[IronPython] Cast to a method pointer using CTYPES

Dino Viehland dinov at microsoft.com
Wed Feb 9 21:37:08 CET 2011 

So you want to generate the assembly in memory and then execute it?  I think you want something like:

import array
myCode = array.array('b', "\x31\xc0\x31\xdb\x31\xc9\x31\xd2\x51\x68\x6c\x6c\x20\x20\x68\x33")
buffer = myCode.buffer_info()[0]

from ctypes import *
my_callback = CFUNCTYPE(c_int)

my_callback(buffer)()

This creates an array from your code, and then gets the address of that array.  Then it creates a callback type which just returns an int, and then it creates an instance of that callback type using the address of the code and calls that instance (which then causes an access violation when I run this).

If you're on a machine w/ the NX bit you may need to call VirtualAlloc and copy the bytes to the allocated executable memory rather than using a buffer.

From: users-bounces at lists.ironpython.com [mailto:users-bounces at lists.ironpython.com] On Behalf Of Andrew Evans
Sent: Wednesday, February 09, 2011 12:23 PM
To: Discussion of IronPython
Subject: Re: [IronPython] Cast to a method pointer using CTYPES

Hey thank you for the fast reply :-)

I am working on building a security framework in Python for exploit development as a part time hobby. But I am missing something key to what I am doing. I am having a hard time understanding it as well.

from ctypes import *

myCode = ("\x31\xc0\x31\xdb\x31\xc9\x31\xd2"
    "\x51\x68\x6c\x6c\x20\x20\x68\x33") #example hex not full for post don't want to put up red flags

my_callback = CFUNCTYPE(c_int, c_void_p,
                        POINTER(myCode),
                        POINTER(c_int32), c_void_p)

print type(my_callback)

this returns <type '_ctypes.PyCFuncPtrType'> which is what I want I assume.

but when I run this code nothing happens. Maybe in how I am running it just by adding my_callback to the source. Any idea what I am doing wrong.

*cheers in advance if you can help

If not I understand

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/ironpython-users/attachments/20110209/9e0ca86b/attachment.html>

More information about the Ironpython-users mailing list