Gamestudio Links
Zorro Links
Newest Posts
New FXCM FIX Plugin
by flink. 06/04/24 07:30
AlpacaZorroPlugin v1.3.0 Released
by kzhao. 05/22/24 13:41
Free Live Data for Zorro with Paper Trading?
by AbrahamR. 05/18/24 13:28
Change chart colours
by 7th_zorro. 05/11/24 09:25
AUM Magazine
Latest Screens
The Bible Game
A psychological thriller game
SHADOW (2014)
DEAD TASTE
Who's Online Now
1 registered members (monk12), 1,487 guests, and 9 spiders.
Key: Admin, Global Mod, Mod
Newest Members
AemStones, LucasJoshua, Baklazhan, Hanky27, firatv
19058 Registered Users
Previous Thread
Next Thread
Print Thread
Rate Thread
Page 3 of 4 1 2 3 4
Re: Assertion macro [Re: WretchedSid] #343412
10/06/10 04:23
10/06/10 04:23
Joined: Mar 2002
Posts: 1,774
Magdeburg
F
FlorianP Offline
Serious User
FlorianP  Offline
Serious User
F

Joined: Mar 2002
Posts: 1,774
Magdeburg
The lite-C compiler is a pretty lightweight thingy for using the engine - it was never intended to replace 'real' c-compilers.
If you have 'a clue' about assembler then why would you take the limitations of lite-c instead of using f.i. c++?
Mostly because SED lacks basic features that are pretty much standard when developing larger programs


I <3 LINQ
Re: Assertion macro [Re: FlorianP] #343415
10/06/10 06:31
10/06/10 06:31
Joined: Apr 2007
Posts: 3,751
Canada
WretchedSid Offline OP
Expert
WretchedSid  Offline OP
Expert

Joined: Apr 2007
Posts: 3,751
Canada
Yeah, SED is really far far behind a real IDE, but this is imo no reason to castrate the compiler...
And for the record: I use a C++ compiler for my library and this isn't a Lite-c only project, in fact its just a port and I don't want to maintain two versions of my library (Once the normal one and then the Lite-C one with dll and extra header).
Even a simple inline assembler would do the trick.

Edit: Und wenn ein inline assembler auf gar keinen Fall rein kommt, wie wäre es mit der Möglichkeit .s files direkt zu kompilieren? Das bisschen um eine Funktion herum is ja jetzt auch kein Hindernis.

Last edited by JustSid; 10/06/10 06:36.

Shitlord by trade and passion. Graphics programmer at Laminar Research.
I write blog posts at feresignum.com
Re: Assertion macro [Re: Bunsen] #343418
10/06/10 09:06
10/06/10 09:06
Joined: Jan 2003
Posts: 4,615
Cambridge
Joey Offline
Expert
Joey  Offline
Expert

Joined: Jan 2003
Posts: 4,615
Cambridge
Code:
double fmod_native(double x, double y)
{
	double ptr(double,double);
	static char machine_code[] = {
		0x55,			// push ebp
		0x8B, 0xEC,		// mov ebp, esp
		0xDD, 0x45, 0x10,	// fld qword ptr [ebp+0x10]
		0xDD, 0x45, 0x08,	// fld qword ptr [ebp+0x08]
		0xD9, 0xF8,		// fprem
		0xDD, 0x5D, 0xF8,	// fstp qword ptr [ebp-0x08]
		0xDD, 0xD8,		// fstp st(0)
		0xDD, 0x45, 0xF8,	// fld qword ptr [ebp-0x08]
		0x5D,			// pop ebp
		0xC3			// ret
	};
	ptr = machine_code;
	ptr(x, y);
}

void main()
{
	printf("fmod(7.0, 5.0) = %f", fmod_native(7.0, 5.0));
}


this is a security risk and should definitely not work. that's exactly how hackers inject code and execute it. i thought this would be gone with the no execution bit on newer processors...

Re: Assertion macro [Re: Joey] #343420
10/06/10 09:18
10/06/10 09:18
Joined: Apr 2007
Posts: 3,751
Canada
WretchedSid Offline OP
Expert
WretchedSid  Offline OP
Expert

Joined: Apr 2007
Posts: 3,751
Canada
Thats not a security risk and not the same way hackers inject code into your application.

However, I agree that this isn't the nicest and cleanest solution and that there is a need for an official inline assembler function/macro/what ever.


Shitlord by trade and passion. Graphics programmer at Laminar Research.
I write blog posts at feresignum.com
Re: Assertion macro [Re: WretchedSid] #343534
10/06/10 22:03
10/06/10 22:03
Joined: Jan 2003
Posts: 4,615
Cambridge
Joey Offline
Expert
Joey  Offline
Expert

Joined: Jan 2003
Posts: 4,615
Cambridge
It is. I'm not sure this works anyway (haven't tested it) since the function is not on the heap when you define it as static variable. I thought you'd have to allocate space on the heap, but I could be mistaken here. Anyway, I don't think the memory page you're writing your data into is marked PAGE_EXECUTE_READWRITE. I think you have to call VirtualProtect to change that.
Implementing this one could even write an own inline assembler.

Re: Assertion macro [Re: Joey] #343549
10/07/10 06:47
10/07/10 06:47
Joined: Apr 2007
Posts: 3,751
Canada
WretchedSid Offline OP
Expert
WretchedSid  Offline OP
Expert

Joined: Apr 2007
Posts: 3,751
Canada
No it isn't. The memory is accessible for your application and the kernel. There is no way to let user input new commands so every other access would result in an segfault.
What hackers uses are overflows to inject new code, thats why strcpy() is a bad function.


Shitlord by trade and passion. Graphics programmer at Laminar Research.
I write blog posts at feresignum.com
Re: Assertion macro [Re: WretchedSid] #343581
10/07/10 14:18
10/07/10 14:18
Joined: Jan 2003
Posts: 4,615
Cambridge
Joey Offline
Expert
Joey  Offline
Expert

Joined: Jan 2003
Posts: 4,615
Cambridge
let's ask allmighty wikipedia:
Originally Posted By: http://en.wikipedia.org/wiki/NX_bit
[the nx-bit] is used to prevent certain types of malicious software from taking over computers by inserting their code into another program's data storage area and running their own code from within this section; this is known as a buffer overflow attack.

That's why DATA memory should NOT be allowed to be executed. You say there is no way to let users input new commands? But in your next sentence you tell us how... well, the segmentation fault should occur if you try to execute data memory.

Re: Assertion macro [Re: Joey] #343584
10/07/10 14:30
10/07/10 14:30
Joined: Apr 2007
Posts: 3,751
Canada
WretchedSid Offline OP
Expert
WretchedSid  Offline OP
Expert

Joined: Apr 2007
Posts: 3,751
Canada
Interesting, you all mighty wiki says its in the last sentence:
Quote:
this is known as a buffer overflow attack.


The posted code is in no case a buffer overflow and also not a stack overflow.
I told you that you can inject new code when you let the user write into the memory by eg. don't check your strings but just use strcpy. That is _NOT_ the case in the sample code.

Segfaults should also not occur when you try to execute something from the heap but only when you try to access unmapped memory.


Shitlord by trade and passion. Graphics programmer at Laminar Research.
I write blog posts at feresignum.com
Re: Assertion macro [Re: WretchedSid] #343595
10/07/10 18:10
10/07/10 18:10
Joined: Jan 2003
Posts: 4,615
Cambridge
Joey Offline
Expert
Joey  Offline
Expert

Joined: Jan 2003
Posts: 4,615
Cambridge
Of course your code is not a buffer overflow. That's not what I'm talking about. I meant executing data memory. You began talking about how that can be done - via a buffer overflow or whatever. And that's why you shouldn't be able to do it. Simples.

Re: Assertion macro [Re: Joey] #343597
10/07/10 18:24
10/07/10 18:24
Joined: Apr 2007
Posts: 3,751
Canada
WretchedSid Offline OP
Expert
WretchedSid  Offline OP
Expert

Joined: Apr 2007
Posts: 3,751
Canada
No, you have mistaken me. Your point was that the code is evil because hackers use this to inject new code. I wanted to show you that you are wrong because the code isn't evil, I never wanted to argue about the NX-Bit or the evil heap. (Did you know that you can also have code on the stack and execute it? What about an NX-Bit for the stack?)

And by the way, instead of writing save code without using functions that are clearly marked as evil (like strcpy), you want to prevent anyone from executing something from the heap? Thats like saying "Ouh, my teeth hurts like hell. Lets cut of my head so I don't feel 'em anymore"
Just my 2 cents about the NX-Bit


Shitlord by trade and passion. Graphics programmer at Laminar Research.
I write blog posts at feresignum.com
Page 3 of 4 1 2 3 4

Moderated by  HeelX, Lukas, rayp, Rei_Ayanami, Superku, Tobias, TWO, VeT 

Gamestudio download | chip programmers | Zorro platform | shop | Data Protection Policy

oP group Germany GmbH | Birkenstr. 25-27 | 63549 Ronneburg / Germany | info (at) opgroup.de

Powered by UBB.threads™ PHP Forum Software 7.7.1