(C++) Dynamically Computed Target Address by Unprotect

Created the Tuesday 06 December 2022. Updated 1 month, 3 weeks ago.

Description:

This code uses the malloc function to dynamically allocate memory for a target address that will be used as the target of a call instruction. It then uses the main function's address as the base for the target address, and adds an offset of 0x00000004 to it to compute the final target address. This computed target address is then stored in the dynamically allocated memory and is used as the target of the call instruction.

Code

            #include <stdio.h>
#include <stdlib.h>

int main() {
    // Dynamically compute the target address of the "call" instruction
    char *target = (char *)malloc(8);
    *(unsigned long long *)target = (unsigned long long)main + 0x00000004;

    // Use the dynamically computed target address in a "call" instruction
    __asm__("mov eax, [%0]\n"
            "call eax\n"
            :: "r" (target) : "eax");

    return 0;
}