在C ++中将字符串转换为函数

Question

I have been looking for a way to dynamically load functions into c++ for some time now, and I think I have finally figure it out. Here is the plan:

1. Pass the function as a string into C++ (via a socket connection, a file, or something).
2. Write the string into file.
3. Have the C++ program compile the file and execute it. If there are any errors, catch them and return it.
4. Have the newly executed program with the new function pass the memory location of the function to the currently running program.
5. Save the location of the function to a function pointer variable (the function will always have the same return type and arguments, so this simplifies the declaration of the pointer).
6. Run the new function with the function pointer.

The issue is that after step 4, I do not want to keep the new program running since if I do this very often, many running programs will suck up threads. Is there some way to close the new program, but preserve the memory location where the new function is stored? I do not want it being overwritten or made available to other programs while it is still in use.

If you guys have any suggestions for the other steps as well, that would be appreciated as well. There might be other libraries that do things similar to this, and it is fine to recommend them, but this is the approach I want to look into — if not for the accomplishment of it, then for the knowledge of knowing how to do so.

Edit: I am aware of dynamically linked libraries. This is something I am largely looking into to gain a better understanding of how things work in C++.

Answer 1

I can't see how this can work. When you run the new program it'll be a separate process and so any addresses in its process space have no meaning in the original process.

And not just that, but the code you want to call doesn't even exist in the original process, so there's no way to call it in the original process.

As Nick says in his answer, you need either a DLL/shared library or you have to set up some form of interprocess communication so the original process can send data to the new process to be operated on by the function in question and then sent back to the original process.

Answer 2

How about a Dynamic Link Library ?

These can be linked/unlinked/replaced at runtime.

Or, if you really want to communicated between processes, you could use a named pipe .

edit - you can also create named shared memory .

Answer 3

for the step 4. we can't directly pass the memory location(address) from one process to another process because the two process use the different virtual memory space. One process can't use memory in other process. So you need create a shared memory through two processes. and copy your function to this memory, then you can close the newly process. for shared memory, if in windows, looks Creating Named Shared Memory http://msdn.microsoft.com/en-us/library/windows/desktop/aa366551(v=vs.85).aspx

after that, you still create another memory space to copy function to it again. The idea is that the normal memory allocated only has read/write properties, if execute the programmer on it, the CPU will generate the exception.

So, if in windows, you need use VirtualAlloc to allocate the memory with the flag,PAGE_EXECUTE_READWRITE ( http://msdn.microsoft.com/en-us/library/windows/desktop/aa366887(v=vs.85).aspx )

void* address = NULL;
address= VirtualAlloc(NULL,
        sizeof(emitcode),
        MEM_COMMIT|MEM_RESERVE,
        PAGE_EXECUTE_READWRITE);

After copy the function to address , you can call the function in address , but need be very careful to keep the stack balance.

Answer 4

Dynamic library are best suited for your problem. Also forget about launching a different process, it's another problem by itself, but in addition to the post above, provided that you did the virtual alloc correctly, just call your function within the same "loadder", then you shouldn't have to worry since you will be running the same RAM size bound stack.

The real problems are:

1 - Compiling the function you want to load, offline from the main program.

2 - Extract the relevant code from the binary produced by the compiler.

3 - Load the string.

1 and 2 require deep understanding of the entire compiler suite, including compiler flag options, linker, etc ... not just the IDE's push buttons ...

If you are OK, with 1 and 2, you should know why using a std::string or anything but pure char *, is an harmfull.

I could continue the entire story but it definitely deserve it's book, since this is Hacker/Cracker way of doing things I strongly recommand to the normal user the use of dynamic library, this is why they exists.

Answer 5

Usually we call this code injection ...

Basically it is forbidden by any modern operating system to access something for exceution after the initial loading has been done for sake of security, so we must fall back to OS wide validated dynamic libraries.

That's said, one you have valid compiled code, if you realy want to achieve that effect you must load your function into memory then define it as executable ( clear the NX bit ) in a system specific way.

But let's be clear, your function must be code position independant and you have no help from the dynamic linker in order to resolve symbol ... that's the hard part of the job.