0

This is hacking for a useful (non-malicious) purpose and I'm not sure what I want can be done but I'd like to try. I'm running software that is closed source so I can't modify the original function call. The call is:

sprintf(string, this->LabelFormat, value)

And this->LabelFormat is %-#6.3g by default. The purpose is to format labels for a legend of doubles, so value is a number.

I can set this->LabelFormat to whatever I want. I would like to perform a mapping from numbers to strings, for example:

value | string
--------------
  0.0 | None
  1.0 | I
  2.0 | J
  3.0 | K

and so on. Is it at all possible to manipulate the format string to perform a specified mapping for me since I cannot modify the original code?

Improve this question
5
  • Is is built using dynamic linking? If it is, you could replace libc with a modified version that does what you want. Commented Dec 28, 2012 at 18:14
  • @DirkHolsopple It is, but sprintf is called dozens of other places in the code and I only want the mapping to occur in this one place. Commented Dec 28, 2012 at 18:15
  • In that case, you can (inside this modified sprintf) grab the return pointer from the stack and check - if it's the one you need, modify it, otherwise just pass it through. You will need some assembler/disassembler basics to pull that off. Commented Dec 28, 2012 at 18:17
  • 3
    If you can change the format string, just add some magic number to the front of the string when you want the modified behavior. In the modified sprintf, check for the magic number, if it isn't there, use the original behavior, if it is, use the modified behavior. Commented Dec 28, 2012 at 18:21
  • 1
    @DirkHolsopple You should make this an answer, I think that's how I will go about this. It turns out I already asked how to replace standard functions with custom ones before ( stackoverflow.com/questions/9272155/… ), I don't know why I didn't make the connection Commented Dec 28, 2012 at 18:49

3 Answers 3

Reset to default
2

What you are looking for is possible with API Hooking

API hooking consists of intercepting a function call in a program and redirecting it to another function. By doing this, the parameters can be modified, the original program can be tricked if you choose to return an error code when really it should be successful, and so on. All of this is done before the real function is called, and in the end, after modifying/storing/extending the original function/parameters, control is handed back over to the original function until it is called again.

You would have to intercept the original call to the function with the sprintf and overwrite the this->LabelFormat with the desired value before handing over control to the function.

For further information, go to Detours - Microsoft Research

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

I think it is not possible with format string only. You should add extra machine instructions somewhere. For example, you can replace sprintf function with your own.

Improve this answer

Comments

0

If you have access to value before setting LabelFormat then all you have to do is set LabelFormat to the string you want to be displayed (without any % codes in it at all). The function will then ignore the extra parameter but it will have printed what you wanted. If you don't also have aaccess to value then I don't see any way to do the mapping with only format codes.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.