{"id":328,"date":"2011-04-13T19:57:06","date_gmt":"2011-04-13T21:57:06","guid":{"rendered":"http:\/\/www.ragestorm.net\/blogs\/?p=328"},"modified":"2011-04-14T20:31:47","modified_gmt":"2011-04-14T22:31:47","slug":"getting-rax","status":"publish","type":"post","link":"https:\/\/www.ragestorm.net\/blogs\/?p=328","title":{"rendered":"Getting RAX Register in C\/C++ or coders that should be killed ;)"},"content":{"rendered":"<p>Just a weird story, suppose I need to get the value of RAX register in x64 inside some function I wrote.<br \/>\nI was using Visual Studio and as you might know in x64 you are not allowed to use the declspec(naked) or the inline __asm keyword anymore, what a shame. So obviously, I could write some .asm file and link it in. But I prefered to come up with more elegant idea. Anyway, I just wanna show you the solution.<\/p>\n<p>if I set up a function such as:<br \/>\nuint64_t getRax() { }<br \/>\nAn empty function which doesn&#8217;t do anything. The compiler will shout at me that it cannot compile such a function because there&#8217;s no any return statement. What a shame. But suppose we could compile that function, we could then just call it and it would immediately return to the caller without doing anything, then we could read the return value, which wasn&#8217;t changed cause the function is empty, thus we could get RAX. Following so far?<\/p>\n<p>A single cast should do the trick. So first, we will have to change the function into:<br \/>\nvoid getRax() { }<br \/>\nNow the compiler will actually compile it. And now we will add a new pointer to a function that returns an actual uint64_t.<\/p>\n<p>Defining a pointer to a function as follows:<br \/>\nuint64_t (*_getRax)()) = getRax;<br \/>\nBut that wouldn&#8217;t compile as well, because the compiler is smart enough to know that we are messing up with types here. We will either end up with a warning or an error, too bad. As we know everything can be casted to void* and that&#8217;s why we need to cast through void* for success, such as:<br \/>\nuint64_t (*_getRax)()  = (void*) getRax;<\/p>\n<p>This way we got rid off the warnings when using W3\/4 or treat warning as errors, the way I usually work. Though I could also disable the warning for the region of that fugly code. However, this is one of the reasons C\/C++ is probably one of the strongest programming languages, this flexibility&#8230;<br \/>\nSurprisingly, I just found that GCC is more permissive in this case than VS.<\/p>\n<p>And then we can simply use it:<br \/>\nuint64_t rax = _getRax();<\/p>\n<p>I wish this could also work:<br \/>\nunsigned char getRax[] = { 0xc3 };<br \/>\nuint64_t (*_getRax)() = (void*) getRax;<br \/>\n_getRax();<br \/>\nBut obviously since DEP is enabled nowadays, it will fail with an awful death :(<\/p>\n<p>It really bothers me that I have to CALL to a RET in order to get RAX accessible in C, LOL. Anyone aware of any intrinsic to do similar things with registers? For some reason I remember something like __EAX in VS, but I couldn&#8217;t find it.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Just a weird story, suppose I need to get the value of RAX register in x64 inside some function I wrote. I was using Visual Studio and as you might know in x64 you are not allowed to use the declspec(naked) or the inline __asm keyword anymore, what a shame. So obviously, I could write [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":""},"categories":[5],"tags":[],"jetpack_featured_media_url":"","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pbWKd-5i","_links":{"self":[{"href":"https:\/\/www.ragestorm.net\/blogs\/index.php?rest_route=\/wp\/v2\/posts\/328"}],"collection":[{"href":"https:\/\/www.ragestorm.net\/blogs\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ragestorm.net\/blogs\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ragestorm.net\/blogs\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ragestorm.net\/blogs\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=328"}],"version-history":[{"count":5,"href":"https:\/\/www.ragestorm.net\/blogs\/index.php?rest_route=\/wp\/v2\/posts\/328\/revisions"}],"predecessor-version":[{"id":335,"href":"https:\/\/www.ragestorm.net\/blogs\/index.php?rest_route=\/wp\/v2\/posts\/328\/revisions\/335"}],"wp:attachment":[{"href":"https:\/\/www.ragestorm.net\/blogs\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=328"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ragestorm.net\/blogs\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=328"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ragestorm.net\/blogs\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=328"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}