Function execution time Example. (C++)

std::chrono::system_clock::time_point start = std::chrono::system_clock::now();

myFunc();

std::chrono::duration<double> sec = std::chrono::system_clock::now() - start;

std::cout << "The time taken to perform the function myFunc()  : " << sec.count() << " seconds" << std::endl;

Create Thread Class Example (C++)

The class "std :: thread" exists but has been created for fun.

ThreadClass.h

#pragma once

#include <iostream>

#include <windows.h>

class ThreadClass

{

public:

ThreadClass();

~ThreadClass();

void start();

void stop();

bool isRun();

static DWORD __stdcall run_(void* p);

virtual void run() = 0;

protected:

bool threadRunFlag;

HANDLE m_Thread;

};

ThreadClass.cpp

#include "ThreadClass.h"

//

//\brief constructor,

//\param

//\return

//

ThreadClass::ThreadClass()

{

this->threadRunFlag = false;

}

//

//\brief destructor

//\param

//\return

//

ThreadClass::~ThreadClass()

{

if (this->isRun()) {

this->stop();

}

}

//

//\brief  thread start

//\param

//\return

//

void ThreadClass::start()

{

m_Thread = CreateThread(0, 0, run_, (void*)this, 0, 0);

}

///

///\brief thread end

///\param

///\return

///

void ThreadClass::stop()

{

this->threadRunFlag = false;

// to be...

}

//

//\brief thread status

//\param

//\return

//

bool ThreadClass::isRun()

{

return this->threadRunFlag;

}

//

//\brief thread run

//\param

//\return

//

DWORD __stdcall ThreadClass::run_(void * p)

{

ThreadClass* const THISCLASS = static_cast<ThreadClass*>(p);

THISCLASS->threadRunFlag = true;

THISCLASS->run();

return 0;

}

Shared folder permission setting (If you can not access the shared folder)

Problem :

I set up a shared folder in Virtualbox, but I can not access the shared folder.  

Solve :

Installing the VirtualBox Guest Additions  -> Automatically mount shared folders with VirtualBox ("/media /sh_foldername" will be shown) -> Add Ubuntu users to your vboxsf group

$ sudo -s

Input root password

$ usermod -aG vboxsf <youruser>

$ reboot

Qmake error (QT)

Error:

linux Could not determine which "make" command to run. Check the "make" step in the build configuration.

Solve :

$ sudo apt install cmake g++

$ sudo apt remove libgl1-mesa-dev
$ sudo apt install libgl1-mesa-dev

Hooking Example (case 2. class method hooking)

This is an example of hooking a class function.

This article doesn't have many examples of hooking c ++ classes.

The following code:

Class TestClass {

Public:

…

int myPrintf(const std::string & id, const int & value);

…

}

Hook code:

int TestClass::myPrintf(const std::string & id, const int & value) {

    typedef int (TestClass::*HookFunction)(const std::string & id, const int & value);

    static HookFunction orgMethod = 0;

    if (orgMethod == 0) {

        void *tmpPtr = dlsym(RTLD_NEXT, "Mangling Name");

        memcpy(&orgMethod, &tmpPtr, sizeof(void *));

    }

   

    int orgRetValue;

    orgRetValue = (this->*orgMethod)(id, value);

    return orgRetValue;

#C #C++ #Linux #Embedded #Hooking Example #Hooking #Class Hooking

Hooking Example (case 1. getchar() / rand())

 Hooking Example:

 1. Getchar() / rand

   only C , and this code is meaningless code. Only test!

Target code.

- target.c

  : gcc –o target target.c

Hook code.

- hook.c

  : gcc -shared -fPIC -o hook.so main.c –ldl

Exec:

Normal:

$  ./target

Hook:

$LD_PRELOAD="/home/xxxx/hook_test/hook/hook.so" ./target

*the blue box : privacy.

#C #C++ #Linux #Embedded #Hooking Example #Hooking 

API Hooking

• API Hooking

- A technique to intercept API calls to get control

- The most widely used technique with Message hooking

API ?

- An interface to control the functions provided by the operating system or programming language.

- On Windows, use the Win32 API

*As an example of a process, all processes load kernel32.dll and access the system through ntdll.dll.

*Win32 API: Windows OS can't directly use system resources(memory, file, network, video, sound, etc.) by user applications. It is directly managed by the OS.(due to stability, security, efficiency, and so on.)

=> Using the Win32 API (the meaningful program can't be created without API function.)

#C #C++ #Linux #Embedded #Hooking Example #Hooking #API #API Hooking

Message Hooking

• Message Hooking

- Intercepting messages,  between User <-> OS <-> Applications

- Typical Program SPY ++

* Window based Graphic User Interface : event driven operation

* message : Use the keyboard / mouse to select a menu, select a button, move the mouse, resize the window, move the window, etc…

#C #C++ #Linux #Embedded #Hooking Example #Hooking #Message Hooking

Hooking(Message Hooking / API Hooking)

• Hooking

- Reverse engineering core technology

- techniques that interchange or intercept function calls, messages, events, etc.

- Development of Hook code for bug fix or improvement (source code X)

- Development of Hook code to freely manipulate executable file and process memory

• Hooking Advantages

- execution of user's hook code before/after API call, Message forwarding (additional function)

- Possible to peek or manipulate the return value of API function / parameter passing through hooking function

- Cancels "Send Event", "Call API" or change the execution flow to user code

=> free calling depending on the situation

• Most Popular Hooking

- Message Hooking

- API Hooking

• Hooking points

- IAT (import addres table): A table of which functions in a library refer to which functions.

 => Changing the API address to a hooking function,

- Code: Directly access the API real address from the system library mapped to process memory, and modify the code directly

 - Export Address Table (EAT): A mechanism to use functions provided by library files in other programs: message / API hooking

#C #C++ #Linux #Embedded #Hooking Example #Hooking #Message Hooking

Reverse engineering : Hooking(Message Hooking, API Hooking)

Reverse engineering : Hooking(Message Hooking, API Hooking)

• Reverse engineering

 - Opposition to "Forward Engineering"

 - Techniques to Backtrack about the deployed system
- part of the software maintenance process

• purpose

- to understand the structure and operation principle of the program(using the disassembler / debugger )

- to fix bugs or improve functionality

- freely manipulating executable files and process memory

• uses

- Debugging and patching (Hotfix)

- Modify an application without code

- hacking

#C #C++ #Linux #Embedded #Hooking Example #Hooking #Message Hooking #Reverse engineering

PCANBasic api : PCAN_RECEIVE_EVENT

PCAN_RECEIVE_EVENT를 설정하면 PCAN 데이터를 받을 때에만 동작한다.

CAN_SetValue (class-method : SetValue) 함수를 호출 -> Win32 동기화 함수 (예 : WaitForSingleObject) 중 하나를 사용하여 이벤트 신호를 받을 때까지 대기 ->  CAN_Read (클래스 메소드 : 읽기) 함수로 읽을 수 있으며 CAN 메시지를 처리

SetValue로 이벤트를 설정하고 Win32 동기화 함수를 통해 대기 할 시, 프로세스 로드가 증가 없이 데이터 읽기가 가능하다.

원문 번역.

이벤트를 사용하려면 클라이언트 응용 프로그램이 CAN_SetValue (class-method : SetValue) 함수를 호출하여 매개 변수 PCAN_RECEIVE_EVENT를 설정해야합니다. 이 매개 변수는 이벤트 객체의 핸들을 설정합니다. 메시지를 받으면 드라이버는이 이벤트를 "Signaled"상태로 설정합니다.

다른 스레드는 프로세스 로드를 증가시키지 않고 Win32 동기화 함수 (예 : WaitForSingleObject) 중 하나를 사용하여 이벤트 신호를 받을 때까지 대기하는 클라이언트 어플리케이션에서 시작해야함.

 이벤트가 신호되고 나면 클라이언트의 수신 버퍼를 CAN_Read (클래스 메소드 : 읽기) 함수로 읽을 수 있으며 CAN 메시지를 처리 ​​할 수 ​​있습니다.

ref: http://www.peak-system.com/‎


sample code :

can.h
classA {
....
DWORD readthread(); 
HANDLE m_hEvent; // 이벤트 핸들
....
}
---------------------------------------
can.cpp

DWORD classA::readthread() {

      ....

    LOADAPI.SetValue(m_PcanHandle, PCAN_RECEIVE_EVENT, &m_hEvent, sizeof(m_hEvent));

    if (m_hEvent == NULL) {

        return RETURN::FAIL;

    }

    

    while (1) {

    //Wait for CAN Data...

        result = WaitForSingleObject(m_hEvent, 10000);

        if (result == WAIT_OBJECT_0)

              LOADAPI.Read(m_PcanHandle, &CANMsg, &CANTimeStamp); 

    }