flat assembler
Message board for the users of flat assembler.
Index
> Windows > PE Native ... extrn ??? Goto page Previous 1, 2, 3 |
Author |
|
revolution 01 Jan 2010, 11:39
Or you could rewrite BeaEngine in assembly.
|
|||
01 Jan 2010, 11:39 |
|
ouadji 01 Jan 2010, 11:50
I would have liked to have the view of Mr Tomasz Grysztar about this problem. Please Mr Grysztar, what's your view about this ? thank you very much. |
|||
01 Jan 2010, 11:50 |
|
LocoDelAssembly 01 Jan 2010, 16:06
Quote:
However, you can use any just like with MASM, it is just fasm package that doesn't provide one. Thanks beatrix for doing the job, I was about to do the same today since I've just downloaded the WDK (to have ntoskrnl.lib, though a I haven't checked first if PellesC already comes with it...), but now I won't have to. BTW, if someone else wants to try that thing I've prepared for revolution you're of course welcome to try. |
|||
01 Jan 2010, 16:06 |
|
revolution 01 Jan 2010, 20:09
LocoDelAssembly wrote: revolution, I've prepared a test in case you want to do extra checks. This is what I get with dbgview: I can't test it here, I don't have a VM or kernel debugger installed. However a couple of things I noticed from the .asm file: 1) The IAT is in a separate section from the main imports. 2) The INIT section is marked as executable. I've always put the IAT in the same section as the imports and only marked sections with code as executable. Perhaps it makes no difference but it looks weird. |
|||
01 Jan 2010, 20:09 |
|
ouadji 01 Jan 2010, 20:12
LocoDelAssembly : no linker ? yes, in this case, the linker is of course very weak I tried with "Format MS COFF" and the linker of "PellesC", it works without problem ! I'm happy. (thank you Béa and LocoDA) |
|||
01 Jan 2010, 20:12 |
|
LocoDelAssembly 01 Jan 2010, 20:31
Quote: 1) The IAT is in a separate section from the main imports. Quote: I can't test it here, I don't have a VM or kernel debugger installed. |
|||
01 Jan 2010, 20:31 |
|
ouadji 01 Jan 2010, 20:46
I read your conversation
but ... What is "data 12" ??? ... LocoDelAssembly or Revolution, could you explain me a little, or give me a link about it. thank very much |
|||
01 Jan 2010, 20:46 |
|
f0dder 01 Jan 2010, 20:59
Iirc drivers are only allowed to import from a list of predefined DLLs - so rewriting BeaEngine.dll for "format PE native" and not importing from usermode DLLs probably won't help you at all.
The "refuse to load after DLL error" thing sounds a bit strange - tried deleting the driver reference from the SCM? Do you have unclosed handle opens? etc. |
|||
01 Jan 2010, 20:59 |
|
revolution 01 Jan 2010, 21:00
'data 12' is part of the PE header section. There are generally 16 data sections defined and number 12 is the 'ImportAddressTable' or IAT.
ExportTable is data 0 ImportTable is data 1 Resource_Table is data 2 Exception_Table is data 3 Certificate_Table is data 4 Relocation_Table is data 5 Debug_Data is data 6 Architecture is data 7 Global_PTR is data 8 TLS_Table is data 9 Load_Config_Table is data 10 BoundImportTable is data 11 ImportAddressTable is data 12 DelayImportDescriptor is data 13 COMplusRuntimeHeader is data 14 |
|||
01 Jan 2010, 21:00 |
|
LocoDelAssembly 01 Jan 2010, 21:18
Quote:
Quote:
|
|||
01 Jan 2010, 21:18 |
|
ouadji 01 Jan 2010, 21:24
Revolution : 'data 12' is part of the PE header section ImportAddressTable is data 12 ok, it's enough so that I can now search by myself. thank you |
|||
01 Jan 2010, 21:24 |
|
Goto page Previous 1, 2, 3 < Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.