
Sticking a Hand Through Time: Adventures on the call stack - webkike
http://web.engr.illinois.edu/~maplant2/unwind.html
======
hyc_symas
He calls it a C trick but the actual trick is implemented in asm. It _would_
be a cool trick if he did it purely in C. Especially today, "all the world's
not x86".

(And I used to be a gcc maintainer for m68k and i860. I'm quite familiar with
frame pointers and their non-use.)

Btw: you can do this trick without resorting to assembly - start by taking the
address of a local variable.

~~~
webkike
That depends entirely on the calling convention - potentially you can take two
words down from the first argument, but that is no guarantee, and would not
suffice for the didactic goals this article attempts to accomplish.

------
tptacek
Worth knowing that this also describes some of the mechanics of a relatively
common C vulnerability, and a tactic used by some content protection schemes.

------
patrickmay
Neat trick, but still an example of Greenspan's 10th ("Any sufficiently
complicated C or Fortran program contains an ad hoc, informally-specified,
bug-ridden, slow implementation of half of Common Lisp.").

The Common Lisp condition system ([http://www.gigamonkeys.com/book/beyond-
exception-handling-co...](http://www.gigamonkeys.com/book/beyond-exception-
handling-conditions-and-restarts.html)) is worth understanding, even if you're
developing in other languages. It's an elegant example of how to manipulate
the call stack. Unfortunately, it's hard to implement in most other languages.

~~~
pkhuong
There is no special call stack manipulation in the CL condition system. It's
built on top of dynamic scoping and normal catch/throw unwinds; see
[http://www.pipeline.com/~hbaker1/MetaCircular.html](http://www.pipeline.com/~hbaker1/MetaCircular.html)
for block/return-from on top of catch/throw.

~~~
patrickmay
Indeed, but the Common Lisp condition system exposes it and wraps it
elegantly.

------
PaulHoule
Reminds me of the good old days programming in TCL.

------
thisjepisje
What does the mentioned switch statement do?

~~~
Someone
My guess would be that it triggers a compiler error because of the missing
braces {}. However, reading
[http://en.cppreference.com/w/c/language/switch](http://en.cppreference.com/w/c/language/switch)
and [https://msdn.microsoft.com/en-
us/library/66k51h7a.aspx](https://msdn.microsoft.com/en-
us/library/66k51h7a.aspx), I am starting to wonder about that. Both pages
claim that _switch(expression)_ can be followed by any statement, not just
compound ones.

That seems to make it legal C. It also would make

    
    
      switch(i) x += 1;
    

and possibly even

    
    
      switch(i) foo: x += 1;
    

valid (but nonsensical) C. Chances are that the standard contains special
wording that prohibits the latter two, though. If not, this is useful to know
for the obfuscated C contest (more so if you can jump to that label)

~~~
webkike
It does not, GCC compiles the example perfectly fine.

------
skibz
quite an insightful article. and, no, i _do_ now understand frame pointers. ;)

