Why does this example C code run and yet SHOULD either not compile or give a segmentation fault?


 
Thread Tools Search this Thread
Top Forums Programming Why does this example C code run and yet SHOULD either not compile or give a segmentation fault?
# 8  
Old 03-28-2019
Apologies if this attaches itself to to my previous post, and for any typos!

Well the story so far:
This is working code and compiles on gcc versions 2.95.3, 4.2.1 and 7.3.0, AMIGA OS 3.0.x inside ADE, OSX 10.14.3 and Linux Mint 19.

I have called it 'obfuscate_asm.c'.
Although jumping INTO main() compiles BUT causes s segmentation fault, jumping OUT if it doesn't.
Just read the code and see the possibilities. Makes me wonder if this is done by commercial coders.
Code:
/* Real obfuscation scenario. */

#include <stdio.h>

int addition(int NUM1, int NUM2);
int obfuscate(int NUM1, int NUM2);

int main()
{
    int NUMBER1;
    int NUMBER2;
    int SUM;

    asm("nop;"
    "jmp    out;"
    "in:"
    "nop;");

    printf("Enter two integer numbers:- ");
    scanf("%d %d", &NUMBER1, &NUMBER2);

    SUM = addition(NUMBER1, NUMBER2);

    printf("SUM = %d.\n", SUM);

    return(0);
}

int addition(int NUM1,int NUM2)
{
    int RESULT;
    RESULT = NUM1 + NUM2;
    return RESULT;
}

int obfuscate(int NUM1,int NUM2)
{
    int RESULT;

    asm("jmp    getout;"
    "nop;"
    "out:"
    "nop;"
    "jmp    in;"
    "getout:"
    "nop;");
    /* Any number of these jimps could be used to hide stuff. */

    RESULT = NUM1 / NUM2;
    return RESULT;
}

Results; OSX 10.14.3, default bash terminal, gcc 4.2.1.
Code:
Last login: Thu Mar 28 14:55:00 on ttys000
AMIGA:amiga~> cd Desktop/Code/C
AMIGA:amiga~/Desktop/Code/C> gcc obfuscate_asm.c
AMIGA:amiga~/Desktop/Code/C> ./a.out
Enter two integer numbers:- 123 456
SUM = 579.
AMIGA:amiga~/Desktop/Code/C> hexdump -C a.out
........
00000e90  55 48 89 e5 48 83 ec 20  c7 45 fc 00 00 00 00 90  |UH..H.. .E......|
00000ea0  e9 8b 00 00 00 90 48 8d  3d cb 00 00 00 b0 00 e8  |......H.=.......|
00000eb0  92 00 00 00 48 8d 3d da  00 00 00 48 8d 75 f8 48  |....H.=....H.u.H|
00000ec0  8d 55 f4 89 45 ec b0 00  e8 7f 00 00 00 8b 7d f8  |.U..E.........}.|
00000ed0  8b 75 f4 89 45 e8 e8 25  00 00 00 48 8d 3d b9 00  |.u..E..%...H.=..|
00000ee0  00 00 89 45 f0 8b 75 f0  b0 00 e8 57 00 00 00 31  |...E..u....W...1|
00000ef0  f6 89 45 e4 89 f0 48 83  c4 20 5d c3 0f 1f 40 00  |..E...H.. ]...@.|
00000f00  55 48 89 e5 89 7d fc 89  75 f8 8b 75 fc 03 75 f8  |UH...}..u..u..u.|
00000f10  89 75 f4 8b 45 f4 5d c3  0f 1f 84 00 00 00 00 00  |.u..E.].........|
00000f20  55 48 89 e5 89 7d fc 89  75 f8 e9 07 00 00 00 90  |UH...}..u.......|
00000f30  90 e9 6f ff ff ff 90 8b  45 fc 99 f7 7d f8 89 45  |..o.....E...}..E|
00000f40  f4 8b 45 f4 5d c3 ff 25  c4 00 00 00 ff 25 c6 00  |..E.]..%.....%..|
00000f50  00 00 00 00 4c 8d 1d ad  00 00 00 41 53 ff 25 9d  |....L......AS.%.|
00000f60  00 00 00 90 68 00 00 00  00 e9 e6 ff ff ff 68 0e  |....h.........h.|
00000f70  00 00 00 e9 dc ff ff ff  45 6e 74 65 72 20 74 77  |........Enter tw|
00000f80  6f 20 69 6e 74 65 67 65  72 20 6e 75 6d 62 65 72  |o integer number|
00000f90  73 3a 2d 20 00 25 64 20  25 64 00 53 55 4d 20 3d  |s:- .%d %d.SUM =|
00000fa0  20 25 64 2e 0a 00 00 00  01 00 00 00 1c 00 00 00  | %d.............|
........
 AMIGA:amiga~/Desktop/Code/C> _

As you can see by checking the 32 bit jumps, in this case e9 xx xx xx xx you can obfuscate your code by jumping all over the place to non used functions that actually would do something if called, obfuscate() would actually divide two numbers.
So IMHO gcc is not absolutely foolproof.
I have always quoted, even on here, "IF there is a back door I will find it!"
When I am really interested in finding something I will do my best to find it.
# 9  
Old 03-28-2019
How do you compile ? Try gcc -Wall -ansi mycode.c -o mycode

I'm guessing, completely. You have to read your manpage for gcc, look for the options for your hardware e.g., SPARC
Compile with the strictest settings you can find. This will eliminate some of the problems you see: gcc compiling stuff that should fail.
Try to use -std=c99 if your compiler supports it, for example. Since you run on OSX and Amiga (I think), I have to punt on what the exact command should be.

PS: a good clean compile means zero warnings/errors
This User Gave Thanks to jim mcnamara For This Post:
# 10  
Old 03-28-2019
Ah, now you're starting to jump between function with different amounts of local variables. Meaning these local variables may not actually be allocated properly when you use them or freed properly when you return, causing corruption on the stack (i.e. important pointer values on the stack overwritten with your local variables since stack space was never made for them), causing potential crashes on return when RET jumps into lala land. This is not recommended.

Also, main() is somewhat special, to the point newer compilers have stopped letting you take the address of it.
# 11  
Old 03-28-2019
Further, doing things you didn't ask the compiler to do is begging for trouble. The compiler loves to remove things you "don't use", to the point that if you never touch a variable in your program, it might optimize it away completely and use hardcoded values instead. You have to make these variables 'volatile' to force the compiler to not do anything smart and helpful for you.
# 12  
Old 03-28-2019
Quote:
Originally Posted by Corona688
Because argv[0] actually exists, even in a program with no arguments - it's the name of the calling program. Again, why should it segfault? What exact fault should it be catching here? Segmentation fault means "touched memory I don't have permission to use", and if you don't do that, you don't get a segfault, even if you leap around like a flea on a hot griddle.
IMO gcc should check for any assembly jumps outside the bounds of any individual function, irrespective of how one compiles it. Just because the first code uses two near identical functions is irrelevant the 'asm()' function is taking functions out of their boundaries.
And, I don't intend, ever, to use this bad coding method at all. It was an exercise in finding out as I was researching about 'goto' inside a function.

--- Post updated at 03:56 PM ---

Quote:
Originally Posted by jim mcnamara
How do you compile ? Try gcc -Wall -ansi mycode.c -o mycode

I'm guessing, completely. You have to read your manpage for gcc, look for the options for your hardware e.g., SPARC
Compile with the strictest settings you can find. This will eliminate some of the problems you see: gcc compiling stuff that should fail.
Try to use -std=c99 if your compiler supports it, for example. Since you run on OSX and Amiga (I think), I have to punt on what the exact command should be.

PS: a good clean compile means zero warnings/errors

Hi Jim...
Absolutely.
However I shouldn't have to type all that just to find out, gcc filename.c should be sufficient.
Code:
Last login: Thu Mar 28 14:56:34 on ttys000
AMIGA:amiga~> cd Desktop/Code/C
AMIGA:amiga~/Desktop/Code/C> gcc -Wall -ansi obfuscate_asm.c -o obfuscate_asm
obfuscate_asm.c:14:2: warning: implicit declaration of function 'asm'
      [-Wimplicit-function-declaration]
        asm("nop;"
        ^
obfuscate_asm.c:40:2: warning: implicit declaration of function 'asm'
      [-Wimplicit-function-declaration]
        asm("jmp    getout;"
        ^
2 warnings generated.
Undefined symbols for architecture x86_64:
  "_asm", referenced from:
      _main in obfuscate_asm-09a969.o
      _obfuscate in obfuscate_asm-09a969.o
ld: symbol(s) not found for architecture x86_64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
 AMIGA:amiga~/Desktop/Code/C> _

It should have been __asm__ volatile() but I used the generic 'asm()' as it seems 'universal' even on my AMIGA C compilers.

Thanks for your help...

EDIT:
I didn't add this as an edit, it did so itself.

Last edited by wisecracker; 03-28-2019 at 01:00 PM.. Reason: See EDIT:
# 13  
Old 03-28-2019
Apologies if this attaches to the previous post.
As a finale to this thread I decided to compile using the correct 'asm()' function __asm__ volatile() .
Code:
/* Real obfuscation scenario. */

#include <stdio.h>

int addition(int NUM1, int NUM2);
int obfuscate(int NUM1, int NUM2);

int main()
{
    int NUMBER1;
    int NUMBER2;
    int SUM;

    __asm__ volatile("nop;"
    "jmp    out;"
    "in:"
    "nop;");

    printf("Enter two integer numbers:- ");
    scanf("%d %d", &NUMBER1, &NUMBER2);

    SUM = addition(NUMBER1, NUMBER2);

    printf("SUM = %d.\n", SUM);

    return(0);
}

int addition(int NUM1,int NUM2)
{
    int RESULT;
    RESULT = NUM1 + NUM2;
    return RESULT;
}

int obfuscate(int NUM1,int NUM2)
{
    int RESULT;

    __asm__ volatile("jmp    getout;"
    "nop;"
    "out:"
    "nop;"
    "jmp    in;"
    "getout:"
    "nop;");
    /* Any number of these jimps could be used to hide stuff. */

    RESULT = NUM1 / NUM2;
    return RESULT;
}

Results, OSX 10.14.3, default bash terminal, gcc 4.2.1.
The results are similar for AMIGA OS 3.0.x gcc 2.95.3 and Linunx Mint 19 gcc 7.3.0.
Code:
Last login: Thu Mar 28 18:58:36 on console
AMIGA:amiga~> cd Desktop/Code/C
AMIGA:amiga~/Desktop/Code/C> gcc -Wall -ansi obfuscate_asm.c -o obfuscate_asm
AMIGA:amiga~/Desktop/Code/C> ./obfuscate_asm
Enter two integer numbers:- 123 456
SUM = 579.
AMIGA:amiga~/Desktop/Code/C> hexdump -C obfuscate_asm
........
00000e90  55 48 89 e5 48 83 ec 20  c7 45 fc 00 00 00 00 90  |UH..H.. .E......|
00000ea0  e9 8b 00 00 00 90 48 8d  3d cb 00 00 00 b0 00 e8  |......H.=.......|
00000eb0  92 00 00 00 48 8d 3d da  00 00 00 48 8d 75 f8 48  |....H.=....H.u.H|
00000ec0  8d 55 f4 89 45 ec b0 00  e8 7f 00 00 00 8b 7d f8  |.U..E.........}.|
00000ed0  8b 75 f4 89 45 e8 e8 25  00 00 00 48 8d 3d b9 00  |.u..E..%...H.=..|
00000ee0  00 00 89 45 f0 8b 75 f0  b0 00 e8 57 00 00 00 31  |...E..u....W...1|
00000ef0  f6 89 45 e4 89 f0 48 83  c4 20 5d c3 0f 1f 40 00  |..E...H.. ]...@.|
00000f00  55 48 89 e5 89 7d fc 89  75 f8 8b 75 fc 03 75 f8  |UH...}..u..u..u.|
00000f10  89 75 f4 8b 45 f4 5d c3  0f 1f 84 00 00 00 00 00  |.u..E.].........|
00000f20  55 48 89 e5 89 7d fc 89  75 f8 e9 07 00 00 00 90  |UH...}..u.......|
00000f30  90 e9 6f ff ff ff 90 8b  45 fc 99 f7 7d f8 89 45  |..o.....E...}..E|
00000f40  f4 8b 45 f4 5d c3 ff 25  c4 00 00 00 ff 25 c6 00  |..E.]..%.....%..|
00000f50  00 00 00 00 4c 8d 1d ad  00 00 00 41 53 ff 25 9d  |....L......AS.%.|
00000f60  00 00 00 90 68 00 00 00  00 e9 e6 ff ff ff 68 0e  |....h.........h.|
00000f70  00 00 00 e9 dc ff ff ff  45 6e 74 65 72 20 74 77  |........Enter tw|
00000f80  6f 20 69 6e 74 65 67 65  72 20 6e 75 6d 62 65 72  |o integer number|
00000f90  73 3a 2d 20 00 25 64 20  25 64 00 53 55 4d 20 3d  |s:- .%d %d.SUM =|
00000fa0  20 25 64 2e 0a 00 00 00  01 00 00 00 1c 00 00 00  | %d.............|
........
AMIGA:amiga~/Desktop/Code/C> _

Voila! No error but the jumps are still there.
# 14  
Old 03-28-2019
Quote:
Originally Posted by wisecracker
IMO gcc should check for any assembly jumps outside the bounds of any individual function, irrespective of how one compiles it.
It's necessary sometimes, if you're building an operating system for example, to insert special instructions here and there without the compiler's interference. That's the kind of thing asm() is for. gcc will insert raw assembly if you ask, but you really have to know what you're doing since it can't protect you( though some more advanced syntax lets you warn gcc about side-effects instead). Plain, non-ASM goto (yes, it exists, very rarely used) wouldn't let you jump out of bounds.
This User Gave Thanks to Corona688 For This Post:
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Programming

C. To segmentation fault or not to segmentation fault, that is the question.

Oddities with gcc, 2.95.3 for the AMIGA and 4.2.1 for MY current OSX 10.14.1... I am creating a basic calculator for the AMIGA ADE *NIX emulator in C as it does not have one. Below are two very condensed snippets of which I have added the results inside the each code section. IMPORTANT!... (11 Replies)
Discussion started by: wisecracker
11 Replies

2. Solaris

Segmentation fault

Hi Guys, I just installed and booted a zone called testzone. When I logged in remotely and tried changing to root user I get this error: "Segmentation fault" Can someone please help me resolve this? Thanks alot (2 Replies)
Discussion started by: cjashu
2 Replies

3. Programming

This code keeps giving me a segmentation fault why?

#include<stdlib.h> #include <pthread.h> #include "tlpi_hdr.h" #include <stdio.h> static volatile int glob = 0; static struct { pthread_t t1,t2; } *thread; static void * /* Loop 'arg' times incrementing 'glob' */ threadFunc(void *arg) { int loops = *((int *) arg); ... (1 Reply)
Discussion started by: fwrlfo
1 Replies

4. Programming

Using gdb, ignore beginning segmentation fault until reproduce environment segmentation fault

I use a binary name (ie polo) it gets some parameter , so for debugging normally i do this : i wrote script for watchdog my app (polo) and check every second if it's not running then start it , the problem is , if my app , remain in state of segmentation fault for a while (ie 15 ... (6 Replies)
Discussion started by: pooyair
6 Replies

5. UNIX for Advanced & Expert Users

segmentation fault with ps

What does this mean and why is this happening? $ ps -ef | grep ocular Segmentation fault (core dumped) $ ps -ef | grep ocular Segmentation fault (core dumped) $ ps aux | grep ocular Segmentation fault (core dumped) $ ps Segmentation fault (core dumped) $ pkill okular $ ps... (1 Reply)
Discussion started by: cokedude
1 Replies

6. Programming

C code : Segmentation fault

Hi Friends, I have written a small code in C which performs the below operations Task : 1 ) read line by line from a file. 2 ) assuming 3th and 4th fields of the file as GN and GNTO 3 ) The target file should contain all the fields except GNTO. 4... (3 Replies)
Discussion started by: kiran_bhatter
3 Replies

7. Programming

Segmentation fault.

I'm getting a segmentation fault. I'm new to Linux programming. Thanks so much for all of your input.:eek: #include </usr/include/mysql++/mysql++.h> #include <stdio.h> #include <iostream> #include <sstream> #include <string.h> using namespace std; int outputToImport(const char*... (1 Reply)
Discussion started by: sepoto
1 Replies

8. UNIX for Dummies Questions & Answers

Compile & Run Java Code

The java program is a part of speech tagger -> The Stanford NLP (Natural Language Processing) Group The goal is to use this script as part of a webpage to tag parts of speech based on a user-inputted string. I have no idea what to do with the files - I'm a complete *nix noob. I tried running... (4 Replies)
Discussion started by: tguillea
4 Replies

9. AIX

Segmentation fault in nsgetcinfo in aix 64-bit c code

Hello, I am running on a AIX5.2 server with Oracle 10g and 9i. My code compiles and works fine in 32-bit mode. The same code compiles in 64-bit and runs good. The program catches CNTRL-C signal to terminate. Only on 64-bit code when i hit CNTRL-C, the program exits with segmentation... (0 Replies)
Discussion started by: sumesh0710
0 Replies

10. UNIX for Dummies Questions & Answers

Segmentation Fault

hello all, I tried a program on an array to intialise array elements from the standard input device.it is an integer array of 5 elements.but after entering the 4th element it throws a message called "Segmentation Fault" and returns to the command prompt without asking for the 5th element. ... (3 Replies)
Discussion started by: compbug
3 Replies
Login or Register to Ask a Question