[IronPython] Cast to a method pointer using CTYPES

Andrew Evans evans.d.andrew at gmail.com
Thu Feb 10 17:54:39 CET 2011 

Thanks a bunch will continue looking :-)



On Thu, Feb 10, 2011 at 8:24 AM, Curt Hagenlocher <curt at hagenlocher.org>wrote:

> Strange that a search would find nothing. Try searching for VirtualProtect
> instead -- that's what you'd need to mark a block of memory as executable,
> and you'd use it in conjunction with VirtualAlloc.
> On Thu, Feb 10, 2011 at 8:17 AM, Andrew Evans <evans.d.andrew at gmail.com>wrote:
>
>> Mind showing showing me an example of using VirtualAlloc?
>>
>> Thanks for your help
>>
>> Quick Google Search reveals nothing Nothing to me on VirtualAlloc
>>
>> *cheers
>>
>>
>>
>> On Wed, Feb 9, 2011 at 12:37 PM, Dino Viehland <dinov at microsoft.com>wrote:
>>
>>>  So you want to generate the assembly in memory and then execute it?  I
>>> think you want something like:
>>>
>>>
>>>
>>> import array
>>>
>>> myCode = array.array('b',
>>> "\x31\xc0\x31\xdb\x31\xc9\x31\xd2\x51\x68\x6c\x6c\x20\x20\x68\x33")
>>>
>>> buffer = myCode.buffer_info()[0]
>>>
>>>
>>>
>>> from ctypes import *
>>>
>>> my_callback = CFUNCTYPE(c_int)
>>>
>>>
>>>
>>> my_callback(buffer)()
>>>
>>>
>>>
>>> This creates an array from your code, and then gets the address of that
>>> array.  Then it creates a callback type which just returns an int, and then
>>> it creates an instance of that callback type using the address of the code
>>> and calls that instance (which then causes an access violation when I run
>>> this).
>>>
>>>
>>>
>>> If you’re on a machine w/ the NX bit you may need to call VirtualAlloc
>>> and copy the bytes to the allocated executable memory rather than using a
>>> buffer.
>>>
>>>
>>>
>>> *From:* users-bounces at lists.ironpython.com [mailto:
>>> users-bounces at lists.ironpython.com] *On Behalf Of *Andrew Evans
>>> *Sent:* Wednesday, February 09, 2011 12:23 PM
>>> *To:* Discussion of IronPython
>>> *Subject:* Re: [IronPython] Cast to a method pointer using CTYPES
>>>
>>>
>>>
>>> Hey thank you for the fast reply :-)
>>>
>>> I am working on building a security framework in Python for exploit
>>> development as a part time hobby. But I am missing something key to what I
>>> am doing. I am having a hard time understanding it as well.
>>>
>>> from ctypes import *
>>>
>>> myCode = ("\x31\xc0\x31\xdb\x31\xc9\x31\xd2"
>>>     "\x51\x68\x6c\x6c\x20\x20\x68\x33") #example hex not full for post
>>> don't want to put up red flags
>>>
>>> my_callback = CFUNCTYPE(c_int, c_void_p,
>>>                         POINTER(myCode),
>>>                         POINTER(c_int32), c_void_p)
>>>
>>> print type(my_callback)
>>>
>>> this returns <type '_ctypes.PyCFuncPtrType'> which is what I want I
>>> assume.
>>>
>>> but when I run this code nothing happens. Maybe in how I am running it
>>> just by adding my_callback to the source. Any idea what I am doing wrong.
>>>
>>> *cheers in advance if you can help
>>>
>>> If not I understand
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.ironpython.com
>>> http://lists.ironpython.com/listinfo.cgi/users-ironpython.com
>>>
>>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.ironpython.com
>> http://lists.ironpython.com/listinfo.cgi/users-ironpython.com
>>
>>
>
> _______________________________________________
> Users mailing list
> Users at lists.ironpython.com
> http://lists.ironpython.com/listinfo.cgi/users-ironpython.com
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/ironpython-users/attachments/20110210/273cf237/attachment.html>

More information about the Ironpython-users mailing list