Executing x86 machine code from char array in C/C++

The idea is:

1. create bunch of char array in a file containing the machine code(not as const)
2. mark the memory as executable with mprotect or VirtualProtect.
3. declare typedef function with their correct parameters and pointing to the address of our char array
4. call it

It's just pretty straightforward for a simple function, like a function that do x+1 or a*b, but function calling another function(e.x.: function calling strlen, malloc, etc.) needs the pointer to be calculated at first or the function will call wrong code(undefined berhaviour).

Okay so let's start. I've been make simple function that XOR 7303014 by x. This is the code

#include <stdio.h>
 
int foo_bar(int baz) {
 int foo=7303014;
 return foo^baz;
}
 
int main() {
 int val=1904132;
 int out=foo_bar(val);
 printf("%s",&out);
 return 0;
}

It looks simple right. It only prints string "bar" in the console. Now what we need is the foo_bar function as machine code. Open Hex Editor and open the executable then find the function.

Note: We are using x86 byte code for this. Take care of this if you're try to compile it as 64-bit code.
The highlighted hex is the foo_bar function that we need to get their machine code representation and put them in our new code. This is our char array declaration

char foo_bar[]={0x55, 0x89, 0xE5, 0x83, 0xEC, 0x10, 0xC7, 0x45, 0xFC, 0x66, 0x6F, 0x6F, 0x00, 0x8B, 0x45, 0x08, 0x8B, 0x55, 0xFC, 0x31, 0xD0, 0xC9, 0xC3};

Now we have completed point 1 above, now let's make some code to finish point 2, 3, and 4

typedef int (*foo_bar_t)(int );

int main() {
 foo_bar_t foo=(foo_bar_t)(void*)foo_bar;
 DWORD old_protect;
 VirtualProtect(foo,sizeof(foo_bar),PAGE_EXECUTE_READWRITE,&old_protect);
 int out=foo(0);
 printf("%s",&out);
 return 0;
}

Q: Why cast to void* first then cast it to foo_bar_t?
A: Visual Studio doesn't like casting foo_bar_t directly from char* so, cast it to void* first. GCC works fine without cast to void* above.

Ok that's our complete main function. Now let's explain it.

The point 2 is in the VirtualProtect function. VirtualProtect function mark address pointed by foo variable to be executable, readable, and writeable(see PAGE_EXECUTE_READWRITE). Without this call, point 4 will very likely to fail(throws Segmentation Fault/Access Violation)(be sure to include Windows.h)
The point 3 is above the main. The typedef.
Then, point 4 is below point 2. Again, calling the function without setting the memory protection would likely causes your program stop working.

Alright, this is the complete code

#include <stdio.h>
#include <windows.h>
 
typedef int (*foo_bar_t)(int );
 
char foo_bar[]={0x55, 0x89, 0xE5, 0x83, 0xEC, 0x10, 0xC7, 0x45, 0xFC, 0x66, 0x6F, 0x6F, 0x00, 0x8B, 0x45, 0x08, 0x8B, 0x55, 0xFC, 0x31, 0xD0, 0xC9, 0xC3};
 
int main() {
 foo_bar_t foo=(foo_bar_t)(void*)foo_bar;
 DWORD old_protect;
 VirtualProtect(foo,sizeof(foo_bar),PAGE_EXECUTE_READWRITE,&old_protect);
 int out=foo(0);
 printf("%s",&out);
 return 0;
}

Now let's compile it and run it.

Our program run without error. That means we've been successfully run our machine code. That's for today.

Challenge: Compile both complete code above and find out why it prints "bar" and "foo".

Thinking out Loud "creepy" sound explained

Yesterday(15 May 2015) i have chat with my friends about Thinking out Loud song by Ed Sheeran, he says that it has "creepy" sound in it and he says that the news has been spreading in the world, specially in Indonesia (i think). I don't think that there's a "creepy" sound in it, so solve this "mystery"

First, i load up FL Studio and WaveCandy plugin in Master track, also loaded preset "Wine" with disabled "Blur Behind"(because i use Windows 8). Also extending the width of the Visualizer

Then i load Thinking out Loud song in Playlist as Audio Clip by dragging the file from File Explore to FL Studio 12 Playlist

My friend says that the "creepy" sound is right after Ed Sheeran says "baby my heart" so i'm listening the song and i reach it, i send this sound sample to my friend first.
My friend then respond to the sample that i send and he says "yes, that's it, i can hear it", i try to increase my speaker's volume, try to find where is the sound, and i hear something weird.
It's very likely that his(Ed Sheeran) sound looks weird while he's sliding his sound, then i upload one more sample again to my friend.


Then i see spectrum and this image is generated when i play the song(lyric: "Baby my, heart")

I mark the "creepy" sound in blue in picture above.

That's it, so i hear it again and again and i can sure that it's just Ed Sheeran voice sound weird after he says "Heart".

Summary: It's just his sound that sound weird for us, my friend also says "And there's nothing wrong in the recording he says". So the "creepy" in this post is just his voice sliding and sound weird.

That's my opinion about this, your opinion might be different

Run Windows 8 Metro Application from Desktop Application

After failed to create Rainmeter plugin which launch windows 8 application, i decide to make an application which launch windows 8 application from console application.

File: IApplicationAcitvationManager.h (For GCC/G++ Compiler)

// IApplicationActivationManager for MinGW
#pragma once
#ifdef _MSC_VER
#error "Not for Microsoft Compiler!"
#endif
#ifndef _SHLOBJIDL_H 
#include <shobjidl.h>
#endif
 
#ifdef __cplusplus
extern "C" {
#endif
const IID IID_IApplicationActivationManager={0x2e941141,0x7f97,0x4756,{0xba,0x1d,0x9d,0xec,0xde,0x89,0x4a,0x3d}};  // Visual Studio 2012 ShObjIdl.h:9159
const CLSID CLSID_ApplicationActivationManager={0x45BA127D,0x10A8,0x46EA,{0x8A,0xB7,0x56,0xEA,0x90,0x78,0x94,0x3C}}; // Visual Studio 2012 ShObjIdl.h:9399
 
typedef enum ACTIVATEOPTIONS {
 AO_NONE=0,
 AO_DESIGNMODE=1,
 AO_NOERRORUI=2,
 AO_NOSPLASHSCREEN=4
} ACTIVATEOPTIONS;
 
#define INTERFACE IApplicationActivationManager
DECLARE_INTERFACE_(IApplicationActivationManager,IUnknown) {
 STDMETHOD(QueryInterface)(THIS_ REFIID,PVOID*) PURE;
 STDMETHOD_(ULONG,AddRef)(THIS) PURE;
 STDMETHOD_(ULONG,Release)(THIS) PURE;
 // Activates the specified Windows Store app for the generic launch contract (Windows.Launch) in the current session.
 STDMETHOD(ActivateApplication)(THIS_ const wchar_t*,const wchar_t*,ACTIVATEOPTIONS,unsigned long*) PURE;
 // Activates the specified Windows Store app for the file contract (Windows.File).
 // IShellItem doesn't exist. Replace with LPVOID
 STDMETHOD(ActivateForFile)(THIS_ const wchar_t*,void*,const wchar_t*,unsigned long*) PURE;
 // Activates the specified Windows Store app for the protocol contract (Windows.Protocol).
 // IShellItem doesn't exist. Replace with LPVOID
 STDMETHOD(ActivateForProtocol)(THIS_ const wchar_t*,void*,unsigned long*) PURE;
};
#undef INTERFACE
#ifdef __cplusplus
}
#endif

And here's the application to launch Windows 8 Application from desktop(File Apptest.cpp)

#include <stdio.h>
#include <Windows.h>
#include <ShObjIdl.h>
#include <string>
#ifndef _MSC_VER
#include "IApplicationActivationManager.h"
extern "C" __declspec(dllimport) HRESULT __stdcall CoAllowSetForegroundWindow(IUnknown *pUnk,LPVOID lpvReserved);
#endif
 
int main(int argc,char** argv) {
 IApplicationActivationManager* _;
 std::string __;
 size_t ___;
 if(argc<2) {
  printf("usage: %s <app package id>\r\n",argv[0]);
  return 1;
 }
 __=argv[1];
 CoInitializeEx(nullptr,COINIT_APARTMENTTHREADED);
 CoCreateInstance(CLSID_ApplicationActivationManager,nullptr,CLSCTX_LOCAL_SERVER,IID_IApplicationActivationManager,(void**)&_);
 CoAllowSetForegroundWindow(_,nullptr);
 _->ActivateApplication(std::wstring(__.begin(),__.end()).c_str(),nullptr,AO_NONE,(DWORD*)&___);
 return 0;
}

Command Line i used to Compile: g++ -std=c++11 -o ConsoleApplication1.exe -L"%VSLIBDIR%" -static-libgcc -static-libstdc++ ConsoleApplication1/AppTest.cpp -lole32 -loleaut32
Set VSLIBDIR to your Windows 8 SDK Lib directory(for CoInitializeEx and CoAllowSetForegroundWindow)(Windows 8 SDK)

Note: Tested in Visual Studio 2012 and GCC v4.8.1
Note2: Enum app package id powershell command(source):

$installedapps = get-AppxPackage
foreach ($app in $installedapps)
{
    foreach ($id in (Get-AppxPackageManifest $app).package.applications.application.id)
    {
        $app.packagefamilyname + "!" + $id
    }
}