如何获取函数内的函数返回地址？

Question

I want to print return value in my tracer, there are two questions

1. How to get return address ?
2. The return position is updated before OR after ~Tracer() ?

Need text here so Stackoverflow formats the code:

struct Tracer
{
  int* _retval;
  ~Tracer() 
  { printf("return value is %d", *_retval); }
};


int foo()
{
  Tracer __tracter = { __Question_1_how_to_get_return_address_here__ };

  if(cond) {
     return 0;
  } else {
     return 99;
  }

  //Question-2: 
  // return postion is updated before OR after ~Tracer() called ???
}

Answer 1

You can't portably or reliably do this in C++. The return value may be in memory or in a register and may or may not be indirected in different cases.

You could probably use inline assembly to make something work on certain hardware/compilers.

One possible way is to make your Tracer a template that takes a reference to a return value variable (when appropriate) and prints that out before destructing.

Also note that identifiers with __ (double underscore) are reserved for the implementation.

Answer 2

I found some hints for Question-1, checking Vc code now

For gcc, __builtin_return_address http://gcc.gnu.org/onlinedocs/gcc/Return-Address.html

For Visual C++, _ReturnAddress

Answer 3

Your question is rather confusing, you're interchangeably using the terms "address" and "value", which are not interchangeable.

Return value is what the function spits out, in x86(_64) that comes in the form of a 4/8 byte value in E/RAX, or EDX:EAX, or XMM0, etc, you can read more about it here .

Return address on the other hand, is what E/RSP point to when a call is made (aka thing on top of the stack), and holds the address of where the function "jumps" back to when it's done (what is by definition called returning).

Now I don't even know what a tracer is tbh, but I can tell you how you'd get either, it's all about hooks.

For the value, and assuming you're doing it internally, just hook the function with one with the same definition, and once it returns you'll have your result.

For the address it's a bit more complicated because you'll have to go a bit lower, and possibly do some asm shenanigains, I really have no idea what exactly you are looking to acomplish, but I made a little "stub" if you will, to provide the callee with the return pointer.

Here is:

 void __declspec(noinline) __declspec(naked) __stdcall _replaceFirstArgWithRetPtrAndJump_() {
    __asm {                   //let's call the function we jump to "callee", and the function that called us "caller"                       
        push ebp             //save ebp, ESP IS NOW -4
        mov ebp, [esp + 4]  //save return address
        mov eax, [esp + 8] //get callee's address (which is the first param) - eax is volatile so iz fine
        mov[esp + 8], ebp //put the return address where the callee's address was (to the callee, it will be the caller)
        pop ebp          //restore ebp
        jmp eax         //jump to callee
}   }
#define CallFunc_RetPtr(Function, ...) ((decltype(&Function))_replaceFirstArgWithRetPtrAndJump_)(Function, __VA_ARGS__)

unsigned __declspec(noinline) __stdcall printCaller(void* caller, unsigned param1, unsigned param2) {
    printf("I'm printCaller, Called By %p; Param1: %u, Param2: %u\n", caller, param1, param2);
    return 20;
}

void __declspec(noinline) doshit() {
    printf("us: %p\nFunction we're calling: %p\n", doshit, printCaller);
    CallFunc_RetPtr(printCaller, 69, 420);  
}

Now sure, you could and maybe should use _ReturnAddress() or any different compiler's intrinsics, but if that's not available (which should be a really rare scenario depending on your work) and you know your ASM, this concept should work for any architecture, since however different the instruction set may be, they all follow the same Program Counter design.

I wrote this more because I was looking for an answer for this quite a long time ago for a certain purpose, and I couldn't find a good one since most people just go "hurr durr it's not possible or portable or whatever", and I feel like this would have helped.