CEDEC2014 Live Coding in C++
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
5,203
On Slideshare
2,833
From Embeds
2,370
Number of Embeds
8

Actions

Shares
Downloads
46
Comments
0
Likes
33

Embeds 2,370

http://i-saint.hatenablog.com 1,844
https://twitter.com 483
http://feedly.com 35
https://www.inoreader.com 3
http://digg.com 2
https://tweetdeck.twitter.com 1
http://www.newsblur.com 1
http://pmomale-ld1 1

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Live Coding in C++ Seiya Ishibashi 2014/09/02
  • 2. Objective ᮏබ₇䛜┠ᣦ䛩䛸䛣䜝 ● C++ 䛷ᛌ㐺䛻䝀䞊䝮䜢㛤Ⓨ䛩䜛⎔ቃ䜢 ● 䛔䜝䜣䛺㯮㨱⾡䜢㥑౑䛧䛶 ● 䛷䛝䜛䛰䛡ỗ⏝ⓗ䛻 ● 䛷䛝䜛䛰䛡㠀౵ධⓗ䛻 ● ୍ಶே䛾ປຊ䛷ྍ⬟䛺⠊ᅖ䛷 ● ᇶᮏⓗ䛻 Windows ๓ᥦ䛷 ● ᐇ⌧䛩䜛 *ᮏබ₇䛿⚾ಶே䛾ᐇ㦂䛾ᡂᯝ䛷䛒䜚䚸 Unity 䛸䛿≉䛻㛵ಀ䛿䛒䜚䜎䛫䜣 (ᑡ䛺䛟䛸䜒௒⌧ᅾ䛿䚹䛭䛖䛔䛖ヰ䜢ᮇᚅ䛧䛶䛔䛯᪉䛻䛿䛩䜏䜎䛫䜣 )
  • 3. About Me Seiya Ishibashi ● a.k.a i-saint (@i_saint) ● CPU & GPU ඲ຊ䛷䜆䜣ᅇ䛧䛶⨾䛧䛔䜲䞁䝍䝷䜽䝅䝵䞁䜢ᐇ⌧䛩䜛䛾䛜⏕䛝⏥ᩫ ● ୪ิ䝥䝻䜾䝷䝭䞁䜾䜢୰ᚰ䛻䝻䞊䝺䝧䝹඲⯡䜢ᢸᙜ䚹䛯䜎䛻䜾䝷䝣䜱䝑䜽䜒 ● ᭱㏆䛰䛸 Unity 䛱䜓䜣䝇䝔䞊䝆䛾ᗋ䜢ᢸᙜ
  • 4. Topics ● Runtime C++ Code Editing ● State Save ● Inspector
  • 5. Topics ● Runtime C++ Code Editing ● State Save ● Inspector
  • 6. Runtime C++ Code Editing Runtime C++ Code Editing ? ● C++ 䝋䞊䝇䛾ኚ᭦䜢ᐇ⾜୰䛾䝥䝻䜾䝷䝮䛻䝸䜰䝹䝍䜲䝮䛻཯ᫎ䛥䛫䜛ᶵ⬟ ● 䛔䛟䛴䛛䛾ᐇ⿦䛜䛒䜚䚸㡰ḟゎㄝ ● Edit and Continue (Visual Studio) ● Runtime Compiled C++ ● DynamicPatcher
  • 7. Runtime C++ Code Editing ● Edit and Continue (Visual Studio) ● Runtime Compiled C++ ● DynamicPatcher
  • 8. Edit and Continue Edit and Continue ? ● VisualStudio 䛻ഛ䜟䛳䛶䛔䜛ᶵ⬟ ● ᐇ⾜୰䛻䝕䝞䝑䜺䛷Ṇ䜑䛶 C++ 䝋䞊䝇䜢⦅㞟䛩䜛䛸䚸䛭䜜䜢཯ᫎ䛧䛴䛴ᐇ⾜䜢⥅⥆䛷䛝䜛 ● ≉ᐃ䛾䝁䞁䝟䜲䝹䜸䝥䝅䝵䞁 (/ZI) 䜢䛴䛡䛶䝡䝹䝗䛩䜛䛣䛸䛷ᑐᛂྍ⬟ ● 䝀䞊䝮ᒇⓗ䛻ཝ䛧䛔ไ㝈䛜䛔䛟䛴䛛䛒䜛 ○ ᭱㐺໬䛜᭷ຠ䛰䛸౑䛘䛺䛔 ○ x64 ᮍᑐᛂ ○ 䝕䝞䝑䜺䛷Ṇ䜑䛺䛔䛸ኚ᭦䜢཯ᫎ䛷䛝䛺䛔
  • 9. Runtime C++ Code Editing ● Edit and Continue (Visual Studio) ● Runtime Compiled C++ ● DynamicPatcher
  • 10. Runtime Compiled C++ Runtime Compiled C++ ● http://runtimecompiledcplusplus.blogspot.jp/ ● Doug Binks Ặస ● ከ䛟䛾᥇⏝ᐇ⦼䛜䛒䜛 ● Unreal Engine 4 䛾 Hot Reload 䛿኱య䛣䜜䛸ྠ䛨௙⤌䜏
  • 11. Runtime Compiled C++ ᐇ⿦ᡓ␎ 1. 䜲䞁䝍䞊䝣䜵䞊䝇 class 䜢ᐃ⩏䛧䚸⦅㞟ྍ⬟䛻䛧䛯䛔㒊ศ䜢⥅ᢎ䛧䛯 class 䛻㛢䛨㎸䜑䚸DLL 䛻ศ㞳 2. C++ 䝋䞊䝇䜢᭦᪂䛧䛯䜙 DLL 䜢䝡䝹䝗 3. ᑐ㇟ DLL 䛻ᒓ䛩䜛䜸䝤䝆䜵䜽䝖䜢䝅䝸䜰䝷䜲䝈䛧䚸 DLL 䜢䝸䝻䞊䝗䛧䚸䜸䝤䝆䜵䜽䝖䜢䝕䝅䝸䜰䝷䜲䝈
  • 12. Runtime Compiled C++ // main.exe class Interface { public: virtual void Update()=0; virtual void Serialize(...)=0; }; // entity.dll class Entity : public Interface { public: virtual void Update(); virtual void Serialize(...); };
  • 13. Runtime Compiled C++ // main.exe class Interface { public: virtual void Update()=0; virtual void Serialize(...)=0; }; // entity.dll class Entity : public Interface { public: virtual void Update(); virtual void Serialize(...); }; // entity_updated.dll class Entity : public Interface { public: virtual void Update(); virtual void Serialize(...); };
  • 14. Runtime Compiled C++ // main.exe class Interface { public: virtual void Update()=0; virtual void Serialize(...)=0; }; // entity.dll class Entity : public Interface { public: virtual void Update(); virtual void Serialize(...); }; // entity_updated.dll class Entity : public Interface { public: virtual void Update(); virtual void Serialize(...); };
  • 15. Runtime Compiled C++ DLL 䜈䛾ศ๭ ● interface class 䜢⏝ព ● ⦅㞟ྍ⬟䛻䛧䛯䛔༢఩䛷 DLL 䛻ศ๭ (䍦䝥䝻䝆䜵䜽䝖䜢ศ๭ ) ● DLL ഃ䛿 interface 䜢⥅ᢎ䛧䛯 class 䜢ᐇ⿦䛧䚸䛭䛾 factory 㛵ᩘ䜢 exe ഃ䛻ᥦ౪
  • 16. Runtime Compiled C++ DLL 䛾䝡䝹䝗 ● VisualStudio 䛾䝁䞁䝟䜲䝷䜢࿧䜆 ○ 䝺䝆䝇䝖䝸䛛䜙᝟ሗ䜢ᚓ䛶 cl.exe 䜢㉳ື
  • 17. Runtime Compiled C++ DLL 䛾䝸䝻䞊䝗 1. DLL 䛻ᒓ䛩䜛䜸䝤䝆䜵䜽䝖䜢䝅䝸䜰䝷䜲䝈 2. ᪂䛧䛔 DLL 䜢䝻䞊䝗 3. ᪂䛧䛔 DLL 䛷䜸䝤䝆䜵䜽䝖䜢෌⏕ᡂ䛧䚸䝕䝅䝸䜰䝷䜲䝈 4. ྂ䛔䜸䝤䝆䜵䜽䝖䜢◚Რ 5. ྂ䛔 DLL 䜢䜰䞁䝻䞊䝗 ● 䝅䝸䜰䝷䜲䝈䛿䝕䞊䝍ᵓ㐀䛻ኚ᭦䛜䛺䛟䛶䜒ᚲせ ○ 䛭䛖䛧䛺䛔䛸 vtable 䛜᭦᪂䛥䜜䛪䚸ྂ䛔 DLL 䛾㛵ᩘ䜢࿧䜃䛻⾜䛣䛖䛸䛧䛶Ṛ䛼
  • 18. Runtime Compiled C++ pros: ● ᐇ⿦䛜䝅䞁䝥䝹䛛䛴ሀᐇ ● ከ䛟䛾䝥䝷䝑䝖䝣䜷䞊䝮䛷ᐇ⌧ྍ⬟ ● ᭱㐺໬䛜᭷ຠ䛷䜒ᶵ⬟䛩䜛 ● ⦅㞟ᚋ䜒䝕䝞䝑䜺䛷㏣㊧ྍ⬟ cons: ● ⦅㞟ྍ⬟䛻䛧䛯䛔㒊ศ䜢 DLL 䛻ศ㞳䛩䜛ᚲせ䛜䛒䜛 ● 䝅䝸䜰䝷䜲䝈䛜ᚲせ ● interface 䜢⥅ᢎ䛧䛯 class 䛧䛛᭦᪂䛷䛝䛺䛔
  • 19. Runtime C++ Code Editing ● Edit and Continue (Visual Studio) ● Runtime Compiled C++ ● DynamicPatcher
  • 20. DynamicPatcher DynamicPatcher ● https://github.com/i-saint/DynamicPatcher ● Runtime Compiled C++ 䛻䜲䞁䝇䝟䜲䜰䛥䜜䛶స䜚䜎䛧䛯 ● ᪤Ꮡ䛾䝥䝻䝆䜵䜽䝖䛻⡆༢䛻⤌䜏㎸䜑䜛䛣䛸䜢෌ඃඛ䛻タィ ● Riot Games 䛷᥇⏝䛥䜜䛯ᐇ⦼䛒䜚
  • 21. DynamicPatcher ᐇ⿦ᡓ␎ 1. C++ 䝋䞊䝇䜢䝁䞁䝟䜲䝹 2. ⏕ᡂ䛥䜜䛯 .obj 䝣䜯䜲䝹䜢⮬ຊ䛷䝻䞊䝗䠃䝸䞁䜽 3. ྂ䛔㛵ᩘ䜢᪂䛧䛔㛵ᩘ䜈䛾 jmp 䛻᭩䛝᥮䛘䛶᭦᪂
  • 22. DynamicPatcher // main.exe class Entity { public: virtual void Update(); };
  • 23. DynamicPatcher // main.exe class Entity { public: virtual void Update(); }; // entity.obj class Entity { public: virtual void Update(); };
  • 24. DynamicPatcher C++ 䝋䞊䝇䜢䝁䞁䝟䜲䝹 ● msbuild 䛻௵䛫䜛 ○ VisualStudio 䛾䝡䝹䝗䝒䞊䝹 ○ 䝍䞊䝀䝑䝖䜢 “ClCompile” 䛸䛩䜛䛣䛸䛷䝁䞁䝟䜲䝹䛰䛡ᐇ⾜ྍ⬟
  • 25. DynamicPatcher .obj 䝣䜯䜲䝹䛾䝻䞊䝗䠃䝸䞁䜽 ● .obj 䛿䝣䜷䞊䝬䝑䝖䛜බ㛤䛥䜜䛶䛚䜚䚸ẚ㍑ⓗ䜟䛛䜚䜔䛩䛔ᵓ㐀䜢䛧䛶䛔䜛䛯䜑䚸⮬ຊ䝻䞊䝗䠃䝸䞁䜽 䛿䛭䛣䜎䛷㞴䛧䛟䛿䛺䛔 ○ 䝣䜯䜲䝹䝣䜷䞊䝬䝑䝖㈨ᩱ䠖 http://www.skyfree.org/linux/references/coff.pdf
  • 26. DynamicPatcher section 䜢෌㓄⨨䛧䛴䛴䝯䝰䝸ୖ䛻䝬䝑䝥 ● .obj 䝣䜯䜲䝹䛿 section 䛸࿧䜀䜜䜛䝤䝻䝑䜽䛷ᵓᡂ䛥䜜䜛 ● section ẖ䛻Ⰽ䜣䛺ᒓᛶ䛸᝟ሗ䛜௜㝶䛩䜛 ○ 䝕䞊䝍䚸ᐇ⾜䝁䞊䝗䚸䝕䝞䝑䜾᝟ሗ䚸 etc ● 䜰䝷䜲䝯䞁䝖ᣦᐃ䛜䛒䜛 section 䛜䛒䜚䚸.obj 䝣䜯䜲䝹䛾≧ែ䛷䛿䛣䜜䜢⪃៖䛧䛯㓄⨨䛻䛺䛳䛶䛔䛺 䛔䚹⮬ຊ䛷෌㓄⨨䛩䜛ᚲせ䛜䛒䜛 ○ 䛣䜜䜢ᛰ䜛䛸 __m128 䛾 literal 䜢ཧ↷䛺䛹䛷ㅦ䛾䜽䝷䝑䝅䝳䛜㉳䛝䜛 ● VirtualAlloc() 䛷☜ಖ䛧䛯䚸ᐇ⾜ྍ⬟ᒓᛶ௜䛝䛾㡿ᇦ䛻 section 䛾ෆᐜ䜢⛣䛧䛶䛔䛡䜀 ok
  • 27. DynamicPatcher relocation ᝟ሗ䜢ඖ䛻䝅䞁䝪䝹䜢䝸䞁䜽 ● relocation ᝟ሗ: 䝸䞁䜽᫬䛻䛣䛣䛻䛒䛾䝅䞁䝪䝹䛾䜰䝗䝺䝇䜢᭩䛝㎸䜣䛷䛽䚸䛸䛔䛖᝟ሗ ● 䛣䛾᝟ሗ䛻ᚑ䛳䛶䜰䝗䝺䝇䜢᭩䛝㎸䜣䛷䛔䛡䜀䝸䞁䜽䛜᏶஢䛩䜛 ● .obj ෆ䛻䛒䜛䝅䞁䝪䝹䛿 .obj 䛾䝅䞁䝪䝹䝔䞊䝤䝹䛛䜙ྲྀᚓྍ⬟ ● 䝩䝇䝖䝥䝻䜾䝷䝮䛾䝅䞁䝪䝹䛿 SymFromName() 䜒䛧䛟䛿 .map 䝣䜯䜲䝹䛛䜙ྲྀᚓྍ⬟ ○ SymFromName() 䛿 .pdb 䛜ᚲせ䛛䛴㉸㐜䛔ୖ䚸 thread unsafe ○ .map 䝣䜯䜲䝹䜢౑䛖᪉䛜ᮃ䜎䛧䛔 (䛯䛰䛧䝸䞁䜹䜸䝥䝅䝵䞁 /MAP 䛜ᚲせ) ● ≉ᐃ䛾䝅䞁䝪䝹䛿ᖖ䛻䝩䝇䝖䝥䝻䜾䝷䝮䛾䝅䞁䝪䝹䛷䝸䞁䜽䛩䜛ᚲせ䛜䛒䜛 ○ static 䛺䜸䝤䝆䜵䜽䝖䛺䛹䚸ศᩓ䛥䜜䜛䛸ᅔ䜛䜒䛾
  • 28. DynamicPatcher ྂ䛔㛵ᩘ䜢᪂䛧䛔㛵ᩘ䜈䛾 jmp 䛻᭩䛝᥮䛘䛶᭦᪂ ● 㛵ᩘ䛾ඛ㢌 5 byte 䜢᪂䛧䛔㛵ᩘ䜈䛾 jmp 䛻᭩䛝᥮䛘䜛 ○ x86 䛻䛿࿨௧⮬㌟䛻㣕䜃ඛ䜰䝗䝺䝇䜢ྵ䜑䜙䜜䜛 jmp ࿨௧䛜䛒䜛 ○ 䝺䝆䝇䝍䛾ෆᐜ䜢ኚ䛘䛪䛻ไᚚ䜢㣕䜀䛫䜛䛯䜑䚸ᘬᩘ䛜ྠ䛨ᆺ䛾ู䛾㛵ᩘ䛻⡆༢䛻䝸䝎䜲䝺䜽 䝖䛷䛝䜛 ● 㛵ᩘ䛾䜰䝗䝺䝇䛿ኚ䜟䜙䛺䛔䛾䛷 vtable 䛾᭦᪂䛜ᚲせ䛺䛟䛺䜛 ○ 䝅䝸䜰䝷䜲䝈䛺䛧䛷 class 䛾ᣲື䜢ኚ᭦ྍ⬟ ● virtual 㛵ᩘ䛻㝈䜙䛪䜋䛸䜣䛹䛾㛵ᩘ䛾᭦᪂䛜ྍ⬟ ○ inline 㛵ᩘ䛺䛹୍㒊౛እ䛒䜚
  • 29. DynamicPatcher ᪤Ꮡ䛾䝥䝻䜾䝷䝮䛻⤌䜏㎸䜐 ● main() 㛵ᩘ䛻 1 ⾜㊊䛧䛶䝡䝹䝗䛧䛶䜒䜙䛘䜛䛺䜙䛭䜜䛷஦㊊䜚䜛 ● 䛧䛛䛧䝋䞊䝇䛻ኚ᭦䛜ᚲせ䛰䛸ᑟධ䝁䝇䝖䛜ୖ䛜䜛䚹䝋䞊䝇䛾ኚ᭦䛺䛧䛷ᑐᛂ䛧䛯䛔 ● 䛣䛖䛔䛖᫬䛣䛭 DLL Injection
  • 30. DynamicPatcher DLL Injection ● ᪤Ꮡ䛾䝥䝻䜾䝷䝮䛻௵ព䛾 DLL (=௵ព䛾䝁䞊䝗) 䜢ὀධ䛩䜛䝔䜽䝙䝑䜽 ● CreateRemoteThread() 䜢⏝䛔䚸ᑐ㇟䝥䝻䝉䝇䛾୰䛷 LoadLibrary() 䜢࿧䜀䛫䜛 ○ VirtualAlollocEx() 䛷ᑐ㇟䝥䝻䝉䝇ෆ䛻䝯䝰䝸䜢☜ಖ䛧䛶䝻䞊䝗䛥䛫䛯䛔 DLL 䛾䝟䝇䜢᭩䛝㎸ 䜏䚸䛭䜜䜢ᘬᩘ䛸䛧䛶 LoadLibrary() 䜢䜶䞁䝖䝸䝫䜲䞁䝖㛵ᩘ䛸䛧䛶䝇䝺䝑䝗䜢సᡂ ● 䜟䜚䛸䛔䜝䜣䛺䝒䞊䝹䛷⏝䛔䜙䜜䛶䛔䜛 ○ 䝡䝕䜸䜻䝱䝥䝏䝱䝋䝣䝖䚸䜾䝷䝣䜱䝑䜽䝕䝞䝑䜺䚸 etc
  • 31. DynamicPatcher ᪤Ꮡ䛾䝥䝻䜾䝷䝮䛻⤌䜏㎸䜐 (2) ● ୍㐃䛾ᶵ⬟䜢ᐇ⿦䛧䛯 DLL 䜢ᑐ㇟䝥䝻䝉䝇䛻ὀධ ● DLL 䛛䜙䝥䝻䝉䝇㛫㏻ಙ䛷እ㒊䛛䜙㏻ಙ䛩䜛❆ཱྀ䜢㛤䛟 ● 䝸䜽䜶䝇䝖䛻ᛂ䛨䛶᭦᪂䛩䜛㛵ᩘ䛾ᣦᐃ䜔 .obj 䝣䜯䜲䝹䜢䝻䞊䝗䛺䛹䜢⾜䛖 ● ௒ᅇ䛿 VisualStudio 䛾䜰䝗䜲䞁䜢సᡂ䛧䚸ᑐ㇟䝥䝻䝉䝇䛸㏻ಙ䛩䜛䜘䛖䛻䛧䛯 ○ ௨ୗ䛾ᶵ⬟䜢ᐇ⿦ 1. DLL Injection 䛧䛴䛴䝥䝻䜾䝷䝮㉳ື 2. .cpp 䜢䝁䞁䝟䜲䝹䛧䛶䝻䞊䝗䝸䜽䜶䝇䝖䜢㏦䜛 3. ᭦᪂䛩䜛䝅䞁䝪䝹䜢ᣦᐃ
  • 32. DynamicPatcher demo
  • 33. DynamicPatcher ไ㝈䠃ὀពⅬ ● ኚ᭦ᚋ䛾 .cpp 䛿䝕䝞䝑䜺䛷㏣䛘䛺䛟䛺䜛 ○ 䝋䞊䝇䛸䝞䜲䝘䝸䛿ኚ䜟䜛୍᪉䝕䝞䝑䜾᝟ሗ䛿ኚ䜟䜙䛺䛔䛯䜑 ● /LTCG (䝸䞁䜽᫬䝁䞊䝗⏕ᡂ ) 䜸䝥䝅䝵䞁䛷䝁䞁䝟䜲䝹䛥䜜䛯 .obj 䛿ᑐᛂ୙ྍ ○ ㏻ᖖ䛸␗䛺䜛䝣䜯䜲䝹䝣䜷䞊䝬䝑䝖䛻䛺䜛䛯䜑 ● /GR (RTTI ᭷ຠ) 䛷䝁䞁䝟䜲䝹䛥䜜䛯 .obj 䛿༴㝤 ○ vtable 䛾ᵓ㐀䛜ኚ䜟䜛 ● global 䜸䝤䝆䜵䜽䝖䛾䝁䞁䝇䝖䝷䜽䝍ၥ㢟 ○ atexit() 䛷䝕䝇䝖䝷䜽䝍䜢࿧䜆ฎ⌮䜢Ⓩ㘓䛩䜛䛯䜑༴㝤 ● ౛እ ○ ᑐᛂ㞴ᗘ㧗䛧
  • 34. DynamicPatcher pros ● ᪤Ꮡ䛾䝥䝻䝆䜵䜽䝖䛻䛭䛾䜎䜎㐺⏝ྍ⬟ ● ᭱㐺໬䛜᭷ຠ䛷䜒ᶵ⬟䛩䜛 (䛯䛰䛧䝸䞁䜽᫬䝁䞊䝗⏕ᡂ䛿䝎䝯 ) ● 䜋䜌඲䛶䛾㛵ᩘ䜢᭦᪂ྍ⬟ cons ● ⦅㞟ᚋ䝕䝞䝑䜺䛷㏣䛘䛺䛟䛺䜛 ● ᑐᛂྍ⬟䛺䝥䝷䝑䝖䝣䜷䞊䝮䛻኱䛝䛺ไ㝈䛜䛒䜛 ● Ⰽ䚻୙ᛮ㆟䛺ไ㝈䛜䛴䛔䛶䜎䜟䜛
  • 35. Runtime C++ Code Editing ⪃ᐹ ● Edit and Continue ○ x64 ᑐᛂ & ᭱㐺໬᭷ຠ䛜䛺䛔䛸䝀䞊䝮ᒇⓗ䛻ཝ䛧䛔 … ● Runtime Compiled C++ ○ ಙ㢗ᛶ䛾㧗䛥䛿᥇⏝ᐇ⦼䛜ド᫂῭䜏 ○ 䛧䛛᪤Ꮡ䛾䝥䝻䝆䜵䜽䝖䛻⤌䜏㎸䜐䛾䛿኱ኚ ○ ᐇ⿦䛾㝿䛿䝡䝹䝗䝒䞊䝹䛺䛹࿘㎶⎔ቃ䛾ᩚഛ䛾᪉䛜኱ኚ䛰䛸ண᝿䛥䜜䜛 ● DynamicPatcher ○ ᑟධ䝁䝇䝖䛾ప䛔䠃㐺⏝⠊ᅖ䛾ᗈ䛔 ○ 䛯䛰䛧Ⰽ䚻୙ᛮ㆟䛺ไ㝈䛜䛴䛔䛶䜎䜟䜛 ○ ᨵⰋḟ➨䛷ไ㝈⦆࿴䛷䛝䛭䛖䛰䛜䚸ᐇ⿦䛿኱ኚ䛷䝥䝷䝑䝖䝣䜷䞊䝮౫Ꮡᛶ䜒㧗䛔
  • 36. Runtime C++ Code Editing ⿵㊊᝟ሗ ● Recode ○ http://www.indefiant.com/ ○ GDC 2014 䛷Ⓨ⾲䚹Cryengine 䛜᥇⏝ ○ ᪤Ꮡ䝥䝻䝆䜵䜽䝖䛻䛭䛾䜎䜎㐺⏝ྍ⬟䚹䝬䝙䝳䜰䝹䛛䜙᥎ 䛩䜛䛻 DynamicPatcher ᪉ᘧ䠛 ● libdcompile ○ https://github.com/Fadis/libdcompile ○ clang & LLVM 䜢⏝䛔䛶 C++ 䛷 eval 䜢ᐇ⌧䛩䜛䝷䜲䝤䝷䝸 ● Projucer IDE ○ http://2013.cppnow.org/session/the-projucer-live-coding-with-c-and-the-llvm-jit-engine/ ○ clang & LLVM JIT engine 䜢ෆⶶ䛧䛯 IDE
  • 37. Topics ● Runtime C++ Code Editing ● State Save ● Inspector
  • 38. State Save State Save? ● 䝥䝻䝉䝇䛾ෆ㒊≧ែ䜢䜎䜛䛤䛸ಖᏑ䠃᚟ඖ䛩䜛ᶵ⬟ ● Checkpointing 䛸䛔䛖ྡ๓䛜䜘䜚ṇᘧ䜙䛧䛔 ○ http://en.wikipedia.org/wiki/Application_checkpointing ● 㐺ᙜ䛺㛫㝸䛷䝉䞊䝤䛧䛺䛜䜙䝔䝇䝖䝥䝺䜲 ->┤䛧䛯䛔䛸䛣䜝䛜䛒䛳䛯䜙ᕳ䛝ᡠ䛧䚸ಟṇ䛧䚸䝥䝺䜲⥅⥆䚸 䛸䛔䛖౑䛔᪉䜢᝿ᐃ ○ TAS ື⏬〇సᡭἲ䛾䝀䞊䝮ไస䜈䛾ᛂ⏝ ○ TAS 䛾ሙྜᕳ䛝ᡠ䛧䛶䝥䝺䜲䜢ಟṇ䛩䜛䛜䚸䛣䛾ሙྜ䝺䝧䝹䛭䛾䜒䛾䜢ಟṇ䛩䜛 ● ㏻ᖖ StateSave 䛿䝍䜲䝖䝹䛤䛸䛻ᐇ⿦䛩䜛䛜䚸኱䛝䛺ᡭ㛫䛜䛛䛛䜛䚹ỗ⏝ⓗ䛻ᐇ⌧䛷䛝䛺䛔䛛䠛 ○ PC 䛻㝈ᐃ䛩䜜䜀䛯䜆䜣ྍ⬟䟿
  • 39. State Save ᐇ⿦ᡓ␎ ● 䝥䝻䝉䝇䛾≧ែ䜢᚟ඖ䛩䜛䛾䛻ᚲせ䛺䜒䛾䛿௨ୗ䛾 3 䛴 ○ 䝯䝰䝸䛾≧ែ ○ 䝇䝺䝑䝗䛾≧ែ ○ 䜹䞊䝛䝹䜸䝤䝆䜵䜽䝖䛾≧ែ ● 䛣䜜䜙䛾᚟ඖ䛻ᚲせ䛺᝟ሗ䜢཰㞟䛩䜛
  • 40. State Save ணഛ▱㆑: API Hook ● 㛵ᩘ䛾࿧䜃ฟ䛧䜢ู䛾㛵ᩘ䛻䝸䝎䜲䝺䜽䝖䛥䛫䜛䝔䜽䝙䝑䜽 ● ᑐ㇟䛜እ㒊 DLL 䛾㛵ᩘ䛾ሙྜ䚸 Import Address Table 䜢᭩䛝᥮䛘䜛䛣䛸䛷ᐜ᫆䛻ᐇ⌧ྍ⬟ ○ ྛ䝰䝆䝳䞊䝹䛻䛿እ㒊 DLL 䛾㛵ᩘ䛾ྡ๓䛸䜰䝗䝺䝇䜢ಖᣢ䛩䜛㡿ᇦ䛜䛒䜛 ○ 䛭䛾䜰䝗䝺䝇䜢᭩䛝᥮䛘䜛䛣䛸䛷࿧䜃ฟ䛧䜢䝸䝎䜲䝺䜽䝖䛥䛫䜛䛣䛸䛜䛷䛝䜛 hoge.exe MSVCR.dll ImportNameTable ImportAddressTable printf 0x40000000 exit 0x40000020 ... MSVCR.dll 0x40000000 printf() 0x40000020 exit() ...
  • 41. State Save ணഛ▱㆑: API Hook ● 㛵ᩘ䛾࿧䜃ฟ䛧䜢ู䛾㛵ᩘ䛻䝸䝎䜲䝺䜽䝖䛥䛫䜛䝔䜽䝙䝑䜽 ● ᑐ㇟䛜እ㒊 DLL 䛾㛵ᩘ䛾ሙྜ䚸 Import Address Table 䜢᭩䛝᥮䛘䜛䛣䛸䛷ᐜ᫆䛻ᐇ⌧ྍ⬟ ○ ྛ䝰䝆䝳䞊䝹䛻䛿እ㒊 DLL 䛾㛵ᩘ䛾ྡ๓䛸䜰䝗䝺䝇䜢ಖᣢ䛩䜛㡿ᇦ䛜䛒䜛 ○ 䛭䛾䜰䝗䝺䝇䜢᭩䛝᥮䛘䜛䛣䛸䛷࿧䜃ฟ䛧䜢䝸䝎䜲䝺䜽䝖䛥䛫䜛䛣䛸䛜䛷䛝䜛 hoge.exe MSVCR.dll ImportNameTable ImportAddressTable printf 0x50000000 exit 0x50000020 ... MSVCR.dll 0x40000000 printf() 0x40000020 exit() ... Injected.dll 0x50000000 printf_hook() 0x50000020 exit_hook() ...
  • 42. State Save ணഛ▱㆑: API Hook (2) ● WinAPI 䜢 hook 䛧䛶 ○ ᚟ඖ䛻ᚲせ䛺᝟ሗ䜢䛛䛩䜑ྲྀ䜛 ○ 䜒䛧䛟䛿᚟ඖྍ⬟䛺⊂⮬䝹䞊䝏䞁䛻ᕪ䛧᭰䛘䜛 ● 䛸䛔䛖䛾䛜௒ᅇ䛾ᇶᮏᡓ␎
  • 43. State Save 䝯䝰䝸䛾≧ែ ● 䝰䝆䝳䞊䝹㡿ᇦ䚸䝠䞊䝥㡿ᇦ䚸䝨䞊䝆䝯䝰䝸䚸䝇䝍䝑䜽㡿ᇦ䚸ಶูᑐฎ䛜ᚲせ
  • 44. State Save 䝯䝰䝸䛾≧ែ (2) ● 䝰䝆䝳䞊䝹㡿ᇦ ○ exe 䜔 dll 䛜䝬䝑䝥䛥䜜䛯㡿ᇦ ○ global ኚᩘ䚸static ኚᩘ䛿䛣䛾㡿ᇦ䛻Ꮡᅾ ○ 䝁䞊䝗㡿ᇦ䛿᭩䛝㎸䜏୙ྍ⬟䚸ኚᩘ㡿ᇦ䛿᭩䛝㎸䜏ྍ⬟ᒓᛶ䛜䛴䛔䛶䛔䜛 ○ 䝰䝆䝳䞊䝹䛾ඛ㢌䛛䜙 VirtualQuery() 䛷㡰ḟ䝯䝰䝸䜢ㄪ䜉䚸᭩䛝㎸䜏ྍ⬟䛺㡿ᇦ䜢ಖᏑ ○ 䝰䝆䝳䞊䝹䛾ᕠᅇ䛿 CreateToolhelp32Snapshot(), Module32First(), Module32Next()
  • 45. State Save 䝯䝰䝸䛾≧ែ (3) ● 䝠䞊䝥㡿ᇦ ○ malloc() 䜔 new 䛻䜘䛳䛶☜ಖ䛥䜜䛯㡿ᇦ ○ 䛣䜜䜙䛿䛭䛾䜎䜎䛷䛿☜ಖ䛩䜛㡿ᇦ䛾䜰䝗䝺䝇䛾ண 䛜ᅔ㞴 ○ MSVCRT 䛾䝯䝰䝸☜ಖ䝹䞊䝏䞁䛿඲䛶 WinAPI 䛾 HeapAlloc() 䛷ᐇ⿦䛥䜜䛶䛔䜛 ○ HeapAlloc() 䜢 API hook 䛷஌䛳ྲྀ䛳䛶⊂⮬䝹䞊䝏䞁䛻ᕪ䛧᭰䛘䜛䛣䛸䛷ᑐᛂྍ⬟ ○ ௒ᅇ䛾౛䛷䛿஦๓䛻䛷䛛䛔䝯䝰䝸㡿ᇦ䜢☜ಖ䛧䛶 dlmalloc 䛷⟶⌮䛩䜛䝹䞊䝏䞁䜢౑⏝
  • 46. State Save 䝯䝰䝸䛾≧ែ (4) ● 䝨䞊䝆䝯䝰䝸 ○ VirtualAlloc() ୍᪘䛷☜ಖ䛥䜜䛯㡿ᇦ ○ 䜰䝗䝺䝇ᣦᐃ䛾☜ಖ䛜䛷䛝䜛䛯䜑⡆༢ ○ VirtualAlloc() ୍᪘䜢 hook 䛧䛶ᚲせ䛺᝟ሗ䜢グ㘓䛩䜛䛰䛡
  • 47. State Save 䝯䝰䝸䛾≧ែ (5) ● 䝇䝍䝑䜽㡿ᇦ ○ GetContext䠄䠅 䛷䝇䝺䝑䝗䛾䝺䝆䝇䝍䛾≧ែ䜢ྲྀᚓ䛷䛝䜛 ○ esp (x64 䛰䛸 rsp) 䝺䝆䝇䝍䛜䝇䝍䝑䜽䛾䛹䛣䛛䜢ᣦ䛧䛶䛔䜛 ○ VirualQuery() 䛷 esp/rsp 䛾㡿ᇦ䛾㛤ጞ䜰䝗䝺䝇䛸䝃䜲䝈䜢ྲྀᚓ䛧䛶グ㘓 ○ 䝇䝺䝑䝗䛾ᕠᅇ䛿 CreateToolhelp32Snapshot(), Thread32First(), Thread32Next() 䜢౑⏝ ■ ඲䝥䝻䝉䝇䛾඲䝇䝺䝑䝗䜢ᕠᅇ䛩䜛Ⅼ䛻ὀព
  • 48. State Save 䝇䝺䝑䝗䛾≧ែ ● ྛ䝇䝺䝑䝗䛾䝇䝍䝑䜽䛸䝺䝆䝇䝍䛾≧ែ ● 䝇䝍䝑䜽䛻䛴䛔䛶䛿ඛ䛻ゐ䜜䛯㏻䜚 ● 䝺䝆䝇䝍䛾ෆᐜ䛿 GetContext() & SetContext() 䜢࿧䜆䛰䛡
  • 49. State Save 䜹䞊䝛䝹䜸䝤䝆䜵䜽䝖䛾≧ែ ● 㠀ᖖ䛻㞴䛧䛔㒊ศ ● API Hook 䛷㉸㡹ᙇ䛳䛶᚟ඖ䛻ᚲせ䛺᝟ሗ䜢཰㞟 ● HANDLE 䛿⊂⮬⟶⌮䛾䜒䛾䛷 wrap ○ WinAPI 䛜㏉䛩 HANDLE 䛿್䛿ண ᅔ㞴䛺䛯䜑 ● DirectX / OpenGL 䛾䜸䝤䝆䜵䜽䝖䛺䛹䜒ᑐᛂ䛜ᚲせ ● ᑐᛂ䛧䛺䛟䛶䜒䛺䜣䛸䛛䛺䜛䝰䝆䝳䞊䝹䛿↓ど䛩䜛䛾䜒ᡭ ○ API hook 䛫䛪䚸䝰䝆䝳䞊䝹㡿ᇦ䛾䝯䝰䝸䜔䝇䝺䝑䝗䜒䝜䞊䝍䝑䝏
  • 50. State Save ᪤Ꮡ䛾䝥䝻䜾䝷䝮䛻⤌䜏㎸䜐 ● DLL Injection 䛷⡆༢䛻ᐇ⌧ྍ⬟ ● ௒ᅇ䛾౛䛷䛿 DLL 䛾୰䛷≉ᐃ䜻䞊ධຊ䛻ᛂ䛨䛶䝉䞊䝤䠃䝻䞊䝗
  • 51. State Save demo
  • 52. State Save ⪃ᐹ ● 䛱䜓䜣䛸ືస䛩䜜䜀ᙉຊ䛺㛤Ⓨᨭ᥼ᶵ⬟䛻䛺䜛䛿䛪 ● 䛧䛛䛧䛱䜓䜣䛸ືస䛩䜛䜒䛾䛻௙ୖ䛢䜛䛾䛿㠀ᖖ䛻㞴䛧䛔 ● ௒ᅇ䛾౛䜒䜎䛰䜎䛰Ⓨᒎ㏵ୖ ○ 䜹䞊䝛䝹䜸䝤䝆䜵䜽䝖䛿䜋䛸䜣䛹ᮍᑐᛂ䚹䜾䝷䝣䜱䝑䜽⣔䜒ᮍᑐᛂ ○ 䛧䛛䛧≉ᐃ䝅䞊䞁䛻㝈ᐃ䛩䜜䜀౑䛘䛺䛟䜒䛺䛥䛭䛖 ● 䝥䝻䝉䝇䛾෌⏕ᡂ䛿௒ᅇ䛿ㅉ䜑 ○ ASLR 䛻䜘䜚䝯䝰䝸䝺䜲䜰䜴䝖䛾෌⌧䛜ᅔ㞴䛺䛯䜑 ○ WindowsXP SP3 ௨㝆䛾䝉䜻䝳䝸䝔䜱ᶵ⬟䛜䛯䜎䛻䝻䞊䝺䝧䝹䝥䝻䜾䝷䝭䞁䜾䜢㜼ᐖ䛩䜛
  • 53. State Save ⿵㊊᝟ሗ: HourGlass ● https://code.google.com/p/hourglass-win32/ ● 䜸䞊䝥䞁䝋䞊䝇䛾 Windows ⏝ TAS ື⏬సᡂᨭ᥼䝒䞊䝹 ● API Hook 䛻䜘䜛ෆ㒊䝇䝔䞊䝖䛾ಖᏑ䚸ධຊ䝕䞊䝍䛾෌⌧䚸ື⏬᧜ᙳᶵ⬟䛺䛹䜢ᐇ⿦ ● 䛯䛰䛧 32 bit 䛾 WindowsXP 䛷䛺䛔䛸䜎䛸䜒䛻ື䛛䛺䛔 ● 䝋䞊䝇䝁䞊䝗䛿䛸䛶䜒㠃ⓑ䛟ཧ⪃䛻䛺䜛
  • 54. State Save ⿵㊊᝟ሗ: undump ● http://d.hatena.ne.jp/shinichiro_h/20060715/1152922272 ● Linux ୖ䛷௒ᅇㄝ᫂䛧䛯ෆᐜ䜢ᐇ⌧䛩䜛䜒䛾 ● Linux 䛷䛿䛔䛟䜙䛛 Windows 䜘䜚ᴦ䛻ᐇ⌧䛷䛝䜛ᵝᏊ
  • 55. Topics ● Runtime C++ Code Editing ● State Save ● Inspector
  • 56. Inspector Inspector ? ● GUI䛛䜙䝸䜰䝹䝍䜲䝮䛻䝕䞊䝍䜢⦅㞟䛩䜛ᶵ⬟ ● 䛔䜎䛹䛝䛾䝀䞊䝮䜶䞁䝆䞁䛺䜙኱᢬ഛ䜟䛳䛶䜛䜰䝺
  • 57. Inspector ᐇ⿦ᡓ␎ ● 䝕䝞䝑䜾᝟ሗ䛻 class 䛾䝕䞊䝍ᵓ㐀䛜ධ䛳䛶䛔䜛䛾䛷䛭䜜䜢฼⏝ ● 䜸䝤䝆䜵䜽䝖䜈䛾䝫䜲䞁䝍䛸ᆺྡ䛛䜙⦅㞟⏝ GUI 䜢ᵓ⠏ ● GUI 䛾⦅㞟⤖ᯝ䜢཯ᫎ
  • 58. Inspector 䝕䝞䝑䜾᝟ሗ䛾䝟䞊䝇 ● ᆺྡ (ᩥᏐิ) 䛛䜙 SymGetTypeInfo() 䛷ᆺ᝟ሗ䜢ྲྀᚓ UDT class Hoge { public: int m_data; }; Index = 15 UdtKind = UdtClass Name = “Hoge” Length = 4 Data Index = 16 Type = 17 Name = “m_data” BaseType Index = 17 Type = btInt Length = 4 child
  • 59. Inspector 䝕䝞䝑䜾᝟ሗ䛾䝟䞊䝇 (2) ● n byte ┠䛻䛹䛾ᆺ䛾䝕䞊䝍䛜䛒䜛䚸䛸䛔䛳䛯᝟ሗ䛜ྲྀ䜜䜛 ● 䜸䝤䝆䜵䜽䝖䛾ྛ䝯䞁䝞䛻ᑐᛂ䛩䜛 GUI 䛾䝁䞁䝖䝻䞊䝹䜢సᡂ ○ 㡹ᙇ䜜䜀䝕䝞䝑䜺䛾ኚᩘḍ䜢䛭䛾䜎䜎෌⌧䛷䛝䜛䛿䛪 ● 䝯䞁䝞㛵ᩘ䜒᝟ሗྲྀ䜜䜛 ○ 㛵ᩘ䜢࿧䜆䝁䞁䝖䝻䞊䝹䛾⮬ື⏕ᡂ䜒ྍ⬟䛺䛿䛪䛰䛜䚸㠀ᖖ䛻㞴䛧䛔
  • 60. Inspector ᡭື⏕ᡂ䛸⤌䜏ྜ䜟䛫䜛 ● ⮬ື⏕ᡂ䜸䞁䝸䞊䛿ᑡ䚻ཝ䛧䛔 ○ std::vector ၥ㢟 ○ ⦅㞟䛥䛫䛯䛟䛺䛔䝯䞁䝞ၥ㢟 ○ ࿨ྡつ๎䜢タ䛡䛶 annotation 䛾௦䜟䜚䛻䛩䜛䚸䛺䛹䛿䛒䜚䛛䜒 ● ᡭື⏕ᡂ䛷⿵䛖 ● 㛵ᩘ䜢࿧䜆 GUI 䜒ᡭື⏕ᡂ䛺䜙ᐇ⿦䛿⡆༢
  • 61. Inspector 䜶䝕䜱䝍䛾ᐇ⿦ ● GUI 䝣䝺䞊䝮䝽䞊䜽䛿䛺䜣䛷䜒䛔䛔䛜䚸௒ᅇ䛿 HTML & Javascript 䜢౑⏝ ● HTTP 䝃䞊䝞䛿 Poco 䛾䛚䛛䛢䛷ᐜ᫆䛻ᐇ⿦ྍ⬟ ○ http://pocoproject.org/ ● 䝀䞊䝮䛛䜙䝤䝷䜴䝄䛻୍ᐃ㛫㝸ẖ䛻 json ᙧᘧ䛷䝕䞊䝍䜢 serve ● 䝤䝷䜴䝄䛛䜙㏦䜙䜜䛶䛝䛯䝣䜷䞊䝮䝕䞊䝍䜢䝟䞊䝇䛧䛶䝕䞊䝍᭦᪂
  • 62. Inspector demo
  • 63. Inspector ⪃ᐹ ● ẚ㍑ⓗ䛚ᡭ㍍䛻ᐇ⿦ྍ⬟䛷䛒䜚䛺䛜䜙ᜠᜨ䛿኱䛝䛔 ● 䝋䞊䝇䛻ᡭ䜢ຍ䛘䛪䛻ᶵ⬟㏣ຍ䛧䛯䛔ሙྜ䜔䜔㞴ᗘ䛜ୖ䛜䜛 ○ DLL Injection & class 䛾䝁䞁䝇䝖䝷䜽䝍 & 䝕䝇䝖䝷䜽䝍䜢 hook ○ ௒ᅇ䛾౛䛿䝋䞊䝇䛻ᡭ䜢ຍ䛘䜛ᙧ䛷ᐇ⿦
  • 64. Inspector ⿵㊊ ● Unreal Engine 4 䛿ู䛾ᐇ⿦䜰䝥䝻䞊䝏 ○ 䝕䝞䝑䜾᝟ሗ౑䜟䛪⮬ຊゎᯒ
  • 65. Conclusion ● 䝕䝞䝑䜾᝟ሗ䛸ᐇ⾜ྍ⬟䝯䝰䝸䛥䛘䛒䜜䜀 C++ 䛿ືⓗゝㄒ ● ≉ᐃ OS & 䝁䞁䝟䜲䝷๓ᥦ䛷䛒䜜䜀Ⰽ䚻䛺୙ᛮ㆟ᶵ⬟䜢ᐇ⌧ྍ⬟ ● ᪤Ꮡ䛾䝒䞊䝹䛛䜙䜲䞁䝇䝢䝺䞊䝅䝵䞁䜢ᚓ䜙䜜䜛䛣䛸䜒
  • 66. Questions?
  • 67. End 䛒䜚䛜䛸䛖䛤䛦䛔䜎䛧䛯䟿
  • 68. Resources ● 今ᅇ䛾䝕䝰䛾䝋䞊䝇䝁䞊䝗⩌ ○ DynamicPatcher: https://github.com/i-saint/DynamicPatcher ○ RestoreProcessState: https://github.com/i-saint/scribble/tree/master/RestoreProcessState ○ WebDebugMenu: https://github.com/i-saint/WebDebugMenu ○ atomic: https://github.com/i-saint/atomic ● ᵝ䚻䛺㛵ᩘ hook 䛾ᐇ⿦: http://i-saint.hatenablog.com/entry/2013/07/19/205539