CODEWITHSUNDEEP
c++linkerhexdistributed
Sourabh Bose
Sourabh Bose

Reputation: 189

relinking hex code and running on another machine

if i could get the hex code of a function in one machine how would i relink it and execute on another machine i.e, if i get the functions hex code from a disassembler and the function called a windows API

void newfunc()
{
   call some_API;
}

for running on another machine i would have to relink it to call that machines API address. given the machine runs windows with same hardware architecture..

p.s:regards to a distributed systems programming

more explanation: thus i have the hex code of newfunc() which includes the call assembly to some_API in machine A... i want to run this hex on a similar architecture and OS but a different machine B so i would have to relink it so that call to some_API goes to the destination machine B's some_API...how would i do that? thnx in advance

Upvotes: 0

Views: 202

Answers (1)

Michael Rho
Michael Rho

Reputation: 311

To do what you have described under Windows would require duplicating the PE Loader functionality.

Under Windows, what usually happens is:

call [some_API_addr]    ; uses in-program data

in the RDATA section of the PE:

 some_API_addr:   dd  0     ; filled in by the Loader with the address in the DLL

You can't just copy text and RDATA because DLL's can be loaded in different places due to ASLR (Address Space Layout Randomization) which aims to prevent exactly what you are trying to do:

ASSUMING you had a good way of identifying all the data that your function needs (which may not be easy), you could avoid this DLL problem by going directly to the Windows "syscall" interface.
For example, see: http://www.nynaeve.net/?p=48 and http://www.symantec.com/connect/articles/windows-syscall-shellcode will serve as starting points. Note the cautions in the second article that the system call interface changes between versions of the OS! Assuming your distributed system is similar, you will be fine.

The typical solution for the problem of packaging code for remote execution, is to put the code in a DLL.
Then, when the DLL is loaded on each machine (eg, LoadLibrary), the PE loader will fix up the proper addresses.

Upvotes: 1

Related Questions