Why does this example C code run and yet SHOULD either not compile or give a segmentation fault?


Login or Register for Dates, Times and to Reply

 
Thread Tools Search this Thread
# 8  
Apologies if this attaches itself to to my previous post, and for any typos!

Well the story so far:
This is working code and compiles on gcc versions 2.95.3, 4.2.1 and 7.3.0, AMIGA OS 3.0.x inside ADE, OSX 10.14.3 and Linux Mint 19.

I have called it 'obfuscate_asm.c'.
Although jumping INTO main() compiles BUT causes s segmentation fault, jumping OUT if it doesn't.
Just read the code and see the possibilities. Makes me wonder if this is done by commercial coders.
Code:
/* Real obfuscation scenario. */

#include <stdio.h>

int addition(int NUM1, int NUM2);
int obfuscate(int NUM1, int NUM2);

int main()
{
    int NUMBER1;
    int NUMBER2;
    int SUM;

    asm("nop;"
    "jmp    out;"
    "in:"
    "nop;");

    printf("Enter two integer numbers:- ");
    scanf("%d %d", &NUMBER1, &NUMBER2);

    SUM = addition(NUMBER1, NUMBER2);

    printf("SUM = %d.\n", SUM);

    return(0);
}

int addition(int NUM1,int NUM2)
{
    int RESULT;
    RESULT = NUM1 + NUM2;
    return RESULT;
}

int obfuscate(int NUM1,int NUM2)
{
    int RESULT;

    asm("jmp    getout;"
    "nop;"
    "out:"
    "nop;"
    "jmp    in;"
    "getout:"
    "nop;");
    /* Any number of these jimps could be used to hide stuff. */

    RESULT = NUM1 / NUM2;
    return RESULT;
}

Results; OSX 10.14.3, default bash terminal, gcc 4.2.1.
Code:
Last login: Thu Mar 28 14:55:00 on ttys000
AMIGA:amiga~> cd Desktop/Code/C
AMIGA:amiga~/Desktop/Code/C> gcc obfuscate_asm.c
AMIGA:amiga~/Desktop/Code/C> ./a.out
Enter two integer numbers:- 123 456
SUM = 579.
AMIGA:amiga~/Desktop/Code/C> hexdump -C a.out
........
00000e90  55 48 89 e5 48 83 ec 20  c7 45 fc 00 00 00 00 90  |UH..H.. .E......|
00000ea0  e9 8b 00 00 00 90 48 8d  3d cb 00 00 00 b0 00 e8  |......H.=.......|
00000eb0  92 00 00 00 48 8d 3d da  00 00 00 48 8d 75 f8 48  |....H.=....H.u.H|
00000ec0  8d 55 f4 89 45 ec b0 00  e8 7f 00 00 00 8b 7d f8  |.U..E.........}.|
00000ed0  8b 75 f4 89 45 e8 e8 25  00 00 00 48 8d 3d b9 00  |.u..E..%...H.=..|
00000ee0  00 00 89 45 f0 8b 75 f0  b0 00 e8 57 00 00 00 31  |...E..u....W...1|
00000ef0  f6 89 45 e4 89 f0 48 83  c4 20 5d c3 0f 1f 40 00  |..E...H.. ]...@.|
00000f00  55 48 89 e5 89 7d fc 89  75 f8 8b 75 fc 03 75 f8  |UH...}..u..u..u.|
00000f10  89 75 f4 8b 45 f4 5d c3  0f 1f 84 00 00 00 00 00  |.u..E.].........|
00000f20  55 48 89 e5 89 7d fc 89  75 f8 e9 07 00 00 00 90  |UH...}..u.......|
00000f30  90 e9 6f ff ff ff 90 8b  45 fc 99 f7 7d f8 89 45  |..o.....E...}..E|
00000f40  f4 8b 45 f4 5d c3 ff 25  c4 00 00 00 ff 25 c6 00  |..E.]..%.....%..|
00000f50  00 00 00 00 4c 8d 1d ad  00 00 00 41 53 ff 25 9d  |....L......AS.%.|
00000f60  00 00 00 90 68 00 00 00  00 e9 e6 ff ff ff 68 0e  |....h.........h.|
00000f70  00 00 00 e9 dc ff ff ff  45 6e 74 65 72 20 74 77  |........Enter tw|
00000f80  6f 20 69 6e 74 65 67 65  72 20 6e 75 6d 62 65 72  |o integer number|
00000f90  73 3a 2d 20 00 25 64 20  25 64 00 53 55 4d 20 3d  |s:- .%d %d.SUM =|
00000fa0  20 25 64 2e 0a 00 00 00  01 00 00 00 1c 00 00 00  | %d.............|
........
 AMIGA:amiga~/Desktop/Code/C> _

As you can see by checking the 32 bit jumps, in this case e9 xx xx xx xx you can obfuscate your code by jumping all over the place to non used functions that actually would do something if called, obfuscate() would actually divide two numbers.
So IMHO gcc is not absolutely foolproof.
I have always quoted, even on here, "IF there is a back door I will find it!"
When I am really interested in finding something I will do my best to find it.
# 9  
How do you compile ? Try gcc -Wall -ansi mycode.c -o mycode

I'm guessing, completely. You have to read your manpage for gcc, look for the options for your hardware e.g., SPARC
Compile with the strictest settings you can find. This will eliminate some of the problems you see: gcc compiling stuff that should fail.
Try to use -std=c99 if your compiler supports it, for example. Since you run on OSX and Amiga (I think), I have to punt on what the exact command should be.

PS: a good clean compile means zero warnings/errors
This User Gave Thanks to jim mcnamara For This Post:
# 10  
Ah, now you're starting to jump between function with different amounts of local variables. Meaning these local variables may not actually be allocated properly when you use them or freed properly when you return, causing corruption on the stack (i.e. important pointer values on the stack overwritten with your local variables since stack space was never made for them), causing potential crashes on return when RET jumps into lala land. This is not recommended.

Also, main() is somewhat special, to the point newer compilers have stopped letting you take the address of it.
# 11  
Further, doing things you didn't ask the compiler to do is begging for trouble. The compiler loves to remove things you "don't use", to the point that if you never touch a variable in your program, it might optimize it away completely and use hardcoded values instead. You have to make these variables 'volatile' to force the compiler to not do anything smart and helpful for you.
# 12  
Quote:
Originally Posted by Corona688
Because argv[0] actually exists, even in a program with no arguments - it's the name of the calling program. Again, why should it segfault? What exact fault should it be catching here? Segmentation fault means "touched memory I don't have permission to use", and if you don't do that, you don't get a segfault, even if you leap around like a flea on a hot griddle.
IMO gcc should check for any assembly jumps outside the bounds of any individual function, irrespective of how one compiles it. Just because the first code uses two near identical functions is irrelevant the 'asm()' function is taking functions out of their boundaries.
And, I don't intend, ever, to use this bad coding method at all. It was an exercise in finding out as I was researching about 'goto' inside a function.

--- Post updated at 03:56 PM ---

Quote:
Originally Posted by jim mcnamara
How do you compile ? Try gcc -Wall -ansi mycode.c -o mycode

I'm guessing, completely. You have to read your manpage for gcc, look for the options for your hardware e.g., SPARC
Compile with the strictest settings you can find. This will eliminate some of the problems you see: gcc compiling stuff that should fail.
Try to use -std=c99 if your compiler supports it, for example. Since you run on OSX and Amiga (I think), I have to punt on what the exact command should be.

PS: a good clean compile means zero warnings/errors

Hi Jim...
Absolutely.
However I shouldn't have to type all that just to find out, gcc filename.c should be sufficient.
Code:
Last login: Thu Mar 28 14:56:34 on ttys000
AMIGA:amiga~> cd Desktop/Code/C
AMIGA:amiga~/Desktop/Code/C> gcc -Wall -ansi obfuscate_asm.c -o obfuscate_asm
obfuscate_asm.c:14:2: warning: implicit declaration of function 'asm'
      [-Wimplicit-function-declaration]
        asm("nop;"
        ^
obfuscate_asm.c:40:2: warning: implicit declaration of function 'asm'
      [-Wimplicit-function-declaration]
        asm("jmp    getout;"
        ^
2 warnings generated.
Undefined symbols for architecture x86_64:
  "_asm", referenced from:
      _main in obfuscate_asm-09a969.o
      _obfuscate in obfuscate_asm-09a969.o
ld: symbol(s) not found for architecture x86_64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
 AMIGA:amiga~/Desktop/Code/C> _

It should have been __asm__ volatile() but I used the generic 'asm()' as it seems 'universal' even on my AMIGA C compilers.

Thanks for your help...

EDIT:
I didn't add this as an edit, it did so itself.

Last edited by wisecracker; 03-28-2019 at 01:00 PM.. Reason: See EDIT:
# 13  
Apologies if this attaches to the previous post.
As a finale to this thread I decided to compile using the correct 'asm()' function __asm__ volatile() .
Code:
/* Real obfuscation scenario. */

#include <stdio.h>

int addition(int NUM1, int NUM2);
int obfuscate(int NUM1, int NUM2);

int main()
{
    int NUMBER1;
    int NUMBER2;
    int SUM;

    __asm__ volatile("nop;"
    "jmp    out;"
    "in:"
    "nop;");

    printf("Enter two integer numbers:- ");
    scanf("%d %d", &NUMBER1, &NUMBER2);

    SUM = addition(NUMBER1, NUMBER2);

    printf("SUM = %d.\n", SUM);

    return(0);
}

int addition(int NUM1,int NUM2)
{
    int RESULT;
    RESULT = NUM1 + NUM2;
    return RESULT;
}

int obfuscate(int NUM1,int NUM2)
{
    int RESULT;

    __asm__ volatile("jmp    getout;"
    "nop;"
    "out:"
    "nop;"
    "jmp    in;"
    "getout:"
    "nop;");
    /* Any number of these jimps could be used to hide stuff. */

    RESULT = NUM1 / NUM2;
    return RESULT;
}

Results, OSX 10.14.3, default bash terminal, gcc 4.2.1.
The results are similar for AMIGA OS 3.0.x gcc 2.95.3 and Linunx Mint 19 gcc 7.3.0.
Code:
Last login: Thu Mar 28 18:58:36 on console
AMIGA:amiga~> cd Desktop/Code/C
AMIGA:amiga~/Desktop/Code/C> gcc -Wall -ansi obfuscate_asm.c -o obfuscate_asm
AMIGA:amiga~/Desktop/Code/C> ./obfuscate_asm
Enter two integer numbers:- 123 456
SUM = 579.
AMIGA:amiga~/Desktop/Code/C> hexdump -C obfuscate_asm
........
00000e90  55 48 89 e5 48 83 ec 20  c7 45 fc 00 00 00 00 90  |UH..H.. .E......|
00000ea0  e9 8b 00 00 00 90 48 8d  3d cb 00 00 00 b0 00 e8  |......H.=.......|
00000eb0  92 00 00 00 48 8d 3d da  00 00 00 48 8d 75 f8 48  |....H.=....H.u.H|
00000ec0  8d 55 f4 89 45 ec b0 00  e8 7f 00 00 00 8b 7d f8  |.U..E.........}.|
00000ed0  8b 75 f4 89 45 e8 e8 25  00 00 00 48 8d 3d b9 00  |.u..E..%...H.=..|
00000ee0  00 00 89 45 f0 8b 75 f0  b0 00 e8 57 00 00 00 31  |...E..u....W...1|
00000ef0  f6 89 45 e4 89 f0 48 83  c4 20 5d c3 0f 1f 40 00  |..E...H.. ]...@.|
00000f00  55 48 89 e5 89 7d fc 89  75 f8 8b 75 fc 03 75 f8  |UH...}..u..u..u.|
00000f10  89 75 f4 8b 45 f4 5d c3  0f 1f 84 00 00 00 00 00  |.u..E.].........|
00000f20  55 48 89 e5 89 7d fc 89  75 f8 e9 07 00 00 00 90  |UH...}..u.......|
00000f30  90 e9 6f ff ff ff 90 8b  45 fc 99 f7 7d f8 89 45  |..o.....E...}..E|
00000f40  f4 8b 45 f4 5d c3 ff 25  c4 00 00 00 ff 25 c6 00  |..E.]..%.....%..|
00000f50  00 00 00 00 4c 8d 1d ad  00 00 00 41 53 ff 25 9d  |....L......AS.%.|
00000f60  00 00 00 90 68 00 00 00  00 e9 e6 ff ff ff 68 0e  |....h.........h.|
00000f70  00 00 00 e9 dc ff ff ff  45 6e 74 65 72 20 74 77  |........Enter tw|
00000f80  6f 20 69 6e 74 65 67 65  72 20 6e 75 6d 62 65 72  |o integer number|
00000f90  73 3a 2d 20 00 25 64 20  25 64 00 53 55 4d 20 3d  |s:- .%d %d.SUM =|
00000fa0  20 25 64 2e 0a 00 00 00  01 00 00 00 1c 00 00 00  | %d.............|
........
AMIGA:amiga~/Desktop/Code/C> _

Voila! No error but the jumps are still there.
# 14  
Quote:
Originally Posted by wisecracker
IMO gcc should check for any assembly jumps outside the bounds of any individual function, irrespective of how one compiles it.
It's necessary sometimes, if you're building an operating system for example, to insert special instructions here and there without the compiler's interference. That's the kind of thing asm() is for. gcc will insert raw assembly if you ask, but you really have to know what you're doing since it can't protect you( though some more advanced syntax lets you warn gcc about side-effects instead). Plain, non-ASM goto (yes, it exists, very rarely used) wouldn't let you jump out of bounds.
This User Gave Thanks to Corona688 For This Post:
Login or Register for Dates, Times and to Reply

Previous Thread | Next Thread
Thread Tools Search this Thread
Search this Thread:
Advanced Search

10 More Discussions You Might Find Interesting

1. Programming

C. To segmentation fault or not to segmentation fault, that is the question.

Oddities with gcc, 2.95.3 for the AMIGA and 4.2.1 for MY current OSX 10.14.1... I am creating a basic calculator for the AMIGA ADE *NIX emulator in C as it does not have one. Below are two very condensed snippets of which I have added the results inside the each code section. IMPORTANT!... (11 Replies)
Discussion started by: wisecracker
11 Replies

2. Programming

This code keeps giving me a segmentation fault why?

#include<stdlib.h> #include <pthread.h> #include "tlpi_hdr.h" #include <stdio.h> static volatile int glob = 0; static struct { pthread_t t1,t2; } *thread; static void * /* Loop 'arg' times incrementing 'glob' */ threadFunc(void *arg) { int loops = *((int *) arg); ... (1 Reply)
Discussion started by: fwrlfo
1 Replies

3. Programming

Using gdb, ignore beginning segmentation fault until reproduce environment segmentation fault

I use a binary name (ie polo) it gets some parameter , so for debugging normally i do this : i wrote script for watchdog my app (polo) and check every second if it's not running then start it , the problem is , if my app , remain in state of segmentation fault for a while (ie 15 ... (6 Replies)
Discussion started by: pooyair
6 Replies

4. Programming

C code : Segmentation fault

Hi Friends, I have written a small code in C which performs the below operations Task : 1 ) read line by line from a file. 2 ) assuming 3th and 4th fields of the file as GN and GNTO 3 ) The target file should contain all the fields except GNTO. 4... (3 Replies)
Discussion started by: kiran_bhatter
3 Replies

5. UNIX for Dummies Questions & Answers

Compile & Run Java Code

The java program is a part of speech tagger -> The Stanford NLP (Natural Language Processing) Group The goal is to use this script as part of a webpage to tag parts of speech based on a user-inputted string. I have no idea what to do with the files - I'm a complete *nix noob. I tried running... (4 Replies)
Discussion started by: tguillea
4 Replies

6. AIX

Segmentation fault in nsgetcinfo in aix 64-bit c code

Hello, I am running on a AIX5.2 server with Oracle 10g and 9i. My code compiles and works fine in 32-bit mode. The same code compiles in 64-bit and runs good. The program catches CNTRL-C signal to terminate. Only on 64-bit code when i hit CNTRL-C, the program exits with segmentation... (0 Replies)
Discussion started by: sumesh0710
0 Replies

7. Programming

segmentation fault

If I do this. Assume struct life { char *nolife; } struct life **life; // malloc initialization & everything if(life->nolife == 0) Would I get error at life->nolife if it is equal to 0. wrong accession? (3 Replies)
Discussion started by: joey
3 Replies

8. Programming

segmentation fault

ive written my code in C for implementation of a simple lexical analyser using singly linked list hence am making use of dynamic allocation,but when run in linux it gives a segmentation fault is it cause of the malloc function that ive made use of????any suggestions as to what i could do??? thank... (8 Replies)
Discussion started by: rockgal
8 Replies

9. Programming

Hi! segmentation fault

I have written a program which takes a directory as command line arguments and displays all the dir and files in it. I don't know why I have a problem with the /etc directory.It displays all the directories and files untill it reaches a sub directory called peers which is in /etc/ppp/peers.the... (4 Replies)
Discussion started by: vijlak
4 Replies

10. AIX

Segmentation fault

I am tring to install Lotus Domino/Notes 5.0.5 on a AIX 4.3.3 server. I go to run the cdrom/ibmpow/install and I get the following error. Lotus Notes for Unix Install Program --------------------------------------------- ./install: 10088 Segmentation fault This had Lotus Notes installed... (1 Reply)
Discussion started by: jshaulis
1 Replies

Featured Tech Videos