call_function_raw(), BinaryBuffer functions, dlopen/dlsym/dlclose

[kung foo man]

BinaryBuffer example:

PHP Code:


    buf = memory_malloc(128);
    bb = binarybuffer_new(buf);
    binarybuffer_write(bb, "i", 100);
    binarybuffer_write(bb, "f", 0.0123);
    binarybuffer_write(bb, "s", "hello");
    binarybuffer_write(bb, "d", 0.12345);
    binarybuffer_write(bb, "c", "#");
    binarybuffer_write(bb, "v", (0.10,0.20,0.30));
    binarybuffer_seek(bb, 0);
    i = binarybuffer_read(bb, "i");
    f = binarybuffer_read(bb, "f");
    s = binarybuffer_read(bb, "s");
    d = binarybuffer_read(bb, "d");
    c = binarybuffer_read(bb, "c");
    v = binarybuffer_read(bb, "v");
    printf("bb=% i=% f=% s=% d=% c=% v=%\n", bb, i, f, s, d, c, v);
    memory_free(buf);
    binarybuffer_free(bb); 


Output:

Code:

bb=164778640 i=100 f=0.012 s=hello d=0.123 c=# v=(0.10, 0.20, 0.30)

Use cases:

• prepare arguments for call_function_raw()
• parse any binary data, e.g. read player entity data ingame without recompiling libcod (ingame CheatEngine anyone?)

The strings are actually malloc'ed and only the pointer is saved as 4-byte-value in the binarybuffer. Internally they are saved in a list, so binarybuffer_free() can free them.

Dynamic Library example:

PHP Code:

    libc = dlopen("libc.so.6");
    libc_printf = dlsym(libc, "printf");
    printf("libc=% libc_printf=%\n", libc, libc_printf);
    dlclose(libc); 


Output:

Code:

libc=-144867328 libc_printf=-146018720

Use cases:

• get function addresses for call_function_raw()

call_function_raw() example:

PHP Code:

    buf = memory_malloc(128);
    bb = binarybuffer_new(buf);
    binarybuffer_write(bb, "s", "printf: int=%i float=%f string=%s double=%g char=%c vector=(%.2f,%.2f,%.2f)\n");
    binarybuffer_write(bb, "i", 100);
    binarybuffer_write(bb, "f", 0.0123);
    binarybuffer_write(bb, "s", "hello");
    binarybuffer_write(bb, "d", 0.12345);
    binarybuffer_write(bb, "c", "#");
    binarybuffer_write(bb, "v", (0.10,0.20,0.30));

    libc_printf = dlsym(0, "printf");
    call_function_raw(libc_printf, "s.ifsdcfff", buf);

    memory_free(buf);
    binarybuffer_free(bb); 


Output:

Code:

printf: int=100 float=0.012300 string=hello double=0.12345 char=# vector=(0.10,0.20,0.30)

Use cases:

• use all kind of C functions (e.g. from libc, but also from IDA etc.) without recompiling libcod, though atm some shitty prework todo

It's called "raw", because I wanna do a normal call_function() later, with much less bloat code to prepare the arguments. Kinda automatically, based on stackGetNumberOfParams()/stackGetParamType()

Regarding: call_function_raw(libc_printf, "s.ifsdcfff", buf);

Type	Explanation
s	string, 4 bytes (just a pointer)
.	varargs kicking in, like printf(char *msg, ...). Needed, because C handles floats like doubles in varargs-call-convention
i	int, 4 bytes
f	float, 4 bytes
d	double, 8 bytes
c	char, 1 byte

Inb4 ideas, tellz0r!

GitHub Commit: https://github.com/kungfooman/libcod...8ff9127dc15f16
Download of precompiled binaries: http://killtube.org/downloads/libcod/2015.01.17/