Quit Bugging Me: quick shell tricks – using addresses

Here's a quick-trick you can do from the target side shell.  It might come in handy.  How-to run programs and pass variables by their addresses…

First I'll allocate some space, populate it, assign it to some new symbols and add those symbols to the target-side symbol table using the target resident shell:

-> SomeString = "this is a format spec.  %d is an integer.\n"
new symbol "SomeString" added to symbol table.
SomeString = 0x3db570: value = 4044160 = 0x3db580 = SomeString + 0x10

-> SomeValue = 3
new symbol "SomeValue" added to symbol table.
SomeValue = 0x3db538: value = 3 = 0x3

Now I'll use those symbols, calling a well known entry point:

-> printf (SomeString, SomeValue)
this is a format spec.  3 is an integer.

Here's the trick: using the addresses returned from the calls to the shell, we can call the entry point with the arguments.  The shell treats everything as integers, so it does not care.

-> (0x0004803c)(0x3db580,*0x3db538)
this is a format spec.  3 is an integer.

Above, "SomeString" is a "pointer to char" (char *), it does not need dereferenced.

The address of SomeString is 0x3db570; it contains 0x3db580, which is where the string starts in ram:

> d 0x3db580
003db580:  7468 6973 2069 7320 6120 666f 726d 6174   *this is a format*
003db590:  2073 7065 632e 2020 2564 2069 7320 616e   * spec.  %d is an*
003db5a0:  2069 6e74 6567 6572 2e0a 0000 0000 0000   * integer……..*

Passing a pointer to a struct should work just about the same way from the shell.

This trick can be used with addresses extracted from a run-time image via the "nmxxx" tool, for instance "nmppc".  Have fun!