prototype.
void(*prototyped_p)(int, int) = p;
prototyped_p( 3, 4 );
}
}
Try typedefing the function pointer declaration and then have the caller explicityly cast it:
typedef void *(*run)();
//when calling...
void my_foo() {}
run r = (run)my_foo;
If the different function signatures are known, use a union. Otherwise, use a pointer of type void (*)(void) (actually, any function pointer type would do) to hold the generic pointer and convert to the proper type when setting the value and calling the code.
Example using a union:
union run_fn
{
void *(*as_unary)(int);
void *(*as_binary)(int, int);
};
struct foo
{
union run_fn run;
};
void *bar(int, int);
struct foo foo;
foo.run.as_binary = bar;
void *baz = foo.run.as_binary(42, -1);
Example using explicit casts:
struct foo
{
void (*run)(void);
};
void *bar(int, int);
struct foo foo;
foo.run = (void *(*)(int, int))bar;
void *baz = ((void *(*)(int, int))foo.run)(42, -1);
Don't use a void * to hold function pointers - such a conversion is unspecified by the ISO C standard and may be unavailable on certain architectures.
Ignoring the warning and using your code as-is is actually also a possibility, but keep in mind that any function argument will be subject to the default argument promotions and it's your responsibility that the promoted arguments properly match the declared parameters.
I came across this in embedded hardware using C.
#define EnterPWDN(clkcon) ( (void (*)(int))0xc0080e0 ) (clkcon)
I have no idea how is this function macro working. I understand clkcon is the function parameter to EnterPWDN, but what is happening after that?
It casts the address 0xc0080e0 to a pointer to function taking an int and returning void, and calls that function, passing clkcon as the parameter.
Spelled out:
typedef void (func_ptr*)(int);
func_ptr func = (func_ptr)0xc0080e0;
func(clkcon);
(If you haven't come across function pointers, you might want to grab a good C introduction and read up on the subject.)
Its a void function pointer that takes an int as a parameter. The function is held at the specific memory address 0xc0080e0.
(void (*)(int))
The above is a function pointer declaration. First comes the void return type. Next comes the fact that its a pointer and finally the int tells you what the parameter to the function is. The memory address is the location the function is stored at and the whole thing is casting that memory address into the correct function pointer type and then calling the function and passing "clkcon" to it.
Excellent answers Goz and sbi, but to put it another way:
At a specific address (0xc0080e0) in memory, possibly in a ROM, there is a function. You call this function with the int clkcon argument.