How would you access a C structure's members without knowing the name?
Question
I'm dealing with an undocumented API that I'm trying to do a bit of reverse engineering on - don't worry this isn't malicious, just trying to fulfill a use case in a creative way.
I've got a pointer to a C structure. Is there a way for me to determine by examining the memory how many members this structure has? Their values?
I suspect the actual member names aren't available, but maybe they are?
6 answers
solution1
5 2009-05-06 14:59:17
You can't. All you can do is inspect the memory, and try to make guesses.
For instance, pointer values can sometimes be easy to locate, since they're often in the same "general area". If you have an address to a struct, look for values (of the platform's pointer size, generally 32 or 64 bit) that are "close", numerically.
It might also be worth investigating what the bitpattern for some "common" floating-point numbers is, on your platform, and look for those. Here, knowledge of the application and/or domain help of course, perhaps there are some values that "should" be in there, those are then the natural things to search for.
If you have access to any functions in the API that accept and/or return the struct, you might want to try calling them and checking for differences, that can give clues to what is happening.
On that note, you can of course also step through the code that allocates/creates the struct in the first place, to see what it does where.
solution2
4 2009-05-06 14:48:42
不,没有办法仅仅从内存中确定struct成员的“结构”。
solution3
3 ACCPTED 2009-05-06 14:49:07
Depending on the memory layout you may be able to determine where the structure ends and by knowing what the structure does on a higher level you may be able to guess about the members (beware of alignment). But there is no luck about knowing the names unless the code comes with debug symbols. In that case it's easy. Break somewhere where the structure is used and inspect it in the debugger.
Edit:
Assume that you did find out what members the struct contained and you also know that your compiler uses the same alignment then you can define a facsimile of the structure in your code and use a pointer to your structure to point to the address of the real structure. Then you can access all elements easily in your code.
solution4
1 2009-05-06 14:49:56
Unfortunately, you don't have type information in C or C++. There is some RTTI provided in C++, which allows dynamic_cast to check for validity of a down casting. But it gives no information about members (names or types).
solution5
1 2009-05-06 15:02:42
我会说无论你想做什么,都有更好的方法。
solution6
0 2009-05-06 14:58:11
In C, I usually create a meta-structure that contains all member name, offsets and size. It looks like this:
#define MEMBER(name,str) { #name, offsetof(struct str, name), sizeof(*(&((struct str *)(0))->name) }
struct A { char *name, int offset; int size; } = {
MEMBER(name,A),
MEMBER(offset,A),
MEMBER(size,A)
};
then, with creative casting if required, you can list all members of a structure.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.