@Soroush, here’s an example that might help you better understand what’s going on behind the scenes:<\/p>\n
#include \n\nint main(void)\n{\n printf(\"begin\\n\");\n printf(\"loop\\n\");\n\n \/\/ declare a function pointer\n int (*loopPtr)();\n \/\/ set the function pointer to the current function\n loopPtr = main;\n \/\/ skip over the first printf();\n loopPtr += 22;\n \/\/ call the new location\n loopPtr();\n}\n<\/code><\/pre>\nFor me, it works on x86_64 when compiled with clang -O0<\/code> (well, it works until the stack is exhausted since this is infinite recursion and each function call chews through stack space).<\/p>\nI determined the offset 22 by compiling, then disassembling and subtracting the address of the start of main()<\/code> from the address of the second printf()<\/code>.<\/p>\nFirst, I compiled it:<\/p>\n
clang -O0 test.c\n<\/code><\/pre>\nThen disassembled it:<\/p>\n
otool -tv a.out\n<\/code><\/pre>\n…which produced this output:<\/p>\n
[...]\n_main:\n0000000100000ee0 pushq %rbp\n0000000100000ee1 movq %rsp,%rbp\n0000000100000ee4 subq $0x20,%rsp\n0000000100000ee8 leaq 0x00000073(%rip),%rdi\n0000000100000eef movb $0x00,%al\n0000000100000ef1 callq 0x100000f40\n0000000100000ef6 leaq 0x0000006c(%rip),%rdi\n0000000100000efd movl %eax,0xf4(%rbp)\n0000000100000f00 movb $0x00,%al\n0000000100000f02 callq 0x100000f40\n[...]\n<\/code><\/pre>\n_main:<\/code> indicates the entrypoint of the main()<\/code> function, whose first address is 0x100000ee0. The first callq<\/code> instruction corresponds with the first printf()<\/code> call, which I want to skip, so I chose the address just after that: 0x100000ef6. 0x100000ef6 minus 0x100000ee0 is 22 decimal.<\/p>\nOriginally posted 2013-11-09 23:34:32. <\/small><\/p>","protected":false},"excerpt":{"rendered":"
@Soroush, here’s an example that might help you better understand what’s going on behind the scenes: #include int main(void) { printf(“begin\\n”); printf(“loop\\n”); \/\/ declare a function pointer int (*loopPtr)(); \/\/ set the function pointer to the current function loopPtr = main; \/\/ skip over the first printf(); loopPtr += 22; \/\/ call the new location […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1170","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/posts\/1170","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/comments?post=1170"}],"version-history":[{"count":0,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/posts\/1170\/revisions"}],"wp:attachment":[{"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/media?parent=1170"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/categories?post=1170"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/unknownerror.org\/index.php\/wp-json\/wp\/v2\/tags?post=1170"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}