<p>Strange that a search would find nothing. Try searching for VirtualProtect instead -- that's what you'd need to mark a block of memory as executable, and you'd use it in conjunction with VirtualAlloc. </p><div class="gmail_quote">
On Thu, Feb 10, 2011 at 8:17 AM, Andrew Evans <span dir="ltr"><<a href="mailto:evans.d.andrew@gmail.com">evans.d.andrew@gmail.com</a>></span> wrote:<br><blockquote style="margin: 0px 0px 0px 0.8ex; padding-left: 1ex; border-left-color: rgb(204, 204, 204); border-left-width: 1px; border-left-style: solid;" class="gmail_quote">
Mind showing showing me an example of using VirtualAlloc?<br><br>Thanks for your help<br><br>Quick Google Search reveals nothing Nothing to me on VirtualAlloc<br><br>*cheers<br><br><br><br><div class="gmail_quote">On Wed, Feb 9, 2011 at 12:37 PM, Dino Viehland <span dir="ltr"><<a href="mailto:dinov@microsoft.com" target="_blank">dinov@microsoft.com</a>></span> wrote:<br>
<blockquote style="margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex; border-left-color: rgb(204, 204, 204); border-left-width: 1px; border-left-style: solid;" class="gmail_quote">
<div lang="EN-US" vlink="purple" link="blue">
<div>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125); font-size: 11pt;">So you want to generate the assembly in memory and then execute it? I think you want something like:</span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125); font-size: 11pt;"> </span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125); font-size: 11pt;">import array</span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125); font-size: 11pt;">myCode = array.array('b', "\x31\xc0\x31\xdb\x31\xc9\x31\xd2\x51\x68\x6c\x6c\x20\x20\x68\x33")</span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125); font-size: 11pt;">buffer = myCode.buffer_info()[0]</span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125); font-size: 11pt;"> </span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125); font-size: 11pt;">from ctypes import *</span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125); font-size: 11pt;">my_callback = CFUNCTYPE(c_int)</span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125); font-size: 11pt;"> </span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125); font-size: 11pt;">my_callback(buffer)()</span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125); font-size: 11pt;"> </span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125); font-size: 11pt;">This creates an array from your code, and then gets the address of that array. Then it creates a callback type which just returns an int, and then it creates
an instance of that callback type using the address of the code and calls that instance (which then causes an access violation when I run this).
</span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125); font-size: 11pt;"> </span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125); font-size: 11pt;">If you’re on a machine w/ the NX bit you may need to call VirtualAlloc and copy the bytes to the allocated executable memory rather than using a buffer.</span></p>
<p class="MsoNormal"><span style="color: rgb(31, 73, 125); font-size: 11pt;"> </span></p>
<div style="border-width: medium medium medium 1.5pt; border-style: none none none solid; padding: 0in 0in 0in 4pt;">
<div>
<div style="border-width: 1pt medium medium; border-style: solid none none; padding: 3pt 0in 0in;">
<p class="MsoNormal"><b><span style="font-size: 10pt;">From:</span></b><span style="font-size: 10pt;"> <a href="mailto:users-bounces@lists.ironpython.com" target="_blank">users-bounces@lists.ironpython.com</a> [mailto:<a href="mailto:users-bounces@lists.ironpython.com" target="_blank">users-bounces@lists.ironpython.com</a>]
<b>On Behalf Of </b>Andrew Evans<br>
<b>Sent:</b> Wednesday, February 09, 2011 12:23 PM<br>
<b>To:</b> Discussion of IronPython<br>
<b>Subject:</b> Re: [IronPython] Cast to a method pointer using CTYPES</span></p>
</div>
</div><div><div></div><div>
<p class="MsoNormal"> </p>
<p style="margin-bottom: 12pt;" class="MsoNormal">Hey thank you for the fast reply :-)<br>
<br>
I am working on building a security framework in Python for exploit development as a part time hobby. But I am missing something key to what I am doing. I am having a hard time understanding it as well.<br>
<br>
from ctypes import *<br>
<br>
myCode = ("\x31\xc0\x31\xdb\x31\xc9\x31\xd2"<br>
"\x51\x68\x6c\x6c\x20\x20\x68\x33") #example hex not full for post don't want to put up red flags
<br>
<br>
my_callback = CFUNCTYPE(c_int, c_void_p,<br>
POINTER(myCode),<br>
POINTER(c_int32), c_void_p)<br>
<br>
print type(my_callback)<br>
<br>
this returns <type '_ctypes.PyCFuncPtrType'> which is what I want I assume.<br>
<br>
but when I run this code nothing happens. Maybe in how I am running it just by adding my_callback to the source. Any idea what I am doing wrong.<br>
<br>
*cheers in advance if you can help<br>
<br>
If not I understand<br>
<br>
</p>
</div></div></div>
</div>
</div>
<br>_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.ironpython.com" target="_blank">Users@lists.ironpython.com</a><br>
<a href="http://lists.ironpython.com/listinfo.cgi/users-ironpython.com" target="_blank">http://lists.ironpython.com/listinfo.cgi/users-ironpython.com</a><br>
<br></blockquote></div><br>
<br>_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.ironpython.com">Users@lists.ironpython.com</a><br>
<a href="http://lists.ironpython.com/listinfo.cgi/users-ironpython.com" target="_blank">http://lists.ironpython.com/listinfo.cgi/users-ironpython.com</a><br>
<br></blockquote></div><br>