flat assembler
Message board for the users of flat assembler.

Index > Windows > Using this api structure.... ????

Author
Thread Post new topic Reply to topic
shism2



Joined: 14 Sep 2005
Posts: 248
shism2 16 Sep 2005, 04:28
mov eax,"ExitProcess"
mov [blah],eax
invoke GetModuleHandle,0
mov [hInstance],eax
invoke MessageBox,0,flathello,0,0
invoke ExitProcess,0

;+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
align 4

flathello db "Flat hello",0

;+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
align 4

hInstance dd ?
blah dd ?
;=======================================================================
data import

library kernel32,'KERNEL32.DLL',\
user32, 'USER32.DLL'


import kernel32,\
ExitProcess,blah,\
GetModuleHandle,'GetModuleHandleA'
import user32,\
MessageBox,'MessageBoxA'

end data


How could I make that work?
Post 16 Sep 2005, 04:28
View user's profile Send private message Reply with quote
Vasilev Vjacheslav



Joined: 11 Aug 2004
Posts: 392
Vasilev Vjacheslav 16 Sep 2005, 05:35
Code:
format pe gui 4.0
entry start

include '%fasminc%\win32a.inc'

section '.idata' data readable writeable

  szFlatHello db "hello",0

section '.udata' readable writeable

  hInstance dd ?
  hBlah dd ?

section '.code' code readable executable

  start:
mov eax,[ExitProcess]
mov [hBlah],eax
invoke GetModuleHandle,NULL
mov [hInstance],eax
invoke MessageBox,NULL,szFlatHello,NULL,NULL
invoke ExitProcess,NULL

section '.idata' import data readable writeable

  library       kernel32,'kernel32.dll',\
                user32,'user32.dll'

  include       '%fasminc%\apia\kernel32.inc'
  include       '%fasminc%\apia\user32.inc'

; eof
    
Post 16 Sep 2005, 05:35
View user's profile Send private message Reply with quote
shism2



Joined: 14 Sep 2005
Posts: 248
shism2 16 Sep 2005, 06:03
format PE GUI 4.0
;format PE CONSOLE
;=======================================================================

;=======================================================================


entry start
include '%fasminc%\win32a.inc'


mov eax,[ExitProcess]
mov [hBlah],eax
invoke GetModuleHandle,NULL
mov [hInstance],eax
invoke MessageBox,NULL,flathello,NULL,NULL
invoke ExitProcess,NULL

;+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
align 4

flathello db "Flat hello",0

;+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
align 4

hInstance dd ?
hBlah dd ?
;=======================================================================
data import

library kernel32,'KERNEL32.DLL',\
user32, 'USER32.DLL'


import kernel32,\
ExitProcess,hBlah,\
GetModuleHandle,'GetModuleHandleA'
import user32,\
MessageBox,'MessageBoxA'

end data




This is what I have so far... Im trying to use the object hBlah in the imports.. How could I do that?
Post 16 Sep 2005, 06:03
View user's profile Send private message Reply with quote
shoorick



Joined: 25 Feb 2005
Posts: 1614
Location: Ukraine
shoorick 16 Sep 2005, 08:01
hi!
Quote:

import kernel32,\
ExitProcess,'ExitProcess',\

ExitProcess will be used as label to dword, which will be filled with offset of function 'ExitProcess' in kernel32.dll with loader while loading.

so, what do you wish? to get this offset while runtime is possible with:
mov eax,[ExitProcess]
then you can "invoke" it with
push 0
call eax
for example
Post 16 Sep 2005, 08:01
View user's profile Send private message Visit poster's website Reply with quote
shism2



Joined: 14 Sep 2005
Posts: 248
shism2 16 Sep 2005, 18:52
No I wish this part

To Load hBlah into
import kernel32,\
ExitProcess,'LOAD HBLAH INTO HERE',\

Is it possible to do this at runtime..
Post 16 Sep 2005, 18:52
View user's profile Send private message Reply with quote
coconut



Joined: 02 Apr 2004
Posts: 326
Location: US
coconut 16 Sep 2005, 19:00
dont think that will work if at assembly time hBlah isnt known - what will get written to IAT? what exactly do you want to do?
Post 16 Sep 2005, 19:00
View user's profile Send private message Reply with quote
shoorick



Joined: 25 Feb 2005
Posts: 1614
Location: Ukraine
shoorick 16 Sep 2005, 20:26
maybe you want to do this:
Code:
;=======================================================================
include '%fasminc%\win32a.inc'                                         
;=======================================================================
section '.flat' code readable writeable executable

entry $

    mov  eax,[ExitProcess]
    xchg eax,[MessageBox]
    mov  [ExitProcess],eax
    invoke ExitProcess,0,flathello,0,0
    invoke MessageBox,0

;+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    align 4

flathello   db "Flat hello",0

;=======================================================================
section '.idata' import data readable writeable

  library kernel32,'KERNEL32.DLL',\
          user32,  'USER32.DLL'

include     '%fasminc%\apia\kernel32.inc'
include     '%fasminc%\apia\user32.inc'
;=======================================================================    

- this is working Wink

_________________
UNICODE forever!
Post 16 Sep 2005, 20:26
View user's profile Send private message Visit poster's website Reply with quote
shism2



Joined: 14 Sep 2005
Posts: 248
shism2 16 Sep 2005, 20:38
Thats unique shoorick and sort of like that Smile...

The hblah = exitprocess .... I was thinking of implementing sort of a crypted import table that gets decrypted ...But it seems that it can't use this Sad


Like lets say using this

mov eax,[ExitProcess]
mov [hBlah],eax
invoke GetModuleHandle,NULL
mov [hInstance],eax
invoke MessageBox,NULL,flathello,NULL,NULL
invoke ExitProcess,NULL

;+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
align 4

flathello db "Flat hello",0

;+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
align 4

hInstance dd ?
hBlah dd ?
;=======================================================================
data import

library kernel32,'KERNEL32.DLL',\
user32, 'USER32.DLL'


import kernel32,\
ExitProcess,hBlah,\
GetModuleHandle,'GetModuleHandleA'
import user32,\
MessageBox,'MessageBoxA'

end data


At runtime hblah which is encrypted gets decrypted and allows for the api calls to work...This is just an example TRYING to load 'ExitProcess' into hblah and having hblah in the import table be replaced with ExitProcess
Post 16 Sep 2005, 20:38
View user's profile Send private message Reply with quote
Reverend



Joined: 24 Aug 2004
Posts: 408
Location: Poland
Reverend 16 Sep 2005, 21:40
Imports don't work this way. They are pre-loaded before starting the main code
Post 16 Sep 2005, 21:40
View user's profile Send private message Visit poster's website Reply with quote
shoorick



Joined: 25 Feb 2005
Posts: 1614
Location: Ukraine
shoorick 16 Sep 2005, 22:12
maybe you do not understand conception of import enough well:
1.import table exists exactly for normal placing offsets according to dll and function names by loader while loading. if you do not wish to show which functions you are using - hide their names anywhere you want and at runtime decode them and use loadlibrary: all hackers do this.
2.you can of course get once real offsets for functions, encrypt them, and then decrypt at runtime, but offsets can (will!) be differ on other system depending on version/sp/etc - so, this is commonly unusable.
3.if you do not plan to use import table so you do not need to create it at all - you can store offsets to functions wherever you want.
Code:
;=======================================================================
 format PE GUI 4.0
;format PE CONSOLE
;=======================================================================
 include '%fasminc%\win32a.inc'                                         
;=======================================================================
 section '.flat' code import readable writeable executable
;-----------------------------------------------------------------------
  library kernel32,'KERNEL32.DLL'
;-----------------------------------------------------------------------
  import  kernel32,\
    ExitProcess,'ExitProcess',\
    LoadLibrary,'LoadLibraryA',\
    GetProcAddress,'GetProcAddress'
;-----------------------------------------------------------------------
 align 4
messagebox  db 'MessageBoxA',0
 align 4
MessageBox  dd  0EBFEEBFEh
user32      db 'user32.dll',0
;-----------------------------------------------------------------------
@@: entry $
    invoke LoadLibrary,user32
    invoke GetProcAddress,eax,messagebox
    mov [MessageBox],eax
;-----------------------------------------------------------------------
    invoke MessageBox,0,messagebox,user32,0
;-----------------------------------------------------------------------
    invoke ExitProcess,0
;=======================================================================    

_________________
UNICODE forever!
Post 16 Sep 2005, 22:12
View user's profile Send private message Visit poster's website Reply with quote
shoorick



Joined: 25 Feb 2005
Posts: 1614
Location: Ukraine
shoorick 16 Sep 2005, 22:27
this even more cool Wink :
Code:
;-----------------------------------------------------------------------
 align 4
messagebox  db 'MessageBoxA',0
user32      db 'user32.dll',0
;-----------------------------------------------------------------------
 entry $
MessageBox  dd  0C18B02EBh
    invoke LoadLibrary,user32
    invoke GetProcAddress,eax,messagebox
    mov [MessageBox],eax
;-----------------------------------------------------------------------
    invoke MessageBox,0,messagebox,user32,0
;-----------------------------------------------------------------------
    
Post 16 Sep 2005, 22:27
View user's profile Send private message Visit poster's website Reply with quote
coconut



Joined: 02 Apr 2004
Posts: 326
Location: US
coconut 16 Sep 2005, 23:41
no need to define .flat section, fasm does it for you (and sets entry) if no section defined
Post 16 Sep 2005, 23:41
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.