I hope c coding is ok here.
I am fairly new at c coding.
I simply want to embed some text in the executable.
I tried this but can't find the text using Ghex.
#include <stdio.h>
const char * S = "andrew";
int main()
{
printf("Hello World!\n");
return 0;
}
#include <stdio.h>
const char *str = "andrew";
int main()
{
printf("Hello World! %s\n", str);
return 0;
}
Text strings won't be embedded in the code, they will reside in the data segment.
Ok.
Can I get it embedded in the code segment where it will be near the top when viewed with a hex editor?
Tricky. Most large-scale architectures separate data and code.
What you might be able to find is the value of the pointer.
#include <stdio.h>
int main(void)
{
printf("%p\n", "fixed text");
}
Compile and run that and you'll be given a hexadecimal value. Search for that value in the code segment and you won't find the text itself, but you'll find something which uses it.
Embedding a text file in C code. Therefore it might be easier if you just load the text from a file at runtime, or embed the text directly into the code.
int main()
{
const char* text = "
#include "file.txt"
";
printf("%s", text);
return 0;
Embedded_Text.c:3:17: warning: unused variable �text� [-Wunused-variable]
const char* text = "
The C language, the C preprocessor, and the linker do not work that way.
Besides, altering what you stuff into a pair of double quotes doesn't move it into the code segment. It will be in the data segment, just like before, when he couldn't find it.
To stuff non-code content into the code segment, assembly language might be required.
You could try inline assembler inside your C code using a simple short jump to a NOP and filling the gap with define bytes with the hex values of the string you want to display:
Pseudo-code...
Enter the C _asm_ extension statement inside the beginning of _main_.
jmp short LABEL:
db 0x??
db 0x??
.
.
db 0x??
LABEL:
nop
Close assembler statement and continue.
This will safely give 120 characters worth of define byte[s], 'db'.
Where ?? are the hex values of the characters.
It might work under gcc...
I have no idea if this would work under gcc, (it does work on C compilers on other older platforms).
------ Post updated at 09:46 PM ------
This might attach itself to the previous code:
#include <stdio.h>
int main(void)
{
/* This should be inside this assembler code. */
asm ("jmp getout;"
"useless: .asciz \"Barry Walker!\n\";"
"getout:;"
"nop;"
);
printf("This should be in the data section.\n");
printf("Testing the hidden string.\n");
return 0;
}
Results OSX 10.13.6, default bash terminal compiled under gcc.
Last login: Sun Oct 28 21:37:54 on ttys000
AMIGA:amiga~> cd Desktop/Code/C
AMIGA:amiga~/Desktop/Code/C> gcc embed.c
AMIGA:amiga~/Desktop/Code/C> ./a.out
This should be in the data section.
Testing the hidden string.
AMIGA:amiga~/Desktop/Code/C> hexdump -C a.out
00000000 cf fa ed fe 07 00 00 01 03 00 00 80 02 00 00 00 |................|
00000010 0f 00 00 00 b0 04 00 00 85 00 20 00 00 00 00 00 |.......... .....|
00000020 19 00 00 00 48 00 00 00 5f 5f 50 41 47 45 5a 45 |....H...__PAGEZE|
00000030 52 4f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |RO..............|
00000040 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 |................|
00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000060 00 00 00 00 00 00 00 00 19 00 00 00 d8 01 00 00 |................|
00000070 5f 5f 54 45 58 54 00 00 00 00 00 00 00 00 00 00 |__TEXT..........|
00000080 00 00 00 00 01 00 00 00 00 10 00 00 00 00 00 00 |................|
00000090 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 |................|
000000a0 07 00 00 00 05 00 00 00 05 00 00 00 00 00 00 00 |................|
000000b0 5f 5f 74 65 78 74 00 00 00 00 00 00 00 00 00 00 |__text..........|
000000c0 5f 5f 54 45 58 54 00 00 00 00 00 00 00 00 00 00 |__TEXT..........|
000000d0 f0 0e 00 00 01 00 00 00 50 00 00 00 00 00 00 00 |........P.......|
000000e0 f0 0e 00 00 04 00 00 00 00 00 00 00 00 00 00 00 |................|
000000f0 00 04 00 80 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000100 5f 5f 73 74 75 62 73 00 00 00 00 00 00 00 00 00 |__stubs.........|
00000110 5f 5f 54 45 58 54 00 00 00 00 00 00 00 00 00 00 |__TEXT..........|
00000120 40 0f 00 00 01 00 00 00 06 00 00 00 00 00 00 00 |@...............|
00000130 40 0f 00 00 01 00 00 00 00 00 00 00 00 00 00 00 |@...............|
00000140 08 04 00 80 00 00 00 00 06 00 00 00 00 00 00 00 |................|
00000150 5f 5f 73 74 75 62 5f 68 65 6c 70 65 72 00 00 00 |__stub_helper...|
00000160 5f 5f 54 45 58 54 00 00 00 00 00 00 00 00 00 00 |__TEXT..........|
00000170 48 0f 00 00 01 00 00 00 1a 00 00 00 00 00 00 00 |H...............|
00000180 48 0f 00 00 02 00 00 00 00 00 00 00 00 00 00 00 |H...............|
00000190 00 04 00 80 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001a0 5f 5f 63 73 74 72 69 6e 67 00 00 00 00 00 00 00 |__cstring.......|
000001b0 5f 5f 54 45 58 54 00 00 00 00 00 00 00 00 00 00 |__TEXT..........|
000001c0 62 0f 00 00 01 00 00 00 41 00 00 00 00 00 00 00 |b.......A.......|
000001d0 62 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |b...............|
000001e0 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000001f0 5f 5f 75 6e 77 69 6e 64 5f 69 6e 66 6f 00 00 00 |__unwind_info...|
00000200 5f 5f 54 45 58 54 00 00 00 00 00 00 00 00 00 00 |__TEXT..........|
00000210 a4 0f 00 00 01 00 00 00 50 00 00 00 00 00 00 00 |........P.......|
00000220 a4 0f 00 00 02 00 00 00 00 00 00 00 00 00 00 00 |................|
00000230 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00000240 19 00 00 00 e8 00 00 00 5f 5f 44 41 54 41 00 00 |........__DATA..|
00000250 00 00 00 00 00 00 00 00 00 10 00 00 01 00 00 00 |................|
00000260 00 10 00 00 00 00 00 00 00 10 00 00 00 00 00 00 |................|
00000270 00 10 00 00 00 00 00 00 07 00 00 00 03 00 00 00 |................|
00000280 02 00 00 00 00 00 00 00 5f 5f 6e 6c 5f 73 79 6d |........__nl_sym|
00000290 62 6f 6c 5f 70 74 72 00 5f 5f 44 41 54 41 00 00 |bol_ptr.__DATA..|
000002a0 00 00 00 00 00 00 00 00 00 10 00 00 01 00 00 00 |................|
000002b0 10 00 00 00 00 00 00 00 00 10 00 00 03 00 00 00 |................|
000002c0 00 00 00 00 00 00 00 00 06 00 00 00 01 00 00 00 |................|
000002d0 00 00 00 00 00 00 00 00 5f 5f 6c 61 5f 73 79 6d |........__la_sym|
000002e0 62 6f 6c 5f 70 74 72 00 5f 5f 44 41 54 41 00 00 |bol_ptr.__DATA..|
000002f0 00 00 00 00 00 00 00 00 10 10 00 00 01 00 00 00 |................|
00000300 08 00 00 00 00 00 00 00 10 10 00 00 03 00 00 00 |................|
00000310 00 00 00 00 00 00 00 00 07 00 00 00 03 00 00 00 |................|
00000320 00 00 00 00 00 00 00 00 19 00 00 00 48 00 00 00 |............H...|
00000330 5f 5f 4c 49 4e 4b 45 44 49 54 00 00 00 00 00 00 |__LINKEDIT......|
00000340 00 20 00 00 01 00 00 00 00 10 00 00 00 00 00 00 |. ..............|
00000350 00 20 00 00 00 00 00 00 20 01 00 00 00 00 00 00 |. ...... .......|
00000360 07 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 |................|
00000370 22 00 00 80 30 00 00 00 00 20 00 00 08 00 00 00 |"...0.... ......|
00000380 08 20 00 00 18 00 00 00 00 00 00 00 00 00 00 00 |. ..............|
00000390 20 20 00 00 10 00 00 00 30 20 00 00 30 00 00 00 | ......0 ..0...|
000003a0 02 00 00 00 18 00 00 00 68 20 00 00 06 00 00 00 |........h ......|
000003b0 d8 20 00 00 48 00 00 00 0b 00 00 00 50 00 00 00 |. ..H.......P...|
000003c0 00 00 00 00 02 00 00 00 02 00 00 00 02 00 00 00 |................|
000003d0 04 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 |................|
000003e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000003f0 c8 20 00 00 04 00 00 00 00 00 00 00 00 00 00 00 |. ..............|
00000400 00 00 00 00 00 00 00 00 0e 00 00 00 20 00 00 00 |............ ...|
00000410 0c 00 00 00 2f 75 73 72 2f 6c 69 62 2f 64 79 6c |..../usr/lib/dyl|
00000420 64 00 00 00 00 00 00 00 1b 00 00 00 18 00 00 00 |d...............|
00000430 e6 03 ce a5 56 fa 32 2e b4 ad ee 93 51 18 57 b9 |....V.2.....Q.W.|
00000440 24 00 00 00 10 00 00 00 00 0d 0a 00 00 0d 0a 00 |$...............|
00000450 2a 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 |*...............|
00000460 28 00 00 80 18 00 00 00 f0 0e 00 00 00 00 00 00 |(...............|
00000470 00 00 00 00 00 00 00 00 0c 00 00 00 38 00 00 00 |............8...|
00000480 18 00 00 00 02 00 00 00 00 00 e4 04 00 00 01 00 |................|
00000490 2f 75 73 72 2f 6c 69 62 2f 6c 69 62 53 79 73 74 |/usr/lib/libSyst|
000004a0 65 6d 2e 42 2e 64 79 6c 69 62 00 00 00 00 00 00 |em.B.dylib......|
000004b0 26 00 00 00 10 00 00 00 60 20 00 00 08 00 00 00 |&.......` ......|
000004c0 29 00 00 00 10 00 00 00 68 20 00 00 00 00 00 00 |).......h ......|
000004d0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00000ef0 55 48 89 e5 48 83 ec 10 c7 45 fc 00 00 00 00 e9 |UH..H....E......|
00000f00 0f 00 00 00 42 61 72 72 79 20 57 61 6c 6b 65 72 |....Barry Walker|
00000f10 21 0a 00 90 48 8d 3d 47 00 00 00 b0 00 e8 1e 00 |!...H.=G........|
00000f20 00 00 48 8d 3d 5e 00 00 00 89 45 f8 b0 00 e8 0d |..H.=^....E.....|
00000f30 00 00 00 31 c9 89 45 f4 89 c8 48 83 c4 10 5d c3 |...1..E...H...].|
00000f40 ff 25 ca 00 00 00 00 00 4c 8d 1d b9 00 00 00 41 |.%......L......A|
00000f50 53 ff 25 a9 00 00 00 90 68 00 00 00 00 e9 e6 ff |S.%.....h.......|
00000f60 ff ff 54 68 69 73 20 73 68 6f 75 6c 64 20 62 65 |..This should be|
00000f70 20 69 6e 20 74 68 65 20 64 61 74 61 20 73 65 63 | in the data sec|
00000f80 74 69 6f 6e 2e 0a 00 54 65 73 74 69 6e 67 20 74 |tion...Testing t|
00000f90 68 65 20 68 69 64 64 65 6e 20 73 74 72 69 6e 67 |he hidden string|
00000fa0 2e 0a 00 00 01 00 00 00 1c 00 00 00 00 00 00 00 |................|
00000fb0 1c 00 00 00 00 00 00 00 1c 00 00 00 02 00 00 00 |................|
00000fc0 f0 0e 00 00 34 00 00 00 34 00 00 00 41 0f 00 00 |....4...4...A...|
00000fd0 00 00 00 00 34 00 00 00 03 00 00 00 0c 00 02 00 |....4...........|
00000fe0 14 00 02 00 00 00 00 01 14 00 00 00 00 00 00 00 |................|
00000ff0 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00001000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00001010 58 0f 00 00 01 00 00 00 00 00 00 00 00 00 00 00 |X...............|
00001020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
00002000 11 22 10 51 00 00 00 00 11 40 64 79 6c 64 5f 73 |.".Q.....@dyld_s|
00002010 74 75 62 5f 62 69 6e 64 65 72 00 51 72 00 90 00 |tub_binder.Qr...|
00002020 72 10 11 40 5f 70 72 69 6e 74 66 00 90 00 00 00 |r..@_printf.....|
00002030 00 01 5f 00 05 00 02 5f 6d 68 5f 65 78 65 63 75 |.._...._mh_execu|
00002040 74 65 5f 68 65 61 64 65 72 00 21 6d 61 69 6e 00 |te_header.!main.|
00002050 25 02 00 00 00 03 00 f0 1d 00 00 00 00 00 00 00 |%...............|
00002060 f0 1d 14 0f 00 00 00 00 35 00 00 00 0e 01 00 00 |........5.......|
00002070 04 0f 00 00 01 00 00 00 3d 00 00 00 0e 01 00 00 |........=.......|
00002080 13 0f 00 00 01 00 00 00 02 00 00 00 0f 01 10 00 |................|
00002090 00 00 00 00 01 00 00 00 16 00 00 00 0f 01 00 00 |................|
000020a0 f0 0e 00 00 01 00 00 00 1c 00 00 00 01 00 00 01 |................|
000020b0 00 00 00 00 00 00 00 00 24 00 00 00 01 00 00 01 |........$.......|
000020c0 00 00 00 00 00 00 00 00 04 00 00 00 05 00 00 00 |................|
000020d0 00 00 00 40 04 00 00 00 20 00 5f 5f 6d 68 5f 65 |...@.... .__mh_e|
000020e0 78 65 63 75 74 65 5f 68 65 61 64 65 72 00 5f 6d |xecute_header._m|
000020f0 61 69 6e 00 5f 70 72 69 6e 74 66 00 64 79 6c 64 |ain._printf.dyld|
00002100 5f 73 74 75 62 5f 62 69 6e 64 65 72 00 75 73 65 |_stub_binder.use|
00002110 6c 65 73 73 00 67 65 74 6f 75 74 00 00 00 00 00 |less.getout.....|
00002120
AMIGA:amiga~/Desktop/Code/C> _
Note the hex number 90 after the "Barry Walker![newline][EOF]" is the NOP instruction...
Hope this helps...
EDIT:
00000ef0 55 48 89 e5 48 83 ec 10 c7 45 fc 00 00 00 00 e9 |UH..H....E......|
00000f00 0f 00 00 00 42 61 72 72 79 20 57 61 6c 6b 65 72 |....Barry Walker|
The JMP instruction is at the end of the upper line and is this:
e9 0f 00 00 00 followed by the characters.
'e9' is jmp op-code.
'0f' is the little endian number of bytes, (from a signed 32 bit number), 15 decimal, to jump to the end-of-file/null byte '00' to execute the nop op-code.
Hope this helps too.