quinor/callprintf.c

## callprintf.c
#include <stdio.h>
#include <string.h>
#include <sys/mman.h>

const char code[] = {
    0x55, 0x48, 0x89, 0xe5, 0x48, 0x83, 0xec, 0x30,
    0x89, 0x7d, 0xfc, 0x48, 0xb8, 0xbe, 0xba, 0xfe,
    0xca, 0xbe, 0xba, 0xfe, 0xca, 0x48, 0x89, 0x45,
    0xf0, 0x48, 0xb8, 0xef, 0xbe, 0xad, 0xde, 0xef,
    0xbe, 0xad, 0xde, 0x48, 0x89, 0x45, 0xe8, 0x48,
    0x8b, 0x45, 0xe8, 0x48, 0x8b, 0x7d, 0xf0, 0x8b,
    0x75, 0xfc, 0x48, 0x89, 0x45, 0xe0, 0xb0, 0x00,
    0x48, 0x8b, 0x4d, 0xe0, 0xff, 0xd1, 0x89, 0x45,
    0xdc, 0x48, 0x83, 0xc4, 0x30, 0x5d, 0xc3,
};

typedef void (*formatter) (int);

formatter make_formatter (const char* format)
{
    formatter fun = mmap(
        0,
        sizeof(code),
        PROT_READ|PROT_WRITE|PROT_EXEC,
        MAP_PRIVATE|MAP_ANONYMOUS,
        -1,
        0
    );
    memcpy(fun, code, sizeof(code));
    *((void**)(fun+13)) = (void*)format;
    *((void**)(fun+27)) = (void*)printf;
    return fun;
}

int main ()
{
    formatter x08_format = make_formatter ("%08x\n");
    formatter xalt_format = make_formatter ("%#x\n");
    formatter d_format = make_formatter ("%d\n");
    formatter verbose_format = make_formatter ("Liczba: %9d!\n");

    x08_format (0x1234);
    xalt_format (0x5678);
    d_format (0x9abc);
    verbose_format (0xdef0);
}

## commands
command below used to separate the function code from the .o file

objcopy -O binary funnyprintf.o funnyprintf --only-section=.text

## funnyprintf.c
void funnyprintf(int x)
{
    const char* fmt = 0xcafebabecafebabe;
    int (*prtf) (const char*, ...) = 0xdeadbeefdeadbeef;
    prtf(fmt, x);
}
	#include <stdio.h>
	#include <string.h>
	#include <sys/mman.h>

	const char code[] = {
	0x55, 0x48, 0x89, 0xe5, 0x48, 0x83, 0xec, 0x30,
	0x89, 0x7d, 0xfc, 0x48, 0xb8, 0xbe, 0xba, 0xfe,
	0xca, 0xbe, 0xba, 0xfe, 0xca, 0x48, 0x89, 0x45,
	0xf0, 0x48, 0xb8, 0xef, 0xbe, 0xad, 0xde, 0xef,
	0xbe, 0xad, 0xde, 0x48, 0x89, 0x45, 0xe8, 0x48,
	0x8b, 0x45, 0xe8, 0x48, 0x8b, 0x7d, 0xf0, 0x8b,
	0x75, 0xfc, 0x48, 0x89, 0x45, 0xe0, 0xb0, 0x00,
	0x48, 0x8b, 0x4d, 0xe0, 0xff, 0xd1, 0x89, 0x45,
	0xdc, 0x48, 0x83, 0xc4, 0x30, 0x5d, 0xc3,
	};

	typedef void (*formatter) (int);

	formatter make_formatter (const char* format)
	{
	formatter fun = mmap(
	0,
	sizeof(code),
	PROT_READ\|PROT_WRITE\|PROT_EXEC,
	MAP_PRIVATE\|MAP_ANONYMOUS,
	-1,
	0
	);
	memcpy(fun, code, sizeof(code));
	((void)(fun+13)) = (void)format;
	((void)(fun+27)) = (void)printf;
	return fun;
	}

	int main ()
	{
	formatter x08_format = make_formatter ("%08x\n");
	formatter xalt_format = make_formatter ("%#x\n");
	formatter d_format = make_formatter ("%d\n");
	formatter verbose_format = make_formatter ("Liczba: %9d!\n");

	x08_format (0x1234);
	xalt_format (0x5678);
	d_format (0x9abc);
	verbose_format (0xdef0);
	}
	command below used to separate the function code from the .o file

	objcopy -O binary funnyprintf.o funnyprintf --only-section=.text
	void funnyprintf(int x)
	{
	const char* fmt = 0xcafebabecafebabe;
	int (prtf) (const char, ...) = 0xdeadbeefdeadbeef;
	prtf(fmt, x);
	}