Jump to content
  • Advertisement

Archived

This topic is now archived and is closed to further replies.

stew

Hacking C++ question

This topic is 5459 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Hi all, I had a lecture once where we were shown how to access the private (well any) members of a class, change all its vtable etc. without touching the class source code. Trouble is I can''t remember how it was done. He also showed how to turn a singleton into a multiton and back again without touching the singleton objects source. All of it was perfectly legal C++. Anyone have any ideas on how this is done? I know there is no valid reason why you would want to do it but it just interested me. I''m a C++ programmer and I love finding out all the flaws in the C++ design. Thanks

Share this post


Link to post
Share on other sites
Advertisement
You can do pretty much anything with pointer manipulation.

Two points:

1) C++ isn''t supposed to offer protection against people deliberately doing this so it isn''t really a ''flaw''. C++ access mechanisms are merely to prevent accidental manipulation of data.

2) It depends on what you define as ''legal''. Things like this that work on one implementation may not work on another, for example: Different C++ implementations may place the vtable in different locations. It may be ''legal'' as in it compiles and runs (on a certain platform, with a certain compiler) but it wouldn''t be considered ''good'' or portable code.

Share this post


Link to post
Share on other sites
Just do something like
#define private public
#define protected public
#include "class.h"
#undef protected
#undef private

Share this post


Link to post
Share on other sites

#include <iostream>
using namespace std;

class s
{
public:
s()
{h = 123456;}
private:
int l;
int h;

};


int main()
{



s cla;
int *j = ((int *)&cla)+1;
cout << *j << endl;

*j = 0;


return 0;
}



Why is this a flaw?
Remember that all the keywords like const private protected are there to help you avoid unnecessary bugs.

Share this post


Link to post
Share on other sites
Guest Anonymous Poster
quote:
Original post by stew
Hi all,

I had a lecture once where we were shown how to access the private (well any) members of a class, change all its vtable etc. without touching the class source code. Trouble is I can''t remember how it was done. He also showed how to turn a singleton into a multiton and back again without touching the singleton objects source.

All of it was perfectly legal C++.

Anyone have any ideas on how this is done? I know there is no valid reason why you would want to do it but it just interested me. I''m a C++ programmer and I love finding out all the flaws in the C++ design.

Thanks


You can do all sorts of "mucked" up things in C++. One of my favorites it to have a function hi-jack it''s return pointer. Use a stack-allocated variable as an offset and you can walk backwards down the stack just enough to overwrite the return pointer. Something like:


void f();

void g()
{
int x;
*(x+6) = &f;
}


The sign and value of the offset will vary based on the calling convention and architecture, but it''s funny to see. Any language that allows pointers will have problems like this.

Another thing you can do is change the public and private keywords in a header file for a pre-compiled library. You can make it all public if you want.

Anyways...

Share this post


Link to post
Share on other sites
I fail to see why these are problems.
The only way this could be a problem is if you''re dealing with a programmer with sub-par intelligence.

Share this post


Link to post
Share on other sites
quote:
Original post by Extrarius
Just do something like
#define private public
#define protected public
#include "class.h"
#undef protected
#undef private



two things come to mind:
-"without touching the class source code"
youre doing exactly that, no matter if you do it directly or indirectly

-try to access bla with your trick:
class X {
int bla;
public:
...
}

Share this post


Link to post
Share on other sites
Its not editing the source files, which is what I took it to mean, and I very rarely see classes that don't explicitly use plublic/private/protected. If you're going to say its editing the source, then the only other option(afaik) is pointer manipulation which varies depending on compiler (or at least, the order in which the member variables are stored in ram, any alignment settings in place, where the virtual table is and how large it is, and probably a few other things as well)

[edited by - Extrarius on August 6, 2003 11:19:51 AM]

Share this post


Link to post
Share on other sites
quote:
Original post by Extrarius
Its not editing the source files, which is what I took it to mean, and I very rarely see classes that don''t explicitly use plublic/private/protected.


Your code is, however, illegal. The C++ standard explicitly forbids built-in keywords from being #defined.

Here''s a sneaky way that is legal C++, works on all compliant compilers, and doesn''t assume anything about memory layout (which is non-portable):

suppose you have this class:

class C
{
public:
template<typename T> void Func(T arg) { ... }
private:
int cantTouchThis;
};

Then your own code can evilly exploit explicit template instantiation as shown:

class Dummy {};

template<> void Func<Dummy>(Dummy arg)
{
cantTouchThis = 12345;
}

And then just call Func with a Dummy argument to run the code as a priveleged function.


How appropriate. You fight like a cow.

Share this post


Link to post
Share on other sites
quote:
Original post by daerid
I fail to see why these are problems.
The only way this could be a problem is if you''re dealing with a programmer with sub-par intelligence.


As a programmer, I am always dealing with sub-par intelligence

/*Joe DiMichele
C/C++/VB Programmer, A+ Certified Technician
AIM:Krawling Khaos, ICQ:332871787
joedimichele@hotmail.com
oderint dum metuant
Excuse my spelling, programmers can''t spel*/

Share this post


Link to post
Share on other sites

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!