Index
> Windows > Exporting the fas-file's symbols |
| Author |
|
|
yoshimitsu 23 Oct 2012, 17:53
Hello,
after reading mindcooler's post about extracting labels from the generated fas-file to include those in the pe exports so e.g. OllyDbg or FDbg displays them, I thought about making a macro from it to stay entirely within FASM. Since version 1.71, FASM is able to read and write to different addressing spaces from within others, so now you can easily include data in the output from within a virtual block. To make correct use of it, you have to generate a fas-file with Ctrl+F8 at first and then compile it again, so the macro takes the values from the fresh fas-file. If you already have an export-directive, use output_symbols instead, compile with Ctrl+F9 and copy the assembly-time message to append it to your export-call. symbols.inc: Code: macro gen_symbols filename,ext { local SYM_LABEL,.,imagebase local pos,count,_SYMBOLS_SIZE,_SYMBOLS_COUNT local symbols_table,symbols_length,strings_table,prepr_source local module,addresses,names,ordinals,buffer local current,address,name,ordinal local symbol,value,flags,sib,len,a SYM_LABEL = 109h ;SYM_DEFINED+SYM_USED+SYM_OPTIMIZED .:imagebase=.-rva . data export _symbols_section:: dd 0,0,0,rva module,1 dd _SYMBOLS_COUNT,_SYMBOLS_COUNT dd rva addresses,rva names,rva ordinals addresses dd _SYMBOLS_COUNT dup 0 names dd _SYMBOLS_COUNT dup 0 ordinals dw _SYMBOLS_COUNT dup 0 module db filename#'.'#ext,0 buffer db _SYMBOLS_SIZE dup 0 end data pos = 0 count = 0 virtual at 0 file filename#'.fas' load symbols_table dword from 24 load symbols_length dword from 28 load strings_table dword from 16 load prepr_source dword from 32 current = symbols_table address = addresses name = names ordinal = ordinals repeat symbols_length/32 load symbol dword from current+24 load value qword from current load flags word from current+8 load sib dword from current+12 if flags and SYM_LABEL=SYM_LABEL&sib=0&symbol<>0 store dword value-imagebase at _symbols_section:address store dword rva (buffer+pos) at _symbols_section:name store word count at _symbols_section:ordinal if symbol and (1 shl 31)>0 ;asciiz symbol = symbol and 7FFFFFFFh len = 0 repeat 255 load a byte from strings_table+symbol+%-1 if a=0 break end if store byte a at _symbols_section:buffer+pos+%-1 len = len+1 end repeat else ;pascal load len byte from prepr_source+symbol repeat len load a byte from prepr_source+symbol+% store byte a at _symbols_section:buffer+pos+%-1 end repeat end if pos = pos+len+1 count = count+1 address = address+4 name = name+4 ordinal = ordinal+2 end if current = current+32 end repeat end virtual _SYMBOLS_SIZE = pos _SYMBOLS_COUNT = count } macro output_symbols filename,ext { local SYM_LABEL,current local symbols_table,symbols_length,strings_table,prepr_source local symbol,flags,sib,len,a SYM_LABEL = 109h ;SYM_DEFINED+SYM_USED+SYM_OPTIMIZED ;display ' export '''#filename#'.'#ext#'''' virtual at 0 file filename#'.fas' load symbols_table dword from 24 load symbols_length dword from 28 load strings_table dword from 16 load prepr_source dword from 32 current = symbols_table repeat symbols_length/32 load symbol dword from current+24 load flags word from current+8 load sib dword from current+12 if flags and SYM_LABEL=SYM_LABEL&sib=0&symbol<>0 display ',\',13,10,' ' if symbol and (1 shl 31)>0 ;asciiz symbol = symbol and 7FFFFFFFh len = 0 repeat 255 load a byte from strings_table+symbol+%-1 if a=0 break end if display a len = len+1 end repeat display ',''' repeat len load a byte from strings_table+symbol+%-1 display a end repeat else ;pascal load len byte from prepr_source+symbol repeat len load a byte from prepr_source+symbol+% display a end repeat display ',''' repeat len load a byte from prepr_source+symbol+% display a end repeat end if display '''' end if current = current+32 end repeat end virtual } here's an example: Code: format PE GUI 4.0 entry start include 'win32a.inc' section '.code' code readable executable start: call my_func push 0 call [ExitProcess] my_func: mov [my_var],0 retn section '.data' data readable writeable my_var rd 1 include 'symbols.inc' gen_symbols 'TestFile','exe' section '.idata' import data readable library kernel32,'KERNEL32.DLL' include 'api\kernel32.inc' Edit: "load value dword from current" -> "load value qword from current" for x64 Last edited by yoshimitsu on 26 Oct 2012, 08:51; edited 2 times in total |
|||
23 Oct 2012, 17:53 |
|
|
JohnFound 24 Oct 2012, 17:50
Use FASM 1.71 or newer. It has new features.
|
|||
|
24 Oct 2012, 17:50 |
|
|
khatch 24 Oct 2012, 18:14
Hi,
THANK YOU JohnFound because your post helped me  _________________ Jesus Christ is our Savior |
|||
|
24 Oct 2012, 18:14 |
|
|
l_inc 25 Oct 2012, 20:56
yoshimitsu
I hope you've read not only the mindcooler's post . Because this reduces the value of the macro to a large extent. |
|||
|
25 Oct 2012, 20:56 |
|
|
yoshimitsu 26 Oct 2012, 08:49
You can, however, use it with debugging tools other than OllyDbg (for which there already is a nice plugin) like FDbg.
|
|||
|
26 Oct 2012, 08:49 |
|
< Last Thread | Next Thread > |
Forum Rules:
|