If I want to redirect execution to another function in assembly, I can do something like this:
push 0deadbeefh ; function pointer to some random function ret
But lets say, in C
void* func_ptr = (void*) 0xdeadbeef;
Assuming I have the above variable storing a function pointer to a random function in the code. If I don't know which parameters the end function takes, is it possible to
jmp to this function using only its function pointer?
As soon as you start doing anything like this, you quickly get into undefined dangerous things that might not always work, and may be architecture-dependant. However, ignoring that, you may be able to do the following:
void (*func_ptr)() = (void (*)()) 0xdeadbeef; func_ptr();
func_ptr is defined as a pointer to a function taking unspecified arguments, and returning
void. It's called as any other function pointer (or function) is.
This code compiles for x86-64 GCC 10.1 and Clang 10.0.0 with
-Wall -Wextra -Werror -pedantic. Both compilers generate a single
jmp. They can do this because it's a tail call from a function returning
User contributions licensed under CC BY-SA 3.0