How do you do it? I couldn't find any good documentation about it. I'd prefer it if the code can be compiled with NASM since that's what I use.

well, if you are just trying to exec something, that would be an OS call. DOS has an interrupt for this - but I would assume you are using linux since everyone else here does. The basic premise is you write your code to memory and the move the instruction pointer there. You could also call a far jump by using the appropriate load command and calling the proper jump. The latter suggestion isn't quite pretty since you are just running other code in teh middle of your parent app. Not really sure exactly what you want to do though.

Most executables are more than just the binary code that gets executed. So if you're loading up an EXE (for DOS/Win) or a Linux binary, you have to sort through all the other stuff that's in the file as well. Which is why different OS'es have system calls (software-generated interrupts, usually) for loading and executing another file. The OS handles the interpretation of the rest of the ELF (Linux) or PE (Windows) or whatever file format.

But like sedarious said, if you don't want to execute just a binary file, but the actual sequence of binary code, you allocate space for it, write it to that space, screw around with the Intel segment descriptors a bit to mark that space as "executable, read-only", and do either a long jmp to it, or push its address and execute a long ret.

The long jmp will work when one user program is executing another directly -- of course, it probably needs the OS to mark descriptors, but I'll ignore that for the moment. The push, ret sequence is for when privilege level 0 code (a lot of OS code is PL 0) wants to execute PL 3 (user-space) code. The only way, in Intel's protection scheme, to transition from a lower-numbered (higher-privilege) level to a higher-numbered (lower-privilege) one is to return. That's it. Call gates can only point "up" in privilege level, and it's the same with interrupt gates. You can't call the code, and you can't use jmp, so you have to simulate a jmp.

Originally posted by bwkaz
But like sedarious said, if you don't want to execute just a binary file, but the actual sequence of binary code, you allocate space for it, write it to that space, screw around with the Intel segment descriptors a bit to mark that space as "executable, read-only", and do either a long jmp to it, or push its address and execute a long ret.Yeah, that's what I want to do. Load a raw binary file (like a .com file) into memory somewhere, jump to it and tell the processor to execute that code, then return back to the calling program. I don't want to use OS calls for it, but I have no clue how to do it and I can't find any tutorials or well commented code about it.

well, you could just write that code INTO your current program during runtime. Make a "buffer" that will contain the code to be executed making sure that it has a RET statment at the end. Then simply "call buffer". I am pretty sure this will work in NASM. Hell, I have executed variables before by accident... :rolleyes:


edit: actually, if you knew what the assembled ret statement was like in ASM, you could manually append it to the end of your binary code string. You could find out my simply putting the ret line in a file and assembling it. You may or may not want to preserve some of the registers before doing this.

here is some code/pseudocode


SECTION .data USE32
bin db 'stuff.bin',0
handle dw 0
buffersize db 0x100

SECTION .text USE32
;open file
;I forget the ints and whatnot
;I will post later
mov word [handle],ax
mov ah,0x3F
mov bx,[handle]
mov cx,[buffersize]
mov dx,buffer
int 0x21
mov bx,buffer
call bx ;??? not sure if this is legal

mov ah,0x4c
int 0x21

SECTION .bss
buffer resb 0x100

Windows or DOS? In both cases, generally, simply load code into memory and call it.

How can be the the push, ret sequence used when privilege level 0 code (a lot of OS code is PL 0) wants to execute PL 3 (user-space) code ? Will u please provide a sample code for that ?