Calling a program that is dumped to a C array.

mrbitmap · wrote on 2 Feb 2017, 12:32

Hello, it's not quite qt related, however it can be considered a qt resource program too, but for now, let's say that I have a binutil like program that dumps an elf/exe file to a .c file to a char array formint that format

extern const char _binary_default[]; // dumped hex data
extern const size_t _binary_default_size; // size of array

so in my program I am trying to do the following:

#include "binary7.c" // the file wit hex data

extern const char _binary_default[];  // externals to the file`s array
extern const size_t _binary_default_size; // externals to file`s size

typedef int (*fb)(int argc, char** arv);

int main(int argc, char *argv[]) 
{
    fb c = (fb)_binary_default; // casting the array to a function
    c(argc, argv);   // try calling it
    return 0;
}

Let's say I've dumped a program "Hello world". Will that approach work? For me it does not work. My g2bin program formats the array with fprintf(..., "0x%x") . So, Qt embeded world, will you lend me a hand in this?

Thanks.

mrjj · 2 Feb 2017, 12:42

Hi
Maybe you could write it back as a file and use QProcess to run it ?

mrbitmap · 2 Feb 2017, 12:45

@mrjj
Hello, yes I can, but that's not what I need, I need to run it that way. I am writing an emulator and this is the firmware I am expecting.

mrjj · 2 Feb 2017, 12:50

@mrbitmap
Ok. what platform are u targeting ?

mrbitmap · 2 Feb 2017, 12:53

@mrjj
I don't know if it's appropriate to write it here. Let say a CPU from over 20 years ago.

mrjj · 2 Feb 2017, 12:56

@mrbitmap
I ment the OS.
All sampes i know of , write it to file
You would need somehow to create the process without a file and im not sure
there are any easy way to do that. ( since its exe and not DLL/So)

This talk of this
http://stackoverflow.com/questions/305203/createprocess-from-memory-buffer

mrbitmap · 2 Feb 2017, 13:46

@mrjj
I'll consider it. I am executing it under linux. Will report back after few experiments. I am just asking if the approach I've pointed is legitimate.

mrjj · 2 Feb 2017, 13:59

@mrbitmap
Well on windows , many scanners would trigger on your exe :)
Its 100% same way as spyware try to execute its payload.

Anyway, before you can directly run it, should not have a "decompile" function?
I assume that g2bin change the values so no zero are found and hence can
be included as a string.
So if u give _binary_default to some process function, the actual memory block will be in correct format or still in this "hex" format?
Maybe I should rather ask. If you save it directly back to a file.
and run it. It works?

On linux it seems to be possible
http://stackoverflow.com/questions/10523681/execute-a-process-from-memory-within-another-process

All exe files compressors do this
https://upx.github.io/
So u might be able to be inspired.

But if u cant use a file , then be prepared for it to get a bit hairy :)

jsulm · 3 Feb 2017, 12:51

@mrbitmap How do you fill _binary_default?

mrbitmap · J jsulm 2 Feb 2017, 14:25

@jsulm
Hello, here is the complete code:

#include <stdio.h>
#include <stdlib.h>
#define DEBUG 1

static FILE* open_or_exit(const char* fname, char* perms)
{
    FILE* fp = fopen(fname, perms);
    if ( !fp )
        exit(EXIT_FAILURE);
    else
        return fp;
}


int main(int argc, char** argv)
{
    if ( argc < 3 )
    {
        fprintf(stderr, "ERROR usage!\ng2bin <infile> <outfile>\n");
        return 1;
    }
    char varname[128]={0};
    if ( argc == 4 )
    {
        sprintf(varname, "%s", argv[3]);
    } else
    {
        sprintf(varname, "%s", "default");
    }

    FILE *infile = open_or_exit(argv[1], "rb");
    FILE* outfile = open_or_exit(argv[2], "w");

    unsigned short buff[256]={0};
    size_t line=0;
    size_t nread=0;

    fprintf(outfile, "#include <stdlib.h>\n");
    fprintf(outfile, "const char ");
    fprintf(outfile, "_binary_%s", varname);
    fprintf(outfile, "[]={\n");
    do
    {
        nread = fread(buff, 1, sizeof(buff), infile);
#ifdef DEBUG
      printf("[%d] bytes read\n", nread);
#endif
        for(int i=0; i < (sizeof(buff)/sizeof(buff[0])); i++)
        {
            fprintf(outfile, "0x%02x", buff[i]);
            if ( nread > 0)
                fprintf(outfile, ",");
            else
                break;
            if ( line++ >= 10 )
            {
                fprintf(outfile, "\n");
                line = 0;
            }
        }

    } while ( nread > 0);
    fprintf(outfile, "};\n");
    fprintf(outfile, "const size_t _binary_%s_size=sizeof(_binary_%s);\n"
            ,varname, varname);

    fclose(infile);
    fclose(outfile);

    return 0;
}

That dumps a file into a .c compilable file with data and data's size. A feedback would be welcome.