在C ++中将程序集转换为机器代码

Question

I seek for any lib or function to convert a string of assembly code to machine code, like the following:

char asmString[] = {"mov eax,13H"};
byte[] output; // array of byte
output = asm2mach(asmString); // {0xB8, 0x13, 0x00, 0x00, 0x00}

The motivation is to inject machine code to call asm function in the program. This injection mainly has 3 steps: VirtualAllocEx, WriteProcessMemory and CreateRemoteThread. Here are the code:

bool injectAsm(const char* exeName,const byte* code, int size) 
{ 
    LPVOID allocAddr = NULL;
    HANDLE ThreadProcess = NULL;
    HANDLE hProcess = OpenProcessEasy(exeName);

    allocAddr = VirtualAllocEx(hProcess, NULL, size, MEM_COMMIT, PAGE_READWRITE);
    if(allocAddr){
        if(WriteProcessMemory(hProcess, allocAddr, code, size, NULL)) {
            ThreadProcess = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)allocAddr, NULL, 0, NULL);
            WaitForSingleObject(ThreadProcess, INFINITE);
            VirtualFreeEx(hProcess,allocAddr, 0, MEM_RELEASE);
            CloseHandle(ThreadProcess);
            return true;
        }
    }
    if(allocAddr){
        VirtualFreeEx(hProcess, allocAddr, 0, MEM_RELEASE);
    }
    return false;
}

int main()
{
    byte code[] = {0xB8, 0x10, 0xED, 0x4A, 0x00, 0xFF, 0xD0, 0xC3, 0x90};
    injectAsm("game.exe",code,sizeof(code));
    system("pause");
    return 0;
} 

Answer 1

You should define what you really want:

Do you want to generate machine code at runtime? Then use some JIT compilation library like libgccjit , libjit , LLVM , GNU lightning , or asmjit . asmjit is a library emitting x86 machine code, probably what you need. There is no absolute need to use a string containing assembler code.

Or do you want to translate some assembler syntax (and there are several assembler syntaxes even for x86) to object code or machine code? Then you'll better run a real assembler as an external program. The produced object code will contain relocation directives, and you'll need something to handle these (eg a linker ).

Alternative, you should consider generating some (eg) C code at runtime, then forking a compilation, and dynamically loading and using the resulting function at runtime (eg with dlopen(3) and dlsym ). See this

Details are obviously operating system, ABI , and processor specific.

Answer 2

I would recommend using both AsmJit and AsmTK . AsmTK is a new project that uses AsmJit as a toolkit and adds additional functionality on top of it. NOTE that at the moment AsmTK requies asmjit:next branch to work, as this is a new functionality.

This is a minimal example that uses AsmTK to parse some asm:

#include <stdio.h>
#include <stdlib.h>
#include <asmtk/asmtk.h>

using namespace asmjit;
using namespace asmtk;

static const char someAsm[] =
  "test eax, eax\n"
  "jz L1\n"
  "mov eax, ebx\n"
  "mov eax, 0xFFFFFFFF\n"
  "pand mm0, mm1\n"
  "paddw xmm0, xmm1\n"
  "vpaddw ymm0, ymm1, ymm7\n"
  "vaddpd zmm0 {k1}{z}, zmm1, [rax] {1tox}\n"
  "L1:\n";

int main(int argc, char* argv[]) {
  CodeHolder code;
  // Here select the target architecture - either X86 or X64.
  code.init(CodeInfo(Arch::kTypeX64));

  X86Assembler a(&code);
  AsmParser p(&a);

  Error err = p.parse(someAsm);
  if (err) {
    printf("ERROR: %0.8x (%s)\n", err, DebugUtils::errorAsString(err));
    return 1;
  }

  // The machine-code is now stored in CodeHolder's first section:
  code.sync();
  CodeBuffer& buffer = code.getSection(0)->buffer;

  // You can do whatever you need with the buffer:
  uint8_t* data = buffer.data;
  size_t length = buffer.length;

  return 0;
}

AsmJit uses JitRuntime to allocate executable memory and to relocate the resulting machine code into it. However, AsmJit's virtual memory allocator can be created with hProcess , which could be your remote process handle, so it can also allocate memory of that process. Here is a small example of how it could be done:

bool addToRemote(HPROCESS hRemoteProcess, CodeHolder& code) {
  // VMemMgr is AsmJit's low-level VM manager.
  VMemMgr vm(hRemoteProcess);

  // This will tell `vm` to not destroy allocated blocks when it
  // gets destroyed.
  vm.setKeepVirtualMemory(true);

  // Okay, suppose we have the CodeHolder from previous example.
  size_t codeSize = code.getCodeSize();

  // Allocate a permanent memory of `hRemoteProcess`.
  uint64_t remoteAddr = (uint64_t)
    vm.alloc(codeSize, VMemMgr::kAllocPermanent);

  // Temporary buffer for relocation.
  uint8_t* tmp = ::malloc(code.getCodeSize());
  if (!tmp) return false;

  // First argument is where to relocate the code (it must be
  // current's process memory), second argument is the base
  // address of the relocated code - it's the remote process's
  // memory. We need `tmp` as it will temporarily hold code
  // that we want to write to the remote process.
  code.relocate(tmp, remoteAddr);

  // Now write to the remote process.
  SIZE_T bytesWritten;
  BOOL ok = WriteProcessMemory(
    hRemoteProcess, (LPVOID)remoteMem, tmp, codeSize, &bytesWritten);

  // Release temporary resources.
  ::free(tmp);

  // Now the only thing needed is the CreateRemoteThread thingy...
  return ok;
}

I would recommend wrapping such functionality into a new RemoteRuntime to make it a matter of a single function call, I can help with that if needed.

Answer 3

Here is a project that can convert a string of assembly code (Intel or ARM) into its corresponding bytes.

https://github.com/bsmt/Assembler

It's written in Objective-C, but the source is there. I hope this helps.