stackoom
  简体   繁体   中英

htonl and ntohl have same address in windows?

 原文  2014-02-08 08:52:27       windows/ dll/ winsock/ winsock2/ portable-executable

Question

I rely on GetProcAddress() to do some hooking of some functions. I get a terrible result though, and to be honest, I don't really know what's happening.

It seems that this code will output "WHAT THE HELL?" : 

int main(void)
{
    HMODULE ws32 = LoadLibrary("WS2_32.DLL");
    if (GetProcAddress(ws32, "ntohl") ==  GetProcAddress(ws32, "htonl"))
        printf("WHAT THE HELL\n");

    return 0;
}

Could someone explain me why ntohl and htonl have the same absolute addresses? The problem is that, when I hook into a DLL and do some processing inside the DLL, it's clear that Inside the PE import table (I parse the PE IAT), ntohl() and htonl() have different addresses (Inside the IAT as said).

So this thing renders my program useless. ntohl() is confounded with htonl() , and the program cannot make the difference and goes crazy.

Any thoughts? Would there be a way to circumvent this? An explication?

2 answers

solution1
 2  2014-02-08 08:56:11

Sure, why not. All the ntohl and htonl function does, on a little endian platform, is to reverse all the individual bytes in an integer. There's no need for those 2 functions to be implemented differently - you do not need to worry that GetProcAddress() returns the same function pointer.

Ofcourse, you'd want to verify that GetProcAddress doesn't return a NULL pointer.

solution2
 0  2019-05-17 16:39:22

Unless you're on a mixed-endian platform like PDP-11, converting from host to the native endianness or vice versa is simply a byte swap or a NOP, so applying ntohl or htonl to an integer results in the same output . Therefore the linker may choose to use the same function for both names

It's unclear why you want to differentiate those functions, but it's completely unreliable. Smart compilers know to convert htonl and ntohl to a byte swap if necessary, resulting in zero function call . The user can also call compiler intrinsics such as _byteswap_ulong() or __builtin_bswap32() directly. In those cases how can you hook the function?

That being said, it's likely because ofCOMDAT folding optimization which merges identical functions . To disable it use the /OPT:NOICF flag

See also

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Different regions have the same allocation address Is DLL always have the same Base Address? How to design windows forms that have the same structure? Android and Windows dont have same TLS Algorithms Does Windows map DLLs to the same virtual address in different processes? python bottle can run two programs on the same address and port on WINDOWS WINVER, winsock and htonl() Is it possible for 2 windows managed by Windows to have the same window handle value? Single quotes and double quotes: How to have the same behaviour in unix and windows? Is it possible to have two distinct install of Python 3 of the same revision on a Windows system?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM