1. Live Coding in C++
Seiya Ishibashi
2014/09/02

2. Objective
ᮏබ₇䛜┠ᣦ䛩䛸䛣䜝
● C++ 䛷ᛌ㐺䛻䝀䞊䝮䜢㛤Ⓨ䛩䜛⎔ቃ䜢
● 䛔䜝䜣䛺㯮㨱⾡䜢㥑౑䛧䛶
● 䛷䛝䜛䛰䛡ỗ⏝ⓗ䛻
● 䛷䛝䜛䛰䛡㠀౵ධⓗ䛻
● ୍ಶே䛾ປຊ䛷ྍ⬟䛺⠊ᅖ䛷
● ᇶᮏⓗ䛻 Windows ๓ᥦ䛷
● ᐇ⌧䛩䜛
*ᮏබ₇䛿⚾ಶே䛾ᐇ㦂䛾ᡂᯝ䛷䛒䜚䚸 Unity 䛸䛿≉䛻㛵ಀ䛿䛒䜚䜎䛫䜣
(ᑡ䛺䛟䛸䜒௒⌧ᅾ䛿䚹䛭䛖䛔䛖ヰ䜢ᮇᚅ䛧䛶䛔䛯᪉䛻䛿䛩䜏䜎䛫䜣 )

3. About Me
Seiya Ishibashi
● a.k.a i-saint (@i_saint)
● CPU & GPU ඲ຊ䛷䜆䜣ᅇ䛧䛶⨾䛧䛔䜲䞁䝍䝷䜽䝅䝵䞁䜢ᐇ⌧䛩䜛䛾䛜⏕䛝⏥ᩫ
● ୪ิ䝥䝻䜾䝷䝭䞁䜾䜢୰ᚰ䛻䝻䞊䝺䝧䝹඲⯡䜢ᢸᙜ䚹䛯䜎䛻䜾䝷䝣䜱䝑䜽䜒
● ᭱㏆䛰䛸 Unity 䛱䜓䜣䝇䝔䞊䝆䛾ᗋ䜢ᢸᙜ

4. Topics
● Runtime C++ Code Editing
● State Save
● Inspector

5. Topics
● Runtime C++ Code Editing
● State Save
● Inspector

6. Runtime C++ Code Editing
Runtime C++ Code Editing ?
● C++ 䝋䞊䝇䛾ኚ᭦䜢ᐇ⾜୰䛾䝥䝻䜾䝷䝮䛻䝸䜰䝹䝍䜲䝮䛻཯ᫎ䛥䛫䜛ᶵ⬟
● 䛔䛟䛴䛛䛾ᐇ⿦䛜䛒䜚䚸㡰ḟゎㄝ
● Edit and Continue (Visual Studio)
● Runtime Compiled C++
● DynamicPatcher

7. Runtime C++ Code Editing
● Edit and Continue (Visual Studio)
● Runtime Compiled C++
● DynamicPatcher

8. Edit and Continue
Edit and Continue ?
● VisualStudio 䛻ഛ䜟䛳䛶䛔䜛ᶵ⬟
● ᐇ⾜୰䛻䝕䝞䝑䜺䛷Ṇ䜑䛶 C++ 䝋䞊䝇䜢⦅㞟䛩䜛䛸䚸䛭䜜䜢཯ᫎ䛧䛴䛴ᐇ⾜䜢⥅⥆䛷䛝䜛
● ≉ᐃ䛾䝁䞁䝟䜲䝹䜸䝥䝅䝵䞁 (/ZI) 䜢䛴䛡䛶䝡䝹䝗䛩䜛䛣䛸䛷ᑐᛂྍ⬟
● 䝀䞊䝮ᒇⓗ䛻ཝ䛧䛔ไ㝈䛜䛔䛟䛴䛛䛒䜛
○ ᭱㐺໬䛜᭷ຠ䛰䛸౑䛘䛺䛔
○ x64 ᮍᑐᛂ
○ 䝕䝞䝑䜺䛷Ṇ䜑䛺䛔䛸ኚ᭦䜢཯ᫎ䛷䛝䛺䛔

9. Runtime C++ Code Editing
● Edit and Continue (Visual Studio)
● Runtime Compiled C++
● DynamicPatcher

10. Runtime Compiled C++
Runtime Compiled C++
● http://runtimecompiledcplusplus.blogspot.jp/
● Doug Binks Ặస
● ከ䛟䛾᥇⏝ᐇ⦼䛜䛒䜛
● Unreal Engine 4 䛾 Hot Reload 䛿኱య䛣䜜䛸ྠ䛨௙⤌䜏

11. Runtime Compiled C++
ᐇ⿦ᡓ␎
1. 䜲䞁䝍䞊䝣䜵䞊䝇 class 䜢ᐃ⩏䛧䚸⦅㞟ྍ⬟䛻䛧䛯䛔㒊ศ䜢⥅ᢎ䛧䛯 class 䛻㛢䛨㎸䜑䚸DLL 䛻ศ㞳
2. C++ 䝋䞊䝇䜢᭦᪂䛧䛯䜙 DLL 䜢䝡䝹䝗
3. ᑐ㇟ DLL 䛻ᒓ䛩䜛䜸䝤䝆䜵䜽䝖䜢䝅䝸䜰䝷䜲䝈䛧䚸 DLL 䜢䝸䝻䞊䝗䛧䚸䜸䝤䝆䜵䜽䝖䜢䝕䝅䝸䜰䝷䜲䝈

12. Runtime Compiled C++
// main.exe
class Interface
{
public:
virtual void Update()=0;
virtual void Serialize(...)=0;
};
// entity.dll
class Entity : public Interface
{
public:
virtual void Update();
virtual void Serialize(...);
};

13. Runtime Compiled C++
// main.exe
class Interface
{
public:
virtual void Update()=0;
virtual void Serialize(...)=0;
};
// entity.dll
class Entity : public Interface
{
public:
virtual void Update();
virtual void Serialize(...);
};
// entity_updated.dll
class Entity : public Interface
{
public:
virtual void Update();
virtual void Serialize(...);
};

14. Runtime Compiled C++
// main.exe
class Interface
{
public:
virtual void Update()=0;
virtual void Serialize(...)=0;
};
// entity.dll
class Entity : public Interface
{
public:
virtual void Update();
virtual void Serialize(...);
};
// entity_updated.dll
class Entity : public Interface
{
public:
virtual void Update();
virtual void Serialize(...);
};

15. Runtime Compiled C++
DLL 䜈䛾ศ๭
● interface class 䜢⏝ព
● ⦅㞟ྍ⬟䛻䛧䛯䛔༢఩䛷 DLL 䛻ศ๭ (䍦䝥䝻䝆䜵䜽䝖䜢ศ๭ )
● DLL ഃ䛿 interface 䜢⥅ᢎ䛧䛯 class 䜢ᐇ⿦䛧䚸䛭䛾 factory 㛵ᩘ䜢 exe ഃ䛻ᥦ౪

16. Runtime Compiled C++
DLL 䛾䝡䝹䝗
● VisualStudio 䛾䝁䞁䝟䜲䝷䜢࿧䜆
○ 䝺䝆䝇䝖䝸䛛䜙᝟ሗ䜢ᚓ䛶 cl.exe 䜢㉳ື

17. Runtime Compiled C++
DLL 䛾䝸䝻䞊䝗
1. DLL 䛻ᒓ䛩䜛䜸䝤䝆䜵䜽䝖䜢䝅䝸䜰䝷䜲䝈
2. ᪂䛧䛔 DLL 䜢䝻䞊䝗
3. ᪂䛧䛔 DLL 䛷䜸䝤䝆䜵䜽䝖䜢෌⏕ᡂ䛧䚸䝕䝅䝸䜰䝷䜲䝈
4. ྂ䛔䜸䝤䝆䜵䜽䝖䜢◚Რ
5. ྂ䛔 DLL 䜢䜰䞁䝻䞊䝗
● 䝅䝸䜰䝷䜲䝈䛿䝕䞊䝍ᵓ㐀䛻ኚ᭦䛜䛺䛟䛶䜒ᚲせ
○ 䛭䛖䛧䛺䛔䛸 vtable 䛜᭦᪂䛥䜜䛪䚸ྂ䛔 DLL 䛾㛵ᩘ䜢࿧䜃䛻⾜䛣䛖䛸䛧䛶Ṛ䛼

18. Runtime Compiled C++
pros:
● ᐇ⿦䛜䝅䞁䝥䝹䛛䛴ሀᐇ
● ከ䛟䛾䝥䝷䝑䝖䝣䜷䞊䝮䛷ᐇ⌧ྍ⬟
● ᭱㐺໬䛜᭷ຠ䛷䜒ᶵ⬟䛩䜛
● ⦅㞟ᚋ䜒䝕䝞䝑䜺䛷㏣㊧ྍ⬟
cons:
● ⦅㞟ྍ⬟䛻䛧䛯䛔㒊ศ䜢 DLL 䛻ศ㞳䛩䜛ᚲせ䛜䛒䜛
● 䝅䝸䜰䝷䜲䝈䛜ᚲせ
● interface 䜢⥅ᢎ䛧䛯 class 䛧䛛᭦᪂䛷䛝䛺䛔

19. Runtime C++ Code Editing
● Edit and Continue (Visual Studio)
● Runtime Compiled C++
● DynamicPatcher

20. DynamicPatcher
DynamicPatcher
● https://github.com/i-saint/DynamicPatcher
● Runtime Compiled C++ 䛻䜲䞁䝇䝟䜲䜰䛥䜜䛶స䜚䜎䛧䛯
● ᪤Ꮡ䛾䝥䝻䝆䜵䜽䝖䛻⡆༢䛻⤌䜏㎸䜑䜛䛣䛸䜢෌ඃඛ䛻タィ
● Riot Games 䛷᥇⏝䛥䜜䛯ᐇ⦼䛒䜚

21. DynamicPatcher
ᐇ⿦ᡓ␎
1. C++ 䝋䞊䝇䜢䝁䞁䝟䜲䝹
2. ⏕ᡂ䛥䜜䛯 .obj 䝣䜯䜲䝹䜢⮬ຊ䛷䝻䞊䝗䠃䝸䞁䜽
3. ྂ䛔㛵ᩘ䜢᪂䛧䛔㛵ᩘ䜈䛾 jmp 䛻᭩䛝᥮䛘䛶᭦᪂

22. DynamicPatcher
// main.exe
class Entity
{
public:
virtual void Update();
};

23. DynamicPatcher
// main.exe
class Entity
{
public:
virtual void Update();
};
// entity.obj
class Entity
{
public:
virtual void Update();
};

24. DynamicPatcher
C++ 䝋䞊䝇䜢䝁䞁䝟䜲䝹
● msbuild 䛻௵䛫䜛
○ VisualStudio 䛾䝡䝹䝗䝒䞊䝹
○ 䝍䞊䝀䝑䝖䜢 “ClCompile” 䛸䛩䜛䛣䛸䛷䝁䞁䝟䜲䝹䛰䛡ᐇ⾜ྍ⬟

25. DynamicPatcher
.obj 䝣䜯䜲䝹䛾䝻䞊䝗䠃䝸䞁䜽
● .obj 䛿䝣䜷䞊䝬䝑䝖䛜බ㛤䛥䜜䛶䛚䜚䚸ẚ㍑ⓗ䜟䛛䜚䜔䛩䛔ᵓ㐀䜢䛧䛶䛔䜛䛯䜑䚸⮬ຊ䝻䞊䝗䠃䝸䞁䜽
䛿䛭䛣䜎䛷㞴䛧䛟䛿䛺䛔
○ 䝣䜯䜲䝹䝣䜷䞊䝬䝑䝖㈨ᩱ䠖 http://www.skyfree.org/linux/references/coff.pdf

26. DynamicPatcher
section 䜢෌㓄⨨䛧䛴䛴䝯䝰䝸ୖ䛻䝬䝑䝥
● .obj 䝣䜯䜲䝹䛿 section 䛸࿧䜀䜜䜛䝤䝻䝑䜽䛷ᵓᡂ䛥䜜䜛
● section ẖ䛻Ⰽ䜣䛺ᒓᛶ䛸᝟ሗ䛜௜㝶䛩䜛
○ 䝕䞊䝍䚸ᐇ⾜䝁䞊䝗䚸䝕䝞䝑䜾᝟ሗ䚸 etc
● 䜰䝷䜲䝯䞁䝖ᣦᐃ䛜䛒䜛 section 䛜䛒䜚䚸.obj 䝣䜯䜲䝹䛾≧ែ䛷䛿䛣䜜䜢⪃៖䛧䛯㓄⨨䛻䛺䛳䛶䛔䛺
䛔䚹⮬ຊ䛷෌㓄⨨䛩䜛ᚲせ䛜䛒䜛
○ 䛣䜜䜢ᛰ䜛䛸 __m128 䛾 literal 䜢ཧ↷䛺䛹䛷ㅦ䛾䜽䝷䝑䝅䝳䛜㉳䛝䜛
● VirtualAlloc() 䛷☜ಖ䛧䛯䚸ᐇ⾜ྍ⬟ᒓᛶ௜䛝䛾㡿ᇦ䛻 section 䛾ෆᐜ䜢⛣䛧䛶䛔䛡䜀 ok

27. DynamicPatcher
relocation ᝟ሗ䜢ඖ䛻䝅䞁䝪䝹䜢䝸䞁䜽
● relocation ᝟ሗ: 䝸䞁䜽᫬䛻䛣䛣䛻䛒䛾䝅䞁䝪䝹䛾䜰䝗䝺䝇䜢᭩䛝㎸䜣䛷䛽䚸䛸䛔䛖᝟ሗ
● 䛣䛾᝟ሗ䛻ᚑ䛳䛶䜰䝗䝺䝇䜢᭩䛝㎸䜣䛷䛔䛡䜀䝸䞁䜽䛜᏶஢䛩䜛
● .obj ෆ䛻䛒䜛䝅䞁䝪䝹䛿 .obj 䛾䝅䞁䝪䝹䝔䞊䝤䝹䛛䜙ྲྀᚓྍ⬟
● 䝩䝇䝖䝥䝻䜾䝷䝮䛾䝅䞁䝪䝹䛿 SymFromName() 䜒䛧䛟䛿 .map 䝣䜯䜲䝹䛛䜙ྲྀᚓྍ⬟
○ SymFromName() 䛿 .pdb 䛜ᚲせ䛛䛴㉸㐜䛔ୖ䚸 thread unsafe
○ .map 䝣䜯䜲䝹䜢౑䛖᪉䛜ᮃ䜎䛧䛔 (䛯䛰䛧䝸䞁䜹䜸䝥䝅䝵䞁 /MAP 䛜ᚲせ)
● ≉ᐃ䛾䝅䞁䝪䝹䛿ᖖ䛻䝩䝇䝖䝥䝻䜾䝷䝮䛾䝅䞁䝪䝹䛷䝸䞁䜽䛩䜛ᚲせ䛜䛒䜛
○ static 䛺䜸䝤䝆䜵䜽䝖䛺䛹䚸ศᩓ䛥䜜䜛䛸ᅔ䜛䜒䛾

28. DynamicPatcher
ྂ䛔㛵ᩘ䜢᪂䛧䛔㛵ᩘ䜈䛾 jmp 䛻᭩䛝᥮䛘䛶᭦᪂
● 㛵ᩘ䛾ඛ㢌 5 byte 䜢᪂䛧䛔㛵ᩘ䜈䛾 jmp 䛻᭩䛝᥮䛘䜛
○ x86 䛻䛿࿨௧⮬㌟䛻㣕䜃ඛ䜰䝗䝺䝇䜢ྵ䜑䜙䜜䜛 jmp ࿨௧䛜䛒䜛
○ 䝺䝆䝇䝍䛾ෆᐜ䜢ኚ䛘䛪䛻ไᚚ䜢㣕䜀䛫䜛䛯䜑䚸ᘬᩘ䛜ྠ䛨ᆺ䛾ู䛾㛵ᩘ䛻⡆༢䛻䝸䝎䜲䝺䜽
䝖䛷䛝䜛
● 㛵ᩘ䛾䜰䝗䝺䝇䛿ኚ䜟䜙䛺䛔䛾䛷 vtable 䛾᭦᪂䛜ᚲせ䛺䛟䛺䜛
○ 䝅䝸䜰䝷䜲䝈䛺䛧䛷 class 䛾ᣲື䜢ኚ᭦ྍ⬟
● virtual 㛵ᩘ䛻㝈䜙䛪䜋䛸䜣䛹䛾㛵ᩘ䛾᭦᪂䛜ྍ⬟
○ inline 㛵ᩘ䛺䛹୍㒊౛እ䛒䜚

29. DynamicPatcher
᪤Ꮡ䛾䝥䝻䜾䝷䝮䛻⤌䜏㎸䜐
● main() 㛵ᩘ䛻 1 ⾜㊊䛧䛶䝡䝹䝗䛧䛶䜒䜙䛘䜛䛺䜙䛭䜜䛷஦㊊䜚䜛
● 䛧䛛䛧䝋䞊䝇䛻ኚ᭦䛜ᚲせ䛰䛸ᑟධ䝁䝇䝖䛜ୖ䛜䜛䚹䝋䞊䝇䛾ኚ᭦䛺䛧䛷ᑐᛂ䛧䛯䛔
● 䛣䛖䛔䛖᫬䛣䛭 DLL Injection

30. DynamicPatcher
DLL Injection
● ᪤Ꮡ䛾䝥䝻䜾䝷䝮䛻௵ព䛾 DLL (=௵ព䛾䝁䞊䝗) 䜢ὀධ䛩䜛䝔䜽䝙䝑䜽
● CreateRemoteThread() 䜢⏝䛔䚸ᑐ㇟䝥䝻䝉䝇䛾୰䛷 LoadLibrary() 䜢࿧䜀䛫䜛
○ VirtualAlollocEx() 䛷ᑐ㇟䝥䝻䝉䝇ෆ䛻䝯䝰䝸䜢☜ಖ䛧䛶䝻䞊䝗䛥䛫䛯䛔 DLL 䛾䝟䝇䜢᭩䛝㎸
䜏䚸䛭䜜䜢ᘬᩘ䛸䛧䛶 LoadLibrary() 䜢䜶䞁䝖䝸䝫䜲䞁䝖㛵ᩘ䛸䛧䛶䝇䝺䝑䝗䜢సᡂ
● 䜟䜚䛸䛔䜝䜣䛺䝒䞊䝹䛷⏝䛔䜙䜜䛶䛔䜛
○ 䝡䝕䜸䜻䝱䝥䝏䝱䝋䝣䝖䚸䜾䝷䝣䜱䝑䜽䝕䝞䝑䜺䚸 etc

31. DynamicPatcher
᪤Ꮡ䛾䝥䝻䜾䝷䝮䛻⤌䜏㎸䜐 (2)
● ୍㐃䛾ᶵ⬟䜢ᐇ⿦䛧䛯 DLL 䜢ᑐ㇟䝥䝻䝉䝇䛻ὀධ
● DLL 䛛䜙䝥䝻䝉䝇㛫㏻ಙ䛷እ㒊䛛䜙㏻ಙ䛩䜛❆ཱྀ䜢㛤䛟
● 䝸䜽䜶䝇䝖䛻ᛂ䛨䛶᭦᪂䛩䜛㛵ᩘ䛾ᣦᐃ䜔 .obj 䝣䜯䜲䝹䜢䝻䞊䝗䛺䛹䜢⾜䛖
● ௒ᅇ䛿 VisualStudio 䛾䜰䝗䜲䞁䜢సᡂ䛧䚸ᑐ㇟䝥䝻䝉䝇䛸㏻ಙ䛩䜛䜘䛖䛻䛧䛯
○ ௨ୗ䛾ᶵ⬟䜢ᐇ⿦
1. DLL Injection 䛧䛴䛴䝥䝻䜾䝷䝮㉳ື
2. .cpp 䜢䝁䞁䝟䜲䝹䛧䛶䝻䞊䝗䝸䜽䜶䝇䝖䜢㏦䜛
3. ᭦᪂䛩䜛䝅䞁䝪䝹䜢ᣦᐃ

32. DynamicPatcher
demo

33. DynamicPatcher
ไ㝈䠃ὀពⅬ
● ኚ᭦ᚋ䛾 .cpp 䛿䝕䝞䝑䜺䛷㏣䛘䛺䛟䛺䜛
○ 䝋䞊䝇䛸䝞䜲䝘䝸䛿ኚ䜟䜛୍᪉䝕䝞䝑䜾᝟ሗ䛿ኚ䜟䜙䛺䛔䛯䜑
● /LTCG (䝸䞁䜽᫬䝁䞊䝗⏕ᡂ ) 䜸䝥䝅䝵䞁䛷䝁䞁䝟䜲䝹䛥䜜䛯 .obj 䛿ᑐᛂ୙ྍ
○ ㏻ᖖ䛸␗䛺䜛䝣䜯䜲䝹䝣䜷䞊䝬䝑䝖䛻䛺䜛䛯䜑
● /GR (RTTI ᭷ຠ) 䛷䝁䞁䝟䜲䝹䛥䜜䛯 .obj 䛿༴㝤
○ vtable 䛾ᵓ㐀䛜ኚ䜟䜛
● global 䜸䝤䝆䜵䜽䝖䛾䝁䞁䝇䝖䝷䜽䝍ၥ㢟
○ atexit() 䛷䝕䝇䝖䝷䜽䝍䜢࿧䜆ฎ⌮䜢Ⓩ㘓䛩䜛䛯䜑༴㝤
● ౛እ
○ ᑐᛂ㞴ᗘ㧗䛧

34. DynamicPatcher
pros
● ᪤Ꮡ䛾䝥䝻䝆䜵䜽䝖䛻䛭䛾䜎䜎㐺⏝ྍ⬟
● ᭱㐺໬䛜᭷ຠ䛷䜒ᶵ⬟䛩䜛 (䛯䛰䛧䝸䞁䜽᫬䝁䞊䝗⏕ᡂ䛿䝎䝯 )
● 䜋䜌඲䛶䛾㛵ᩘ䜢᭦᪂ྍ⬟
cons
● ⦅㞟ᚋ䝕䝞䝑䜺䛷㏣䛘䛺䛟䛺䜛
● ᑐᛂྍ⬟䛺䝥䝷䝑䝖䝣䜷䞊䝮䛻኱䛝䛺ไ㝈䛜䛒䜛
● Ⰽ䚻୙ᛮ㆟䛺ไ㝈䛜䛴䛔䛶䜎䜟䜛

35. Runtime C++ Code Editing
⪃ᐹ
● Edit and Continue
○ x64 ᑐᛂ & ᭱㐺໬᭷ຠ䛜䛺䛔䛸䝀䞊䝮ᒇⓗ䛻ཝ䛧䛔 …
● Runtime Compiled C++
○ ಙ㢗ᛶ䛾㧗䛥䛿᥇⏝ᐇ⦼䛜ド᫂῭䜏
○ 䛧䛛᪤Ꮡ䛾䝥䝻䝆䜵䜽䝖䛻⤌䜏㎸䜐䛾䛿኱ኚ
○ ᐇ⿦䛾㝿䛿䝡䝹䝗䝒䞊䝹䛺䛹࿘㎶⎔ቃ䛾ᩚഛ䛾᪉䛜኱ኚ䛰䛸ண᝿䛥䜜䜛
● DynamicPatcher
○ ᑟධ䝁䝇䝖䛾ప䛔䠃㐺⏝⠊ᅖ䛾ᗈ䛔
○ 䛯䛰䛧Ⰽ䚻୙ᛮ㆟䛺ไ㝈䛜䛴䛔䛶䜎䜟䜛
○ ᨵⰋḟ➨䛷ไ㝈⦆࿴䛷䛝䛭䛖䛰䛜䚸ᐇ⿦䛿኱ኚ䛷䝥䝷䝑䝖䝣䜷䞊䝮౫Ꮡᛶ䜒㧗䛔

36. Runtime C++ Code Editing
⿵㊊᝟ሗ
● Recode
○ http://www.indefiant.com/
○ GDC 2014 䛷Ⓨ⾲䚹Cryengine 䛜᥇⏝
○ ᪤Ꮡ䝥䝻䝆䜵䜽䝖䛻䛭䛾䜎䜎㐺⏝ྍ⬟䚹䝬䝙䝳䜰䝹䛛䜙᥎ 䛩䜛䛻 DynamicPatcher ᪉ᘧ䠛
● libdcompile
○ https://github.com/Fadis/libdcompile
○ clang & LLVM 䜢⏝䛔䛶 C++ 䛷 eval 䜢ᐇ⌧䛩䜛䝷䜲䝤䝷䝸
● Projucer IDE
○ http://2013.cppnow.org/session/the-projucer-live-coding-with-c-and-the-llvm-jit-engine/
○ clang & LLVM JIT engine 䜢ෆⶶ䛧䛯 IDE

37. Topics
● Runtime C++ Code Editing
● State Save
● Inspector

38. State Save
State Save?
● 䝥䝻䝉䝇䛾ෆ㒊≧ែ䜢䜎䜛䛤䛸ಖᏑ䠃᚟ඖ䛩䜛ᶵ⬟
● Checkpointing 䛸䛔䛖ྡ๓䛜䜘䜚ṇᘧ䜙䛧䛔
○ http://en.wikipedia.org/wiki/Application_checkpointing
● 㐺ᙜ䛺㛫㝸䛷䝉䞊䝤䛧䛺䛜䜙䝔䝇䝖䝥䝺䜲 ->┤䛧䛯䛔䛸䛣䜝䛜䛒䛳䛯䜙ᕳ䛝ᡠ䛧䚸ಟṇ䛧䚸䝥䝺䜲⥅⥆䚸
䛸䛔䛖౑䛔᪉䜢᝿ᐃ
○ TAS ື⏬〇సᡭἲ䛾䝀䞊䝮ไస䜈䛾ᛂ⏝
○ TAS 䛾ሙྜᕳ䛝ᡠ䛧䛶䝥䝺䜲䜢ಟṇ䛩䜛䛜䚸䛣䛾ሙྜ䝺䝧䝹䛭䛾䜒䛾䜢ಟṇ䛩䜛
● ㏻ᖖ StateSave 䛿䝍䜲䝖䝹䛤䛸䛻ᐇ⿦䛩䜛䛜䚸኱䛝䛺ᡭ㛫䛜䛛䛛䜛䚹ỗ⏝ⓗ䛻ᐇ⌧䛷䛝䛺䛔䛛䠛
○ PC 䛻㝈ᐃ䛩䜜䜀䛯䜆䜣ྍ⬟䟿

39. State Save
ᐇ⿦ᡓ␎
● 䝥䝻䝉䝇䛾≧ែ䜢᚟ඖ䛩䜛䛾䛻ᚲせ䛺䜒䛾䛿௨ୗ䛾 3 䛴
○ 䝯䝰䝸䛾≧ែ
○ 䝇䝺䝑䝗䛾≧ែ
○ 䜹䞊䝛䝹䜸䝤䝆䜵䜽䝖䛾≧ែ
● 䛣䜜䜙䛾᚟ඖ䛻ᚲせ䛺᝟ሗ䜢཰㞟䛩䜛

40. State Save
ணഛ▱㆑: API Hook
● 㛵ᩘ䛾࿧䜃ฟ䛧䜢ู䛾㛵ᩘ䛻䝸䝎䜲䝺䜽䝖䛥䛫䜛䝔䜽䝙䝑䜽
● ᑐ㇟䛜እ㒊 DLL 䛾㛵ᩘ䛾ሙྜ䚸 Import Address Table 䜢᭩䛝᥮䛘䜛䛣䛸䛷ᐜ᫆䛻ᐇ⌧ྍ⬟
○ ྛ䝰䝆䝳䞊䝹䛻䛿እ㒊 DLL 䛾㛵ᩘ䛾ྡ๓䛸䜰䝗䝺䝇䜢ಖᣢ䛩䜛㡿ᇦ䛜䛒䜛
○ 䛭䛾䜰䝗䝺䝇䜢᭩䛝᥮䛘䜛䛣䛸䛷࿧䜃ฟ䛧䜢䝸䝎䜲䝺䜽䝖䛥䛫䜛䛣䛸䛜䛷䛝䜛
hoge.exe
MSVCR.dll
ImportNameTable ImportAddressTable
printf 0x40000000
exit 0x40000020
...
MSVCR.dll
0x40000000 printf()
0x40000020 exit()
...

41. State Save
ணഛ▱㆑: API Hook
● 㛵ᩘ䛾࿧䜃ฟ䛧䜢ู䛾㛵ᩘ䛻䝸䝎䜲䝺䜽䝖䛥䛫䜛䝔䜽䝙䝑䜽
● ᑐ㇟䛜እ㒊 DLL 䛾㛵ᩘ䛾ሙྜ䚸 Import Address Table 䜢᭩䛝᥮䛘䜛䛣䛸䛷ᐜ᫆䛻ᐇ⌧ྍ⬟
○ ྛ䝰䝆䝳䞊䝹䛻䛿እ㒊 DLL 䛾㛵ᩘ䛾ྡ๓䛸䜰䝗䝺䝇䜢ಖᣢ䛩䜛㡿ᇦ䛜䛒䜛
○ 䛭䛾䜰䝗䝺䝇䜢᭩䛝᥮䛘䜛䛣䛸䛷࿧䜃ฟ䛧䜢䝸䝎䜲䝺䜽䝖䛥䛫䜛䛣䛸䛜䛷䛝䜛
hoge.exe
MSVCR.dll
ImportNameTable ImportAddressTable
printf 0x50000000
exit 0x50000020
...
MSVCR.dll
0x40000000 printf()
0x40000020 exit()
...
Injected.dll
0x50000000 printf_hook()
0x50000020 exit_hook()
...

42. State Save
ணഛ▱㆑: API Hook (2)
● WinAPI 䜢 hook 䛧䛶
○ ᚟ඖ䛻ᚲせ䛺᝟ሗ䜢䛛䛩䜑ྲྀ䜛
○ 䜒䛧䛟䛿᚟ඖྍ⬟䛺⊂⮬䝹䞊䝏䞁䛻ᕪ䛧᭰䛘䜛
● 䛸䛔䛖䛾䛜௒ᅇ䛾ᇶᮏᡓ␎

43. State Save
䝯䝰䝸䛾≧ែ
● 䝰䝆䝳䞊䝹㡿ᇦ䚸䝠䞊䝥㡿ᇦ䚸䝨䞊䝆䝯䝰䝸䚸䝇䝍䝑䜽㡿ᇦ䚸ಶูᑐฎ䛜ᚲせ

44. State Save
䝯䝰䝸䛾≧ែ (2)
● 䝰䝆䝳䞊䝹㡿ᇦ
○ exe 䜔 dll 䛜䝬䝑䝥䛥䜜䛯㡿ᇦ
○ global ኚᩘ䚸static ኚᩘ䛿䛣䛾㡿ᇦ䛻Ꮡᅾ
○ 䝁䞊䝗㡿ᇦ䛿᭩䛝㎸䜏୙ྍ⬟䚸ኚᩘ㡿ᇦ䛿᭩䛝㎸䜏ྍ⬟ᒓᛶ䛜䛴䛔䛶䛔䜛
○ 䝰䝆䝳䞊䝹䛾ඛ㢌䛛䜙 VirtualQuery() 䛷㡰ḟ䝯䝰䝸䜢ㄪ䜉䚸᭩䛝㎸䜏ྍ⬟䛺㡿ᇦ䜢ಖᏑ
○ 䝰䝆䝳䞊䝹䛾ᕠᅇ䛿 CreateToolhelp32Snapshot(), Module32First(), Module32Next()

45. State Save
䝯䝰䝸䛾≧ែ (3)
● 䝠䞊䝥㡿ᇦ
○ malloc() 䜔 new 䛻䜘䛳䛶☜ಖ䛥䜜䛯㡿ᇦ
○ 䛣䜜䜙䛿䛭䛾䜎䜎䛷䛿☜ಖ䛩䜛㡿ᇦ䛾䜰䝗䝺䝇䛾ண 䛜ᅔ㞴
○ MSVCRT 䛾䝯䝰䝸☜ಖ䝹䞊䝏䞁䛿඲䛶 WinAPI 䛾 HeapAlloc() 䛷ᐇ⿦䛥䜜䛶䛔䜛
○ HeapAlloc() 䜢 API hook 䛷஌䛳ྲྀ䛳䛶⊂⮬䝹䞊䝏䞁䛻ᕪ䛧᭰䛘䜛䛣䛸䛷ᑐᛂྍ⬟
○ ௒ᅇ䛾౛䛷䛿஦๓䛻䛷䛛䛔䝯䝰䝸㡿ᇦ䜢☜ಖ䛧䛶 dlmalloc 䛷⟶⌮䛩䜛䝹䞊䝏䞁䜢౑⏝

46. State Save
䝯䝰䝸䛾≧ែ (4)
● 䝨䞊䝆䝯䝰䝸
○ VirtualAlloc() ୍᪘䛷☜ಖ䛥䜜䛯㡿ᇦ
○ 䜰䝗䝺䝇ᣦᐃ䛾☜ಖ䛜䛷䛝䜛䛯䜑⡆༢
○ VirtualAlloc() ୍᪘䜢 hook 䛧䛶ᚲせ䛺᝟ሗ䜢グ㘓䛩䜛䛰䛡

47. State Save
䝯䝰䝸䛾≧ែ (5)
● 䝇䝍䝑䜽㡿ᇦ
○ GetContext䠄䠅 䛷䝇䝺䝑䝗䛾䝺䝆䝇䝍䛾≧ែ䜢ྲྀᚓ䛷䛝䜛
○ esp (x64 䛰䛸 rsp) 䝺䝆䝇䝍䛜䝇䝍䝑䜽䛾䛹䛣䛛䜢ᣦ䛧䛶䛔䜛
○ VirualQuery() 䛷 esp/rsp 䛾㡿ᇦ䛾㛤ጞ䜰䝗䝺䝇䛸䝃䜲䝈䜢ྲྀᚓ䛧䛶グ㘓
○ 䝇䝺䝑䝗䛾ᕠᅇ䛿 CreateToolhelp32Snapshot(), Thread32First(), Thread32Next() 䜢౑⏝
■ ඲䝥䝻䝉䝇䛾඲䝇䝺䝑䝗䜢ᕠᅇ䛩䜛Ⅼ䛻ὀព

48. State Save
䝇䝺䝑䝗䛾≧ែ
● ྛ䝇䝺䝑䝗䛾䝇䝍䝑䜽䛸䝺䝆䝇䝍䛾≧ែ
● 䝇䝍䝑䜽䛻䛴䛔䛶䛿ඛ䛻ゐ䜜䛯㏻䜚
● 䝺䝆䝇䝍䛾ෆᐜ䛿 GetContext() & SetContext() 䜢࿧䜆䛰䛡

49. State Save
䜹䞊䝛䝹䜸䝤䝆䜵䜽䝖䛾≧ែ
● 㠀ᖖ䛻㞴䛧䛔㒊ศ
● API Hook 䛷㉸㡹ᙇ䛳䛶᚟ඖ䛻ᚲせ䛺᝟ሗ䜢཰㞟
● HANDLE 䛿⊂⮬⟶⌮䛾䜒䛾䛷 wrap
○ WinAPI 䛜㏉䛩 HANDLE 䛿್䛿ண ᅔ㞴䛺䛯䜑
● DirectX / OpenGL 䛾䜸䝤䝆䜵䜽䝖䛺䛹䜒ᑐᛂ䛜ᚲせ
● ᑐᛂ䛧䛺䛟䛶䜒䛺䜣䛸䛛䛺䜛䝰䝆䝳䞊䝹䛿↓ど䛩䜛䛾䜒ᡭ
○ API hook 䛫䛪䚸䝰䝆䝳䞊䝹㡿ᇦ䛾䝯䝰䝸䜔䝇䝺䝑䝗䜒䝜䞊䝍䝑䝏

50. State Save
᪤Ꮡ䛾䝥䝻䜾䝷䝮䛻⤌䜏㎸䜐
● DLL Injection 䛷⡆༢䛻ᐇ⌧ྍ⬟
● ௒ᅇ䛾౛䛷䛿 DLL 䛾୰䛷≉ᐃ䜻䞊ධຊ䛻ᛂ䛨䛶䝉䞊䝤䠃䝻䞊䝗

51. State Save
demo

52. State Save
⪃ᐹ
● 䛱䜓䜣䛸ືస䛩䜜䜀ᙉຊ䛺㛤Ⓨᨭ᥼ᶵ⬟䛻䛺䜛䛿䛪
● 䛧䛛䛧䛱䜓䜣䛸ືస䛩䜛䜒䛾䛻௙ୖ䛢䜛䛾䛿㠀ᖖ䛻㞴䛧䛔
● ௒ᅇ䛾౛䜒䜎䛰䜎䛰Ⓨᒎ㏵ୖ
○ 䜹䞊䝛䝹䜸䝤䝆䜵䜽䝖䛿䜋䛸䜣䛹ᮍᑐᛂ䚹䜾䝷䝣䜱䝑䜽⣔䜒ᮍᑐᛂ
○ 䛧䛛䛧≉ᐃ䝅䞊䞁䛻㝈ᐃ䛩䜜䜀౑䛘䛺䛟䜒䛺䛥䛭䛖
● 䝥䝻䝉䝇䛾෌⏕ᡂ䛿௒ᅇ䛿ㅉ䜑
○ ASLR 䛻䜘䜚䝯䝰䝸䝺䜲䜰䜴䝖䛾෌⌧䛜ᅔ㞴䛺䛯䜑
○ WindowsXP SP3 ௨㝆䛾䝉䜻䝳䝸䝔䜱ᶵ⬟䛜䛯䜎䛻䝻䞊䝺䝧䝹䝥䝻䜾䝷䝭䞁䜾䜢㜼ᐖ䛩䜛

53. State Save
⿵㊊᝟ሗ: HourGlass
● https://code.google.com/p/hourglass-win32/
● 䜸䞊䝥䞁䝋䞊䝇䛾 Windows ⏝ TAS ື⏬సᡂᨭ᥼䝒䞊䝹
● API Hook 䛻䜘䜛ෆ㒊䝇䝔䞊䝖䛾ಖᏑ䚸ධຊ䝕䞊䝍䛾෌⌧䚸ື⏬᧜ᙳᶵ⬟䛺䛹䜢ᐇ⿦
● 䛯䛰䛧 32 bit 䛾 WindowsXP 䛷䛺䛔䛸䜎䛸䜒䛻ື䛛䛺䛔
● 䝋䞊䝇䝁䞊䝗䛿䛸䛶䜒㠃ⓑ䛟ཧ⪃䛻䛺䜛

54. State Save
⿵㊊᝟ሗ: undump
● http://d.hatena.ne.jp/shinichiro_h/20060715/1152922272
● Linux ୖ䛷௒ᅇㄝ᫂䛧䛯ෆᐜ䜢ᐇ⌧䛩䜛䜒䛾
● Linux 䛷䛿䛔䛟䜙䛛 Windows 䜘䜚ᴦ䛻ᐇ⌧䛷䛝䜛ᵝᏊ

55. Topics
● Runtime C++ Code Editing
● State Save
● Inspector

56. Inspector
Inspector ?
● GUI䛛䜙䝸䜰䝹䝍䜲䝮䛻䝕䞊䝍䜢⦅㞟䛩䜛ᶵ⬟
● 䛔䜎䛹䛝䛾䝀䞊䝮䜶䞁䝆䞁䛺䜙኱᢬ഛ䜟䛳䛶䜛䜰䝺

57. Inspector
ᐇ⿦ᡓ␎
● 䝕䝞䝑䜾᝟ሗ䛻 class 䛾䝕䞊䝍ᵓ㐀䛜ධ䛳䛶䛔䜛䛾䛷䛭䜜䜢฼⏝
● 䜸䝤䝆䜵䜽䝖䜈䛾䝫䜲䞁䝍䛸ᆺྡ䛛䜙⦅㞟⏝ GUI 䜢ᵓ⠏
● GUI 䛾⦅㞟⤖ᯝ䜢཯ᫎ

58. Inspector
䝕䝞䝑䜾᝟ሗ䛾䝟䞊䝇
● ᆺྡ (ᩥᏐิ) 䛛䜙 SymGetTypeInfo() 䛷ᆺ᝟ሗ䜢ྲྀᚓ
UDT
class Hoge
{
public:
int m_data;
};
Index = 15
UdtKind = UdtClass
Name = “Hoge”
Length = 4
Data
Index = 16
Type = 17
Name = “m_data”
BaseType
Index = 17
Type = btInt
Length = 4
child

59. Inspector
䝕䝞䝑䜾᝟ሗ䛾䝟䞊䝇 (2)
● n byte ┠䛻䛹䛾ᆺ䛾䝕䞊䝍䛜䛒䜛䚸䛸䛔䛳䛯᝟ሗ䛜ྲྀ䜜䜛
● 䜸䝤䝆䜵䜽䝖䛾ྛ䝯䞁䝞䛻ᑐᛂ䛩䜛 GUI 䛾䝁䞁䝖䝻䞊䝹䜢సᡂ
○ 㡹ᙇ䜜䜀䝕䝞䝑䜺䛾ኚᩘḍ䜢䛭䛾䜎䜎෌⌧䛷䛝䜛䛿䛪
● 䝯䞁䝞㛵ᩘ䜒᝟ሗྲྀ䜜䜛
○ 㛵ᩘ䜢࿧䜆䝁䞁䝖䝻䞊䝹䛾⮬ື⏕ᡂ䜒ྍ⬟䛺䛿䛪䛰䛜䚸㠀ᖖ䛻㞴䛧䛔

60. Inspector
ᡭື⏕ᡂ䛸⤌䜏ྜ䜟䛫䜛
● ⮬ື⏕ᡂ䜸䞁䝸䞊䛿ᑡ䚻ཝ䛧䛔
○ std::vector ၥ㢟
○ ⦅㞟䛥䛫䛯䛟䛺䛔䝯䞁䝞ၥ㢟
○ ࿨ྡつ๎䜢タ䛡䛶 annotation 䛾௦䜟䜚䛻䛩䜛䚸䛺䛹䛿䛒䜚䛛䜒
● ᡭື⏕ᡂ䛷⿵䛖
● 㛵ᩘ䜢࿧䜆 GUI 䜒ᡭື⏕ᡂ䛺䜙ᐇ⿦䛿⡆༢

61. Inspector
䜶䝕䜱䝍䛾ᐇ⿦
● GUI 䝣䝺䞊䝮䝽䞊䜽䛿䛺䜣䛷䜒䛔䛔䛜䚸௒ᅇ䛿 HTML & Javascript 䜢౑⏝
● HTTP 䝃䞊䝞䛿 Poco 䛾䛚䛛䛢䛷ᐜ᫆䛻ᐇ⿦ྍ⬟
○ http://pocoproject.org/
● 䝀䞊䝮䛛䜙䝤䝷䜴䝄䛻୍ᐃ㛫㝸ẖ䛻 json ᙧᘧ䛷䝕䞊䝍䜢 serve
● 䝤䝷䜴䝄䛛䜙㏦䜙䜜䛶䛝䛯䝣䜷䞊䝮䝕䞊䝍䜢䝟䞊䝇䛧䛶䝕䞊䝍᭦᪂

62. Inspector
demo

63. Inspector
⪃ᐹ
● ẚ㍑ⓗ䛚ᡭ㍍䛻ᐇ⿦ྍ⬟䛷䛒䜚䛺䛜䜙ᜠᜨ䛿኱䛝䛔
● 䝋䞊䝇䛻ᡭ䜢ຍ䛘䛪䛻ᶵ⬟㏣ຍ䛧䛯䛔ሙྜ䜔䜔㞴ᗘ䛜ୖ䛜䜛
○ DLL Injection & class 䛾䝁䞁䝇䝖䝷䜽䝍 & 䝕䝇䝖䝷䜽䝍䜢 hook
○ ௒ᅇ䛾౛䛿䝋䞊䝇䛻ᡭ䜢ຍ䛘䜛ᙧ䛷ᐇ⿦

64. Inspector
⿵㊊
● Unreal Engine 4 䛿ู䛾ᐇ⿦䜰䝥䝻䞊䝏
○ 䝕䝞䝑䜾᝟ሗ౑䜟䛪⮬ຊゎᯒ

65. Conclusion
● 䝕䝞䝑䜾᝟ሗ䛸ᐇ⾜ྍ⬟䝯䝰䝸䛥䛘䛒䜜䜀 C++ 䛿ືⓗゝㄒ
● ≉ᐃ OS & 䝁䞁䝟䜲䝷๓ᥦ䛷䛒䜜䜀Ⰽ䚻䛺୙ᛮ㆟ᶵ⬟䜢ᐇ⌧ྍ⬟
● ᪤Ꮡ䛾䝒䞊䝹䛛䜙䜲䞁䝇䝢䝺䞊䝅䝵䞁䜢ᚓ䜙䜜䜛䛣䛸䜒

66. Questions?

67. End
䛒䜚䛜䛸䛖䛤䛦䛔䜎䛧䛯䟿

68. Resources
● 今ᅇ䛾䝕䝰䛾䝋䞊䝇䝁䞊䝗⩌
○ DynamicPatcher: https://github.com/i-saint/DynamicPatcher
○ RestoreProcessState: https://github.com/i-saint/scribble/tree/master/RestoreProcessState
○ WebDebugMenu: https://github.com/i-saint/WebDebugMenu
○ atomic: https://github.com/i-saint/atomic
● ᵝ䚻䛺㛵ᩘ hook 䛾ᐇ⿦: http://i-saint.hatenablog.com/entry/2013/07/19/205539