Windows C++ / Dynamically Computed Target Address
| Author | Unprotect |
| Platform | Windows |
| Language | C++ |
| Technique | Dynamically Computed Target Address |
Description:
This code uses the malloc function to dynamically allocate memory for a target address that will be used as the target of a call instruction. It then uses the main function's address as the base for the target address, and adds an offset of 0x00000004 to it to compute the final target address. This computed target address is then stored in the dynamically allocated memory and is used as the target of the call instruction.
Code
#include <stdio.h>
#include <stdlib.h>
int main() {
// Dynamically compute the target address of the "call" instruction
char *target = (char *)malloc(8);
*(unsigned long long *)target = (unsigned long long)main + 0x00000004;
// Use the dynamically computed target address in a "call" instruction
__asm__("mov eax, [%0]\n"
"call eax\n"
:: "r" (target) : "eax");
return 0;
}Created
December 6, 2022
Last Revised
April 22, 2024