CEDEC2014 Live Coding in C++
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

CEDEC2014 Live Coding in C++

on

  • 4,329 views

 

Statistics

Views

Total Views
4,329
Views on SlideShare
2,675
Embed Views
1,654

Actions

Likes
33
Downloads
44
Comments
0

8 Embeds 1,654

http://i-saint.hatenablog.com 1137
https://twitter.com 479
http://feedly.com 31
https://www.inoreader.com 3
https://tweetdeck.twitter.com 1
http://www.newsblur.com 1
http://pmomale-ld1 1
http://digg.com 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

CEDEC2014 Live Coding in C++ Presentation Transcript

  • 1. Live Coding in C++ Seiya Ishibashi 2014/09/02
  • 2. Objective ᮏබ₇䛜┠ᣦ䛩䛸䛣䜝 ● C++ 䛷ᛌ㐺䛻䝀䞊䝮䜢㛤Ⓨ䛩䜛⎔ቃ䜢 ● 䛔䜝䜣䛺㯮㨱⾡䜢㥑౑䛧䛶 ● 䛷䛝䜛䛰䛡ỗ⏝ⓗ䛻 ● 䛷䛝䜛䛰䛡㠀౵ධⓗ䛻 ● ୍ಶே䛾ປຊ䛷ྍ⬟䛺⠊ᅖ䛷 ● ᇶᮏⓗ䛻 Windows ๓ᥦ䛷 ● ᐇ⌧䛩䜛 *ᮏබ₇䛿⚾ಶே䛾ᐇ㦂䛾ᡂᯝ䛷䛒䜚䚸 Unity 䛸䛿≉䛻㛵ಀ䛿䛒䜚䜎䛫䜣 (ᑡ䛺䛟䛸䜒௒⌧ᅾ䛿䚹䛭䛖䛔䛖ヰ䜢ᮇᚅ䛧䛶䛔䛯᪉䛻䛿䛩䜏䜎䛫䜣 )
  • 3. About Me Seiya Ishibashi ● a.k.a i-saint (@i_saint) ● CPU & GPU ඲ຊ䛷䜆䜣ᅇ䛧䛶⨾䛧䛔䜲䞁䝍䝷䜽䝅䝵䞁䜢ᐇ⌧䛩䜛䛾䛜⏕䛝⏥ᩫ ● ୪ิ䝥䝻䜾䝷䝭䞁䜾䜢୰ᚰ䛻䝻䞊䝺䝧䝹඲⯡䜢ᢸᙜ䚹䛯䜎䛻䜾䝷䝣䜱䝑䜽䜒 ● ᭱㏆䛰䛸 Unity 䛱䜓䜣䝇䝔䞊䝆䛾ᗋ䜢ᢸᙜ
  • 4. Topics ● Runtime C++ Code Editing ● State Save ● Inspector
  • 5. Topics ● Runtime C++ Code Editing ● State Save ● Inspector
  • 6. Runtime C++ Code Editing Runtime C++ Code Editing ? ● C++ 䝋䞊䝇䛾ኚ᭦䜢ᐇ⾜୰䛾䝥䝻䜾䝷䝮䛻䝸䜰䝹䝍䜲䝮䛻཯ᫎ䛥䛫䜛ᶵ⬟ ● 䛔䛟䛴䛛䛾ᐇ⿦䛜䛒䜚䚸㡰ḟゎㄝ ● Edit and Continue (Visual Studio) ● Runtime Compiled C++ ● DynamicPatcher
  • 7. Runtime C++ Code Editing ● Edit and Continue (Visual Studio) ● Runtime Compiled C++ ● DynamicPatcher
  • 8. Edit and Continue Edit and Continue ? ● VisualStudio 䛻ഛ䜟䛳䛶䛔䜛ᶵ⬟ ● ᐇ⾜୰䛻䝕䝞䝑䜺䛷Ṇ䜑䛶 C++ 䝋䞊䝇䜢⦅㞟䛩䜛䛸䚸䛭䜜䜢཯ᫎ䛧䛴䛴ᐇ⾜䜢⥅⥆䛷䛝䜛 ● ≉ᐃ䛾䝁䞁䝟䜲䝹䜸䝥䝅䝵䞁 (/ZI) 䜢䛴䛡䛶䝡䝹䝗䛩䜛䛣䛸䛷ᑐᛂྍ⬟ ● 䝀䞊䝮ᒇⓗ䛻ཝ䛧䛔ไ㝈䛜䛔䛟䛴䛛䛒䜛 ○ ᭱㐺໬䛜᭷ຠ䛰䛸౑䛘䛺䛔 ○ x64 ᮍᑐᛂ ○ 䝕䝞䝑䜺䛷Ṇ䜑䛺䛔䛸ኚ᭦䜢཯ᫎ䛷䛝䛺䛔
  • 9. Runtime C++ Code Editing ● Edit and Continue (Visual Studio) ● Runtime Compiled C++ ● DynamicPatcher
  • 10. Runtime Compiled C++ Runtime Compiled C++ ● http://runtimecompiledcplusplus.blogspot.jp/ ● Doug Binks Ặస ● ከ䛟䛾᥇⏝ᐇ⦼䛜䛒䜛 ● Unreal Engine 4 䛾 Hot Reload 䛿኱య䛣䜜䛸ྠ䛨௙⤌䜏
  • 11. Runtime Compiled C++ ᐇ⿦ᡓ␎ 1. 䜲䞁䝍䞊䝣䜵䞊䝇 class 䜢ᐃ⩏䛧䚸⦅㞟ྍ⬟䛻䛧䛯䛔㒊ศ䜢⥅ᢎ䛧䛯 class 䛻㛢䛨㎸䜑䚸DLL 䛻ศ㞳 2. C++ 䝋䞊䝇䜢᭦᪂䛧䛯䜙 DLL 䜢䝡䝹䝗 3. ᑐ㇟ DLL 䛻ᒓ䛩䜛䜸䝤䝆䜵䜽䝖䜢䝅䝸䜰䝷䜲䝈䛧䚸 DLL 䜢䝸䝻䞊䝗䛧䚸䜸䝤䝆䜵䜽䝖䜢䝕䝅䝸䜰䝷䜲䝈
  • 12. Runtime Compiled C++ // main.exe class Interface { public: virtual void Update()=0; virtual void Serialize(...)=0; }; // entity.dll class Entity : public Interface { public: virtual void Update(); virtual void Serialize(...); };
  • 13. Runtime Compiled C++ // main.exe class Interface { public: virtual void Update()=0; virtual void Serialize(...)=0; }; // entity.dll class Entity : public Interface { public: virtual void Update(); virtual void Serialize(...); }; // entity_updated.dll class Entity : public Interface { public: virtual void Update(); virtual void Serialize(...); };
  • 14. Runtime Compiled C++ // main.exe class Interface { public: virtual void Update()=0; virtual void Serialize(...)=0; }; // entity.dll class Entity : public Interface { public: virtual void Update(); virtual void Serialize(...); }; // entity_updated.dll class Entity : public Interface { public: virtual void Update(); virtual void Serialize(...); };
  • 15. Runtime Compiled C++ DLL 䜈䛾ศ๭ ● interface class 䜢⏝ព ● ⦅㞟ྍ⬟䛻䛧䛯䛔༢఩䛷 DLL 䛻ศ๭ (䍦䝥䝻䝆䜵䜽䝖䜢ศ๭ ) ● DLL ഃ䛿 interface 䜢⥅ᢎ䛧䛯 class 䜢ᐇ⿦䛧䚸䛭䛾 factory 㛵ᩘ䜢 exe ഃ䛻ᥦ౪
  • 16. Runtime Compiled C++ DLL 䛾䝡䝹䝗 ● VisualStudio 䛾䝁䞁䝟䜲䝷䜢࿧䜆 ○ 䝺䝆䝇䝖䝸䛛䜙᝟ሗ䜢ᚓ䛶 cl.exe 䜢㉳ື
  • 17. Runtime Compiled C++ DLL 䛾䝸䝻䞊䝗 1. DLL 䛻ᒓ䛩䜛䜸䝤䝆䜵䜽䝖䜢䝅䝸䜰䝷䜲䝈 2. ᪂䛧䛔 DLL 䜢䝻䞊䝗 3. ᪂䛧䛔 DLL 䛷䜸䝤䝆䜵䜽䝖䜢෌⏕ᡂ䛧䚸䝕䝅䝸䜰䝷䜲䝈 4. ྂ䛔䜸䝤䝆䜵䜽䝖䜢◚Რ 5. ྂ䛔 DLL 䜢䜰䞁䝻䞊䝗 ● 䝅䝸䜰䝷䜲䝈䛿䝕䞊䝍ᵓ㐀䛻ኚ᭦䛜䛺䛟䛶䜒ᚲせ ○ 䛭䛖䛧䛺䛔䛸 vtable 䛜᭦᪂䛥䜜䛪䚸ྂ䛔 DLL 䛾㛵ᩘ䜢࿧䜃䛻⾜䛣䛖䛸䛧䛶Ṛ䛼
  • 18. Runtime Compiled C++ pros: ● ᐇ⿦䛜䝅䞁䝥䝹䛛䛴ሀᐇ ● ከ䛟䛾䝥䝷䝑䝖䝣䜷䞊䝮䛷ᐇ⌧ྍ⬟ ● ᭱㐺໬䛜᭷ຠ䛷䜒ᶵ⬟䛩䜛 ● ⦅㞟ᚋ䜒䝕䝞䝑䜺䛷㏣㊧ྍ⬟ cons: ● ⦅㞟ྍ⬟䛻䛧䛯䛔㒊ศ䜢 DLL 䛻ศ㞳䛩䜛ᚲせ䛜䛒䜛 ● 䝅䝸䜰䝷䜲䝈䛜ᚲせ ● interface 䜢⥅ᢎ䛧䛯 class 䛧䛛᭦᪂䛷䛝䛺䛔
  • 19. Runtime C++ Code Editing ● Edit and Continue (Visual Studio) ● Runtime Compiled C++ ● DynamicPatcher
  • 20. DynamicPatcher DynamicPatcher ● https://github.com/i-saint/DynamicPatcher ● Runtime Compiled C++ 䛻䜲䞁䝇䝟䜲䜰䛥䜜䛶స䜚䜎䛧䛯 ● ᪤Ꮡ䛾䝥䝻䝆䜵䜽䝖䛻⡆༢䛻⤌䜏㎸䜑䜛䛣䛸䜢෌ඃඛ䛻タィ ● Riot Games 䛷᥇⏝䛥䜜䛯ᐇ⦼䛒䜚
  • 21. DynamicPatcher ᐇ⿦ᡓ␎ 1. C++ 䝋䞊䝇䜢䝁䞁䝟䜲䝹 2. ⏕ᡂ䛥䜜䛯 .obj 䝣䜯䜲䝹䜢⮬ຊ䛷䝻䞊䝗䠃䝸䞁䜽 3. ྂ䛔㛵ᩘ䜢᪂䛧䛔㛵ᩘ䜈䛾 jmp 䛻᭩䛝᥮䛘䛶᭦᪂
  • 22. DynamicPatcher // main.exe class Entity { public: virtual void Update(); };
  • 23. DynamicPatcher // main.exe class Entity { public: virtual void Update(); }; // entity.obj class Entity { public: virtual void Update(); };
  • 24. DynamicPatcher C++ 䝋䞊䝇䜢䝁䞁䝟䜲䝹 ● msbuild 䛻௵䛫䜛 ○ VisualStudio 䛾䝡䝹䝗䝒䞊䝹 ○ 䝍䞊䝀䝑䝖䜢 “ClCompile” 䛸䛩䜛䛣䛸䛷䝁䞁䝟䜲䝹䛰䛡ᐇ⾜ྍ⬟
  • 25. DynamicPatcher .obj 䝣䜯䜲䝹䛾䝻䞊䝗䠃䝸䞁䜽 ● .obj 䛿䝣䜷䞊䝬䝑䝖䛜බ㛤䛥䜜䛶䛚䜚䚸ẚ㍑ⓗ䜟䛛䜚䜔䛩䛔ᵓ㐀䜢䛧䛶䛔䜛䛯䜑䚸⮬ຊ䝻䞊䝗䠃䝸䞁䜽 䛿䛭䛣䜎䛷㞴䛧䛟䛿䛺䛔 ○ 䝣䜯䜲䝹䝣䜷䞊䝬䝑䝖㈨ᩱ䠖 http://www.skyfree.org/linux/references/coff.pdf
  • 26. DynamicPatcher section 䜢෌㓄⨨䛧䛴䛴䝯䝰䝸ୖ䛻䝬䝑䝥 ● .obj 䝣䜯䜲䝹䛿 section 䛸࿧䜀䜜䜛䝤䝻䝑䜽䛷ᵓᡂ䛥䜜䜛 ● section ẖ䛻Ⰽ䜣䛺ᒓᛶ䛸᝟ሗ䛜௜㝶䛩䜛 ○ 䝕䞊䝍䚸ᐇ⾜䝁䞊䝗䚸䝕䝞䝑䜾᝟ሗ䚸 etc ● 䜰䝷䜲䝯䞁䝖ᣦᐃ䛜䛒䜛 section 䛜䛒䜚䚸.obj 䝣䜯䜲䝹䛾≧ែ䛷䛿䛣䜜䜢⪃៖䛧䛯㓄⨨䛻䛺䛳䛶䛔䛺 䛔䚹⮬ຊ䛷෌㓄⨨䛩䜛ᚲせ䛜䛒䜛 ○ 䛣䜜䜢ᛰ䜛䛸 __m128 䛾 literal 䜢ཧ↷䛺䛹䛷ㅦ䛾䜽䝷䝑䝅䝳䛜㉳䛝䜛 ● VirtualAlloc() 䛷☜ಖ䛧䛯䚸ᐇ⾜ྍ⬟ᒓᛶ௜䛝䛾㡿ᇦ䛻 section 䛾ෆᐜ䜢⛣䛧䛶䛔䛡䜀 ok
  • 27. DynamicPatcher relocation ᝟ሗ䜢ඖ䛻䝅䞁䝪䝹䜢䝸䞁䜽 ● relocation ᝟ሗ: 䝸䞁䜽᫬䛻䛣䛣䛻䛒䛾䝅䞁䝪䝹䛾䜰䝗䝺䝇䜢᭩䛝㎸䜣䛷䛽䚸䛸䛔䛖᝟ሗ ● 䛣䛾᝟ሗ䛻ᚑ䛳䛶䜰䝗䝺䝇䜢᭩䛝㎸䜣䛷䛔䛡䜀䝸䞁䜽䛜᏶஢䛩䜛 ● .obj ෆ䛻䛒䜛䝅䞁䝪䝹䛿 .obj 䛾䝅䞁䝪䝹䝔䞊䝤䝹䛛䜙ྲྀᚓྍ⬟ ● 䝩䝇䝖䝥䝻䜾䝷䝮䛾䝅䞁䝪䝹䛿 SymFromName() 䜒䛧䛟䛿 .map 䝣䜯䜲䝹䛛䜙ྲྀᚓྍ⬟ ○ SymFromName() 䛿 .pdb 䛜ᚲせ䛛䛴㉸㐜䛔ୖ䚸 thread unsafe ○ .map 䝣䜯䜲䝹䜢౑䛖᪉䛜ᮃ䜎䛧䛔 (䛯䛰䛧䝸䞁䜹䜸䝥䝅䝵䞁 /MAP 䛜ᚲせ) ● ≉ᐃ䛾䝅䞁䝪䝹䛿ᖖ䛻䝩䝇䝖䝥䝻䜾䝷䝮䛾䝅䞁䝪䝹䛷䝸䞁䜽䛩䜛ᚲせ䛜䛒䜛 ○ static 䛺䜸䝤䝆䜵䜽䝖䛺䛹䚸ศᩓ䛥䜜䜛䛸ᅔ䜛䜒䛾
  • 28. DynamicPatcher ྂ䛔㛵ᩘ䜢᪂䛧䛔㛵ᩘ䜈䛾 jmp 䛻᭩䛝᥮䛘䛶᭦᪂ ● 㛵ᩘ䛾ඛ㢌 5 byte 䜢᪂䛧䛔㛵ᩘ䜈䛾 jmp 䛻᭩䛝᥮䛘䜛 ○ x86 䛻䛿࿨௧⮬㌟䛻㣕䜃ඛ䜰䝗䝺䝇䜢ྵ䜑䜙䜜䜛 jmp ࿨௧䛜䛒䜛 ○ 䝺䝆䝇䝍䛾ෆᐜ䜢ኚ䛘䛪䛻ไᚚ䜢㣕䜀䛫䜛䛯䜑䚸ᘬᩘ䛜ྠ䛨ᆺ䛾ู䛾㛵ᩘ䛻⡆༢䛻䝸䝎䜲䝺䜽 䝖䛷䛝䜛 ● 㛵ᩘ䛾䜰䝗䝺䝇䛿ኚ䜟䜙䛺䛔䛾䛷 vtable 䛾᭦᪂䛜ᚲせ䛺䛟䛺䜛 ○ 䝅䝸䜰䝷䜲䝈䛺䛧䛷 class 䛾ᣲື䜢ኚ᭦ྍ⬟ ● virtual 㛵ᩘ䛻㝈䜙䛪䜋䛸䜣䛹䛾㛵ᩘ䛾᭦᪂䛜ྍ⬟ ○ inline 㛵ᩘ䛺䛹୍㒊౛እ䛒䜚
  • 29. DynamicPatcher ᪤Ꮡ䛾䝥䝻䜾䝷䝮䛻⤌䜏㎸䜐 ● main() 㛵ᩘ䛻 1 ⾜㊊䛧䛶䝡䝹䝗䛧䛶䜒䜙䛘䜛䛺䜙䛭䜜䛷஦㊊䜚䜛 ● 䛧䛛䛧䝋䞊䝇䛻ኚ᭦䛜ᚲせ䛰䛸ᑟධ䝁䝇䝖䛜ୖ䛜䜛䚹䝋䞊䝇䛾ኚ᭦䛺䛧䛷ᑐᛂ䛧䛯䛔 ● 䛣䛖䛔䛖᫬䛣䛭 DLL Injection
  • 30. DynamicPatcher DLL Injection ● ᪤Ꮡ䛾䝥䝻䜾䝷䝮䛻௵ព䛾 DLL (=௵ព䛾䝁䞊䝗) 䜢ὀධ䛩䜛䝔䜽䝙䝑䜽 ● CreateRemoteThread() 䜢⏝䛔䚸ᑐ㇟䝥䝻䝉䝇䛾୰䛷 LoadLibrary() 䜢࿧䜀䛫䜛 ○ VirtualAlollocEx() 䛷ᑐ㇟䝥䝻䝉䝇ෆ䛻䝯䝰䝸䜢☜ಖ䛧䛶䝻䞊䝗䛥䛫䛯䛔 DLL 䛾䝟䝇䜢᭩䛝㎸ 䜏䚸䛭䜜䜢ᘬᩘ䛸䛧䛶 LoadLibrary() 䜢䜶䞁䝖䝸䝫䜲䞁䝖㛵ᩘ䛸䛧䛶䝇䝺䝑䝗䜢సᡂ ● 䜟䜚䛸䛔䜝䜣䛺䝒䞊䝹䛷⏝䛔䜙䜜䛶䛔䜛 ○ 䝡䝕䜸䜻䝱䝥䝏䝱䝋䝣䝖䚸䜾䝷䝣䜱䝑䜽䝕䝞䝑䜺䚸 etc
  • 31. DynamicPatcher ᪤Ꮡ䛾䝥䝻䜾䝷䝮䛻⤌䜏㎸䜐 (2) ● ୍㐃䛾ᶵ⬟䜢ᐇ⿦䛧䛯 DLL 䜢ᑐ㇟䝥䝻䝉䝇䛻ὀධ ● DLL 䛛䜙䝥䝻䝉䝇㛫㏻ಙ䛷እ㒊䛛䜙㏻ಙ䛩䜛❆ཱྀ䜢㛤䛟 ● 䝸䜽䜶䝇䝖䛻ᛂ䛨䛶᭦᪂䛩䜛㛵ᩘ䛾ᣦᐃ䜔 .obj 䝣䜯䜲䝹䜢䝻䞊䝗䛺䛹䜢⾜䛖 ● ௒ᅇ䛿 VisualStudio 䛾䜰䝗䜲䞁䜢సᡂ䛧䚸ᑐ㇟䝥䝻䝉䝇䛸㏻ಙ䛩䜛䜘䛖䛻䛧䛯 ○ ௨ୗ䛾ᶵ⬟䜢ᐇ⿦ 1. DLL Injection 䛧䛴䛴䝥䝻䜾䝷䝮㉳ື 2. .cpp 䜢䝁䞁䝟䜲䝹䛧䛶䝻䞊䝗䝸䜽䜶䝇䝖䜢㏦䜛 3. ᭦᪂䛩䜛䝅䞁䝪䝹䜢ᣦᐃ
  • 32. DynamicPatcher demo
  • 33. DynamicPatcher ไ㝈䠃ὀពⅬ ● ኚ᭦ᚋ䛾 .cpp 䛿䝕䝞䝑䜺䛷㏣䛘䛺䛟䛺䜛 ○ 䝋䞊䝇䛸䝞䜲䝘䝸䛿ኚ䜟䜛୍᪉䝕䝞䝑䜾᝟ሗ䛿ኚ䜟䜙䛺䛔䛯䜑 ● /LTCG (䝸䞁䜽᫬䝁䞊䝗⏕ᡂ ) 䜸䝥䝅䝵䞁䛷䝁䞁䝟䜲䝹䛥䜜䛯 .obj 䛿ᑐᛂ୙ྍ ○ ㏻ᖖ䛸␗䛺䜛䝣䜯䜲䝹䝣䜷䞊䝬䝑䝖䛻䛺䜛䛯䜑 ● /GR (RTTI ᭷ຠ) 䛷䝁䞁䝟䜲䝹䛥䜜䛯 .obj 䛿༴㝤 ○ vtable 䛾ᵓ㐀䛜ኚ䜟䜛 ● global 䜸䝤䝆䜵䜽䝖䛾䝁䞁䝇䝖䝷䜽䝍ၥ㢟 ○ atexit() 䛷䝕䝇䝖䝷䜽䝍䜢࿧䜆ฎ⌮䜢Ⓩ㘓䛩䜛䛯䜑༴㝤 ● ౛እ ○ ᑐᛂ㞴ᗘ㧗䛧
  • 34. DynamicPatcher pros ● ᪤Ꮡ䛾䝥䝻䝆䜵䜽䝖䛻䛭䛾䜎䜎㐺⏝ྍ⬟ ● ᭱㐺໬䛜᭷ຠ䛷䜒ᶵ⬟䛩䜛 (䛯䛰䛧䝸䞁䜽᫬䝁䞊䝗⏕ᡂ䛿䝎䝯 ) ● 䜋䜌඲䛶䛾㛵ᩘ䜢᭦᪂ྍ⬟ cons ● ⦅㞟ᚋ䝕䝞䝑䜺䛷㏣䛘䛺䛟䛺䜛 ● ᑐᛂྍ⬟䛺䝥䝷䝑䝖䝣䜷䞊䝮䛻኱䛝䛺ไ㝈䛜䛒䜛 ● Ⰽ䚻୙ᛮ㆟䛺ไ㝈䛜䛴䛔䛶䜎䜟䜛
  • 35. Runtime C++ Code Editing ⪃ᐹ ● Edit and Continue ○ x64 ᑐᛂ & ᭱㐺໬᭷ຠ䛜䛺䛔䛸䝀䞊䝮ᒇⓗ䛻ཝ䛧䛔 … ● Runtime Compiled C++ ○ ಙ㢗ᛶ䛾㧗䛥䛿᥇⏝ᐇ⦼䛜ド᫂῭䜏 ○ 䛧䛛᪤Ꮡ䛾䝥䝻䝆䜵䜽䝖䛻⤌䜏㎸䜐䛾䛿኱ኚ ○ ᐇ⿦䛾㝿䛿䝡䝹䝗䝒䞊䝹䛺䛹࿘㎶⎔ቃ䛾ᩚഛ䛾᪉䛜኱ኚ䛰䛸ண᝿䛥䜜䜛 ● DynamicPatcher ○ ᑟධ䝁䝇䝖䛾ప䛔䠃㐺⏝⠊ᅖ䛾ᗈ䛔 ○ 䛯䛰䛧Ⰽ䚻୙ᛮ㆟䛺ไ㝈䛜䛴䛔䛶䜎䜟䜛 ○ ᨵⰋḟ➨䛷ไ㝈⦆࿴䛷䛝䛭䛖䛰䛜䚸ᐇ⿦䛿኱ኚ䛷䝥䝷䝑䝖䝣䜷䞊䝮౫Ꮡᛶ䜒㧗䛔
  • 36. Runtime C++ Code Editing ⿵㊊᝟ሗ ● Recode ○ http://www.indefiant.com/ ○ GDC 2014 䛷Ⓨ⾲䚹Cryengine 䛜᥇⏝ ○ ᪤Ꮡ䝥䝻䝆䜵䜽䝖䛻䛭䛾䜎䜎㐺⏝ྍ⬟䚹䝬䝙䝳䜰䝹䛛䜙᥎ 䛩䜛䛻 DynamicPatcher ᪉ᘧ䠛 ● libdcompile ○ https://github.com/Fadis/libdcompile ○ clang & LLVM 䜢⏝䛔䛶 C++ 䛷 eval 䜢ᐇ⌧䛩䜛䝷䜲䝤䝷䝸 ● Projucer IDE ○ http://2013.cppnow.org/session/the-projucer-live-coding-with-c-and-the-llvm-jit-engine/ ○ clang & LLVM JIT engine 䜢ෆⶶ䛧䛯 IDE
  • 37. Topics ● Runtime C++ Code Editing ● State Save ● Inspector
  • 38. State Save State Save? ● 䝥䝻䝉䝇䛾ෆ㒊≧ែ䜢䜎䜛䛤䛸ಖᏑ䠃᚟ඖ䛩䜛ᶵ⬟ ● Checkpointing 䛸䛔䛖ྡ๓䛜䜘䜚ṇᘧ䜙䛧䛔 ○ http://en.wikipedia.org/wiki/Application_checkpointing ● 㐺ᙜ䛺㛫㝸䛷䝉䞊䝤䛧䛺䛜䜙䝔䝇䝖䝥䝺䜲 ->┤䛧䛯䛔䛸䛣䜝䛜䛒䛳䛯䜙ᕳ䛝ᡠ䛧䚸ಟṇ䛧䚸䝥䝺䜲⥅⥆䚸 䛸䛔䛖౑䛔᪉䜢᝿ᐃ ○ TAS ື⏬〇సᡭἲ䛾䝀䞊䝮ไస䜈䛾ᛂ⏝ ○ TAS 䛾ሙྜᕳ䛝ᡠ䛧䛶䝥䝺䜲䜢ಟṇ䛩䜛䛜䚸䛣䛾ሙྜ䝺䝧䝹䛭䛾䜒䛾䜢ಟṇ䛩䜛 ● ㏻ᖖ StateSave 䛿䝍䜲䝖䝹䛤䛸䛻ᐇ⿦䛩䜛䛜䚸኱䛝䛺ᡭ㛫䛜䛛䛛䜛䚹ỗ⏝ⓗ䛻ᐇ⌧䛷䛝䛺䛔䛛䠛 ○ PC 䛻㝈ᐃ䛩䜜䜀䛯䜆䜣ྍ⬟䟿
  • 39. State Save ᐇ⿦ᡓ␎ ● 䝥䝻䝉䝇䛾≧ែ䜢᚟ඖ䛩䜛䛾䛻ᚲせ䛺䜒䛾䛿௨ୗ䛾 3 䛴 ○ 䝯䝰䝸䛾≧ែ ○ 䝇䝺䝑䝗䛾≧ែ ○ 䜹䞊䝛䝹䜸䝤䝆䜵䜽䝖䛾≧ែ ● 䛣䜜䜙䛾᚟ඖ䛻ᚲせ䛺᝟ሗ䜢཰㞟䛩䜛
  • 40. State Save ணഛ▱㆑: API Hook ● 㛵ᩘ䛾࿧䜃ฟ䛧䜢ู䛾㛵ᩘ䛻䝸䝎䜲䝺䜽䝖䛥䛫䜛䝔䜽䝙䝑䜽 ● ᑐ㇟䛜እ㒊 DLL 䛾㛵ᩘ䛾ሙྜ䚸 Import Address Table 䜢᭩䛝᥮䛘䜛䛣䛸䛷ᐜ᫆䛻ᐇ⌧ྍ⬟ ○ ྛ䝰䝆䝳䞊䝹䛻䛿እ㒊 DLL 䛾㛵ᩘ䛾ྡ๓䛸䜰䝗䝺䝇䜢ಖᣢ䛩䜛㡿ᇦ䛜䛒䜛 ○ 䛭䛾䜰䝗䝺䝇䜢᭩䛝᥮䛘䜛䛣䛸䛷࿧䜃ฟ䛧䜢䝸䝎䜲䝺䜽䝖䛥䛫䜛䛣䛸䛜䛷䛝䜛 hoge.exe MSVCR.dll ImportNameTable ImportAddressTable printf 0x40000000 exit 0x40000020 ... MSVCR.dll 0x40000000 printf() 0x40000020 exit() ...
  • 41. State Save ணഛ▱㆑: API Hook ● 㛵ᩘ䛾࿧䜃ฟ䛧䜢ู䛾㛵ᩘ䛻䝸䝎䜲䝺䜽䝖䛥䛫䜛䝔䜽䝙䝑䜽 ● ᑐ㇟䛜እ㒊 DLL 䛾㛵ᩘ䛾ሙྜ䚸 Import Address Table 䜢᭩䛝᥮䛘䜛䛣䛸䛷ᐜ᫆䛻ᐇ⌧ྍ⬟ ○ ྛ䝰䝆䝳䞊䝹䛻䛿እ㒊 DLL 䛾㛵ᩘ䛾ྡ๓䛸䜰䝗䝺䝇䜢ಖᣢ䛩䜛㡿ᇦ䛜䛒䜛 ○ 䛭䛾䜰䝗䝺䝇䜢᭩䛝᥮䛘䜛䛣䛸䛷࿧䜃ฟ䛧䜢䝸䝎䜲䝺䜽䝖䛥䛫䜛䛣䛸䛜䛷䛝䜛 hoge.exe MSVCR.dll ImportNameTable ImportAddressTable printf 0x50000000 exit 0x50000020 ... MSVCR.dll 0x40000000 printf() 0x40000020 exit() ... Injected.dll 0x50000000 printf_hook() 0x50000020 exit_hook() ...
  • 42. State Save ணഛ▱㆑: API Hook (2) ● WinAPI 䜢 hook 䛧䛶 ○ ᚟ඖ䛻ᚲせ䛺᝟ሗ䜢䛛䛩䜑ྲྀ䜛 ○ 䜒䛧䛟䛿᚟ඖྍ⬟䛺⊂⮬䝹䞊䝏䞁䛻ᕪ䛧᭰䛘䜛 ● 䛸䛔䛖䛾䛜௒ᅇ䛾ᇶᮏᡓ␎
  • 43. State Save 䝯䝰䝸䛾≧ែ ● 䝰䝆䝳䞊䝹㡿ᇦ䚸䝠䞊䝥㡿ᇦ䚸䝨䞊䝆䝯䝰䝸䚸䝇䝍䝑䜽㡿ᇦ䚸ಶูᑐฎ䛜ᚲせ
  • 44. State Save 䝯䝰䝸䛾≧ែ (2) ● 䝰䝆䝳䞊䝹㡿ᇦ ○ exe 䜔 dll 䛜䝬䝑䝥䛥䜜䛯㡿ᇦ ○ global ኚᩘ䚸static ኚᩘ䛿䛣䛾㡿ᇦ䛻Ꮡᅾ ○ 䝁䞊䝗㡿ᇦ䛿᭩䛝㎸䜏୙ྍ⬟䚸ኚᩘ㡿ᇦ䛿᭩䛝㎸䜏ྍ⬟ᒓᛶ䛜䛴䛔䛶䛔䜛 ○ 䝰䝆䝳䞊䝹䛾ඛ㢌䛛䜙 VirtualQuery() 䛷㡰ḟ䝯䝰䝸䜢ㄪ䜉䚸᭩䛝㎸䜏ྍ⬟䛺㡿ᇦ䜢ಖᏑ ○ 䝰䝆䝳䞊䝹䛾ᕠᅇ䛿 CreateToolhelp32Snapshot(), Module32First(), Module32Next()
  • 45. State Save 䝯䝰䝸䛾≧ែ (3) ● 䝠䞊䝥㡿ᇦ ○ malloc() 䜔 new 䛻䜘䛳䛶☜ಖ䛥䜜䛯㡿ᇦ ○ 䛣䜜䜙䛿䛭䛾䜎䜎䛷䛿☜ಖ䛩䜛㡿ᇦ䛾䜰䝗䝺䝇䛾ண 䛜ᅔ㞴 ○ MSVCRT 䛾䝯䝰䝸☜ಖ䝹䞊䝏䞁䛿඲䛶 WinAPI 䛾 HeapAlloc() 䛷ᐇ⿦䛥䜜䛶䛔䜛 ○ HeapAlloc() 䜢 API hook 䛷஌䛳ྲྀ䛳䛶⊂⮬䝹䞊䝏䞁䛻ᕪ䛧᭰䛘䜛䛣䛸䛷ᑐᛂྍ⬟ ○ ௒ᅇ䛾౛䛷䛿஦๓䛻䛷䛛䛔䝯䝰䝸㡿ᇦ䜢☜ಖ䛧䛶 dlmalloc 䛷⟶⌮䛩䜛䝹䞊䝏䞁䜢౑⏝
  • 46. State Save 䝯䝰䝸䛾≧ែ (4) ● 䝨䞊䝆䝯䝰䝸 ○ VirtualAlloc() ୍᪘䛷☜ಖ䛥䜜䛯㡿ᇦ ○ 䜰䝗䝺䝇ᣦᐃ䛾☜ಖ䛜䛷䛝䜛䛯䜑⡆༢ ○ VirtualAlloc() ୍᪘䜢 hook 䛧䛶ᚲせ䛺᝟ሗ䜢グ㘓䛩䜛䛰䛡
  • 47. State Save 䝯䝰䝸䛾≧ែ (5) ● 䝇䝍䝑䜽㡿ᇦ ○ GetContext䠄䠅 䛷䝇䝺䝑䝗䛾䝺䝆䝇䝍䛾≧ែ䜢ྲྀᚓ䛷䛝䜛 ○ esp (x64 䛰䛸 rsp) 䝺䝆䝇䝍䛜䝇䝍䝑䜽䛾䛹䛣䛛䜢ᣦ䛧䛶䛔䜛 ○ VirualQuery() 䛷 esp/rsp 䛾㡿ᇦ䛾㛤ጞ䜰䝗䝺䝇䛸䝃䜲䝈䜢ྲྀᚓ䛧䛶グ㘓 ○ 䝇䝺䝑䝗䛾ᕠᅇ䛿 CreateToolhelp32Snapshot(), Thread32First(), Thread32Next() 䜢౑⏝ ■ ඲䝥䝻䝉䝇䛾඲䝇䝺䝑䝗䜢ᕠᅇ䛩䜛Ⅼ䛻ὀព
  • 48. State Save 䝇䝺䝑䝗䛾≧ែ ● ྛ䝇䝺䝑䝗䛾䝇䝍䝑䜽䛸䝺䝆䝇䝍䛾≧ែ ● 䝇䝍䝑䜽䛻䛴䛔䛶䛿ඛ䛻ゐ䜜䛯㏻䜚 ● 䝺䝆䝇䝍䛾ෆᐜ䛿 GetContext() & SetContext() 䜢࿧䜆䛰䛡
  • 49. State Save 䜹䞊䝛䝹䜸䝤䝆䜵䜽䝖䛾≧ែ ● 㠀ᖖ䛻㞴䛧䛔㒊ศ ● API Hook 䛷㉸㡹ᙇ䛳䛶᚟ඖ䛻ᚲせ䛺᝟ሗ䜢཰㞟 ● HANDLE 䛿⊂⮬⟶⌮䛾䜒䛾䛷 wrap ○ WinAPI 䛜㏉䛩 HANDLE 䛿್䛿ண ᅔ㞴䛺䛯䜑 ● DirectX / OpenGL 䛾䜸䝤䝆䜵䜽䝖䛺䛹䜒ᑐᛂ䛜ᚲせ ● ᑐᛂ䛧䛺䛟䛶䜒䛺䜣䛸䛛䛺䜛䝰䝆䝳䞊䝹䛿↓ど䛩䜛䛾䜒ᡭ ○ API hook 䛫䛪䚸䝰䝆䝳䞊䝹㡿ᇦ䛾䝯䝰䝸䜔䝇䝺䝑䝗䜒䝜䞊䝍䝑䝏
  • 50. State Save ᪤Ꮡ䛾䝥䝻䜾䝷䝮䛻⤌䜏㎸䜐 ● DLL Injection 䛷⡆༢䛻ᐇ⌧ྍ⬟ ● ௒ᅇ䛾౛䛷䛿 DLL 䛾୰䛷≉ᐃ䜻䞊ධຊ䛻ᛂ䛨䛶䝉䞊䝤䠃䝻䞊䝗
  • 51. State Save demo
  • 52. State Save ⪃ᐹ ● 䛱䜓䜣䛸ືస䛩䜜䜀ᙉຊ䛺㛤Ⓨᨭ᥼ᶵ⬟䛻䛺䜛䛿䛪 ● 䛧䛛䛧䛱䜓䜣䛸ືస䛩䜛䜒䛾䛻௙ୖ䛢䜛䛾䛿㠀ᖖ䛻㞴䛧䛔 ● ௒ᅇ䛾౛䜒䜎䛰䜎䛰Ⓨᒎ㏵ୖ ○ 䜹䞊䝛䝹䜸䝤䝆䜵䜽䝖䛿䜋䛸䜣䛹ᮍᑐᛂ䚹䜾䝷䝣䜱䝑䜽⣔䜒ᮍᑐᛂ ○ 䛧䛛䛧≉ᐃ䝅䞊䞁䛻㝈ᐃ䛩䜜䜀౑䛘䛺䛟䜒䛺䛥䛭䛖 ● 䝥䝻䝉䝇䛾෌⏕ᡂ䛿௒ᅇ䛿ㅉ䜑 ○ ASLR 䛻䜘䜚䝯䝰䝸䝺䜲䜰䜴䝖䛾෌⌧䛜ᅔ㞴䛺䛯䜑 ○ WindowsXP SP3 ௨㝆䛾䝉䜻䝳䝸䝔䜱ᶵ⬟䛜䛯䜎䛻䝻䞊䝺䝧䝹䝥䝻䜾䝷䝭䞁䜾䜢㜼ᐖ䛩䜛
  • 53. State Save ⿵㊊᝟ሗ: HourGlass ● https://code.google.com/p/hourglass-win32/ ● 䜸䞊䝥䞁䝋䞊䝇䛾 Windows ⏝ TAS ື⏬సᡂᨭ᥼䝒䞊䝹 ● API Hook 䛻䜘䜛ෆ㒊䝇䝔䞊䝖䛾ಖᏑ䚸ධຊ䝕䞊䝍䛾෌⌧䚸ື⏬᧜ᙳᶵ⬟䛺䛹䜢ᐇ⿦ ● 䛯䛰䛧 32 bit 䛾 WindowsXP 䛷䛺䛔䛸䜎䛸䜒䛻ື䛛䛺䛔 ● 䝋䞊䝇䝁䞊䝗䛿䛸䛶䜒㠃ⓑ䛟ཧ⪃䛻䛺䜛
  • 54. State Save ⿵㊊᝟ሗ: undump ● http://d.hatena.ne.jp/shinichiro_h/20060715/1152922272 ● Linux ୖ䛷௒ᅇㄝ᫂䛧䛯ෆᐜ䜢ᐇ⌧䛩䜛䜒䛾 ● Linux 䛷䛿䛔䛟䜙䛛 Windows 䜘䜚ᴦ䛻ᐇ⌧䛷䛝䜛ᵝᏊ
  • 55. Topics ● Runtime C++ Code Editing ● State Save ● Inspector
  • 56. Inspector Inspector ? ● GUI䛛䜙䝸䜰䝹䝍䜲䝮䛻䝕䞊䝍䜢⦅㞟䛩䜛ᶵ⬟ ● 䛔䜎䛹䛝䛾䝀䞊䝮䜶䞁䝆䞁䛺䜙኱᢬ഛ䜟䛳䛶䜛䜰䝺
  • 57. Inspector ᐇ⿦ᡓ␎ ● 䝕䝞䝑䜾᝟ሗ䛻 class 䛾䝕䞊䝍ᵓ㐀䛜ධ䛳䛶䛔䜛䛾䛷䛭䜜䜢฼⏝ ● 䜸䝤䝆䜵䜽䝖䜈䛾䝫䜲䞁䝍䛸ᆺྡ䛛䜙⦅㞟⏝ GUI 䜢ᵓ⠏ ● GUI 䛾⦅㞟⤖ᯝ䜢཯ᫎ
  • 58. Inspector 䝕䝞䝑䜾᝟ሗ䛾䝟䞊䝇 ● ᆺྡ (ᩥᏐิ) 䛛䜙 SymGetTypeInfo() 䛷ᆺ᝟ሗ䜢ྲྀᚓ UDT class Hoge { public: int m_data; }; Index = 15 UdtKind = UdtClass Name = “Hoge” Length = 4 Data Index = 16 Type = 17 Name = “m_data” BaseType Index = 17 Type = btInt Length = 4 child
  • 59. Inspector 䝕䝞䝑䜾᝟ሗ䛾䝟䞊䝇 (2) ● n byte ┠䛻䛹䛾ᆺ䛾䝕䞊䝍䛜䛒䜛䚸䛸䛔䛳䛯᝟ሗ䛜ྲྀ䜜䜛 ● 䜸䝤䝆䜵䜽䝖䛾ྛ䝯䞁䝞䛻ᑐᛂ䛩䜛 GUI 䛾䝁䞁䝖䝻䞊䝹䜢సᡂ ○ 㡹ᙇ䜜䜀䝕䝞䝑䜺䛾ኚᩘḍ䜢䛭䛾䜎䜎෌⌧䛷䛝䜛䛿䛪 ● 䝯䞁䝞㛵ᩘ䜒᝟ሗྲྀ䜜䜛 ○ 㛵ᩘ䜢࿧䜆䝁䞁䝖䝻䞊䝹䛾⮬ື⏕ᡂ䜒ྍ⬟䛺䛿䛪䛰䛜䚸㠀ᖖ䛻㞴䛧䛔
  • 60. Inspector ᡭື⏕ᡂ䛸⤌䜏ྜ䜟䛫䜛 ● ⮬ື⏕ᡂ䜸䞁䝸䞊䛿ᑡ䚻ཝ䛧䛔 ○ std::vector ၥ㢟 ○ ⦅㞟䛥䛫䛯䛟䛺䛔䝯䞁䝞ၥ㢟 ○ ࿨ྡつ๎䜢タ䛡䛶 annotation 䛾௦䜟䜚䛻䛩䜛䚸䛺䛹䛿䛒䜚䛛䜒 ● ᡭື⏕ᡂ䛷⿵䛖 ● 㛵ᩘ䜢࿧䜆 GUI 䜒ᡭື⏕ᡂ䛺䜙ᐇ⿦䛿⡆༢
  • 61. Inspector 䜶䝕䜱䝍䛾ᐇ⿦ ● GUI 䝣䝺䞊䝮䝽䞊䜽䛿䛺䜣䛷䜒䛔䛔䛜䚸௒ᅇ䛿 HTML & Javascript 䜢౑⏝ ● HTTP 䝃䞊䝞䛿 Poco 䛾䛚䛛䛢䛷ᐜ᫆䛻ᐇ⿦ྍ⬟ ○ http://pocoproject.org/ ● 䝀䞊䝮䛛䜙䝤䝷䜴䝄䛻୍ᐃ㛫㝸ẖ䛻 json ᙧᘧ䛷䝕䞊䝍䜢 serve ● 䝤䝷䜴䝄䛛䜙㏦䜙䜜䛶䛝䛯䝣䜷䞊䝮䝕䞊䝍䜢䝟䞊䝇䛧䛶䝕䞊䝍᭦᪂
  • 62. Inspector demo
  • 63. Inspector ⪃ᐹ ● ẚ㍑ⓗ䛚ᡭ㍍䛻ᐇ⿦ྍ⬟䛷䛒䜚䛺䛜䜙ᜠᜨ䛿኱䛝䛔 ● 䝋䞊䝇䛻ᡭ䜢ຍ䛘䛪䛻ᶵ⬟㏣ຍ䛧䛯䛔ሙྜ䜔䜔㞴ᗘ䛜ୖ䛜䜛 ○ DLL Injection & class 䛾䝁䞁䝇䝖䝷䜽䝍 & 䝕䝇䝖䝷䜽䝍䜢 hook ○ ௒ᅇ䛾౛䛿䝋䞊䝇䛻ᡭ䜢ຍ䛘䜛ᙧ䛷ᐇ⿦
  • 64. Inspector ⿵㊊ ● Unreal Engine 4 䛿ู䛾ᐇ⿦䜰䝥䝻䞊䝏 ○ 䝕䝞䝑䜾᝟ሗ౑䜟䛪⮬ຊゎᯒ
  • 65. Conclusion ● 䝕䝞䝑䜾᝟ሗ䛸ᐇ⾜ྍ⬟䝯䝰䝸䛥䛘䛒䜜䜀 C++ 䛿ືⓗゝㄒ ● ≉ᐃ OS & 䝁䞁䝟䜲䝷๓ᥦ䛷䛒䜜䜀Ⰽ䚻䛺୙ᛮ㆟ᶵ⬟䜢ᐇ⌧ྍ⬟ ● ᪤Ꮡ䛾䝒䞊䝹䛛䜙䜲䞁䝇䝢䝺䞊䝅䝵䞁䜢ᚓ䜙䜜䜛䛣䛸䜒
  • 66. Questions?
  • 67. End 䛒䜚䛜䛸䛖䛤䛦䛔䜎䛧䛯䟿
  • 68. Resources ● 今ᅇ䛾䝕䝰䛾䝋䞊䝇䝁䞊䝗⩌ ○ DynamicPatcher: https://github.com/i-saint/DynamicPatcher ○ RestoreProcessState: https://github.com/i-saint/scribble/tree/master/RestoreProcessState ○ WebDebugMenu: https://github.com/i-saint/WebDebugMenu ○ atomic: https://github.com/i-saint/atomic ● ᵝ䚻䛺㛵ᩘ hook 䛾ᐇ⿦: http://i-saint.hatenablog.com/entry/2013/07/19/205539