flat assembler
Message board for the users of flat assembler.
Index
> Windows > Using this api structure.... ???? |
Author |
|
Vasilev Vjacheslav 16 Sep 2005, 05:35
Code: format pe gui 4.0 entry start include '%fasminc%\win32a.inc' section '.idata' data readable writeable szFlatHello db "hello",0 section '.udata' readable writeable hInstance dd ? hBlah dd ? section '.code' code readable executable start: mov eax,[ExitProcess] mov [hBlah],eax invoke GetModuleHandle,NULL mov [hInstance],eax invoke MessageBox,NULL,szFlatHello,NULL,NULL invoke ExitProcess,NULL section '.idata' import data readable writeable library kernel32,'kernel32.dll',\ user32,'user32.dll' include '%fasminc%\apia\kernel32.inc' include '%fasminc%\apia\user32.inc' ; eof |
|||
16 Sep 2005, 05:35 |
|
shism2 16 Sep 2005, 06:03
format PE GUI 4.0
;format PE CONSOLE ;======================================================================= ;======================================================================= entry start include '%fasminc%\win32a.inc' mov eax,[ExitProcess] mov [hBlah],eax invoke GetModuleHandle,NULL mov [hInstance],eax invoke MessageBox,NULL,flathello,NULL,NULL invoke ExitProcess,NULL ;+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ align 4 flathello db "Flat hello",0 ;+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ align 4 hInstance dd ? hBlah dd ? ;======================================================================= data import library kernel32,'KERNEL32.DLL',\ user32, 'USER32.DLL' import kernel32,\ ExitProcess,hBlah,\ GetModuleHandle,'GetModuleHandleA' import user32,\ MessageBox,'MessageBoxA' end data This is what I have so far... Im trying to use the object hBlah in the imports.. How could I do that? |
|||
16 Sep 2005, 06:03 |
|
shoorick 16 Sep 2005, 08:01
hi!
Quote:
ExitProcess will be used as label to dword, which will be filled with offset of function 'ExitProcess' in kernel32.dll with loader while loading. so, what do you wish? to get this offset while runtime is possible with: mov eax,[ExitProcess] then you can "invoke" it with push 0 call eax for example |
|||
16 Sep 2005, 08:01 |
|
shism2 16 Sep 2005, 18:52
No I wish this part
To Load hBlah into import kernel32,\ ExitProcess,'LOAD HBLAH INTO HERE',\ Is it possible to do this at runtime.. |
|||
16 Sep 2005, 18:52 |
|
coconut 16 Sep 2005, 19:00
dont think that will work if at assembly time hBlah isnt known - what will get written to IAT? what exactly do you want to do?
|
|||
16 Sep 2005, 19:00 |
|
shoorick 16 Sep 2005, 20:26
maybe you want to do this:
Code: ;======================================================================= include '%fasminc%\win32a.inc' ;======================================================================= section '.flat' code readable writeable executable entry $ mov eax,[ExitProcess] xchg eax,[MessageBox] mov [ExitProcess],eax invoke ExitProcess,0,flathello,0,0 invoke MessageBox,0 ;+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ align 4 flathello db "Flat hello",0 ;======================================================================= section '.idata' import data readable writeable library kernel32,'KERNEL32.DLL',\ user32, 'USER32.DLL' include '%fasminc%\apia\kernel32.inc' include '%fasminc%\apia\user32.inc' ;======================================================================= - this is working _________________ UNICODE forever! |
|||
16 Sep 2005, 20:26 |
|
shism2 16 Sep 2005, 20:38
Thats unique shoorick and sort of like that ...
The hblah = exitprocess .... I was thinking of implementing sort of a crypted import table that gets decrypted ...But it seems that it can't use this Like lets say using this mov eax,[ExitProcess] mov [hBlah],eax invoke GetModuleHandle,NULL mov [hInstance],eax invoke MessageBox,NULL,flathello,NULL,NULL invoke ExitProcess,NULL ;+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ align 4 flathello db "Flat hello",0 ;+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ align 4 hInstance dd ? hBlah dd ? ;======================================================================= data import library kernel32,'KERNEL32.DLL',\ user32, 'USER32.DLL' import kernel32,\ ExitProcess,hBlah,\ GetModuleHandle,'GetModuleHandleA' import user32,\ MessageBox,'MessageBoxA' end data At runtime hblah which is encrypted gets decrypted and allows for the api calls to work...This is just an example TRYING to load 'ExitProcess' into hblah and having hblah in the import table be replaced with ExitProcess |
|||
16 Sep 2005, 20:38 |
|
Reverend 16 Sep 2005, 21:40
Imports don't work this way. They are pre-loaded before starting the main code
|
|||
16 Sep 2005, 21:40 |
|
shoorick 16 Sep 2005, 22:12
maybe you do not understand conception of import enough well:
1.import table exists exactly for normal placing offsets according to dll and function names by loader while loading. if you do not wish to show which functions you are using - hide their names anywhere you want and at runtime decode them and use loadlibrary: all hackers do this. 2.you can of course get once real offsets for functions, encrypt them, and then decrypt at runtime, but offsets can (will!) be differ on other system depending on version/sp/etc - so, this is commonly unusable. 3.if you do not plan to use import table so you do not need to create it at all - you can store offsets to functions wherever you want. Code: ;======================================================================= format PE GUI 4.0 ;format PE CONSOLE ;======================================================================= include '%fasminc%\win32a.inc' ;======================================================================= section '.flat' code import readable writeable executable ;----------------------------------------------------------------------- library kernel32,'KERNEL32.DLL' ;----------------------------------------------------------------------- import kernel32,\ ExitProcess,'ExitProcess',\ LoadLibrary,'LoadLibraryA',\ GetProcAddress,'GetProcAddress' ;----------------------------------------------------------------------- align 4 messagebox db 'MessageBoxA',0 align 4 MessageBox dd 0EBFEEBFEh user32 db 'user32.dll',0 ;----------------------------------------------------------------------- @@: entry $ invoke LoadLibrary,user32 invoke GetProcAddress,eax,messagebox mov [MessageBox],eax ;----------------------------------------------------------------------- invoke MessageBox,0,messagebox,user32,0 ;----------------------------------------------------------------------- invoke ExitProcess,0 ;======================================================================= _________________ UNICODE forever! |
|||
16 Sep 2005, 22:12 |
|
shoorick 16 Sep 2005, 22:27
this even more cool :
Code: ;----------------------------------------------------------------------- align 4 messagebox db 'MessageBoxA',0 user32 db 'user32.dll',0 ;----------------------------------------------------------------------- entry $ MessageBox dd 0C18B02EBh invoke LoadLibrary,user32 invoke GetProcAddress,eax,messagebox mov [MessageBox],eax ;----------------------------------------------------------------------- invoke MessageBox,0,messagebox,user32,0 ;----------------------------------------------------------------------- |
|||
16 Sep 2005, 22:27 |
|
coconut 16 Sep 2005, 23:41
no need to define .flat section, fasm does it for you (and sets entry) if no section defined
|
|||
16 Sep 2005, 23:41 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.