On Sat, Jul 28, 2001 at 04:56:39PM -0500, David Christian wrote:
> What I was interested in was whether or not it's possible to call
> unadvertised library functions.  Libraries are sort of just archived object
> files, right?  If I had an internal function called "int foo()" in the
> library, and someone created a fake header with an "extern int foo();",
> would they be able to access this function?  So far, I haven't been able to
> get that to work, but I'm not sure if it's because I'm doing something wrong
> or because there's some reason why it doesn't work.

Like you said about the license manager, a sufficiently determined
person could get access to the function.  It would require some heavy
black magic, though, because the library doesn't advertise that foo
exists and if you ask it where to find the function, it won't be able
(or willing) to tell you.

In theory, at least, you could set up some code to inspect the library's
binary for foo's entry point and then jumping directly to that address
after setting up the stack appropriately.  (OK, it's not quite that
hard to call the function once you've found it, since you could use
a function pointer to get the compiler to handle the stack for you.
But finding it is the hard part anyhow.)

This would also be version specific.  Since you're not using normal
channels to get the function's address, you'll have to find it again
every time the source code or compiler settings are changed.

-- 
With the arrest of Dimitry Sklyarov it has become apparent that it is not
safe for non US software engineers to visit the United States. - Alan Cox
"To prevent unauthorized reading..."         - Adobe eBook reader license