flat assembler
Message board for the users of flat assembler.

Index > Main > Anyone have ntdll include file ?

Author
Thread Post new topic Reply to topic
shism2



Joined: 14 Sep 2005
Posts: 248
shism2
Anyone have ntdll.dll include file ???? Anyone ???
Post 21 Aug 2007, 00:11
View user's profile Send private message Reply with quote
madmatt



Joined: 07 Oct 2003
Posts: 1045
Location: Michigan, USA
madmatt
Is this what your looking for?


Description: ntdll api
Download
Filename: NTDLL.INC
Filesize: 66.28 KB
Downloaded: 206 Time(s)

Post 21 Aug 2007, 07:51
View user's profile Send private message Reply with quote
asmfan



Joined: 11 Aug 2006
Posts: 392
Location: Russian
asmfan
BTW do we have a tool to make such import include files directly from PE executables (dlls & exes...)?
Post 21 Aug 2007, 14:46
View user's profile Send private message Reply with quote
Yardman



Joined: 12 Apr 2005
Posts: 245
Location: US
Yardman
[ Post removed by author. ]


Last edited by Yardman on 04 Apr 2012, 02:49; edited 1 time in total
Post 21 Aug 2007, 21:24
View user's profile Send private message Reply with quote
shism2



Joined: 14 Sep 2005
Posts: 248
shism2
I get an error when using the ntdll.dll

I tried using this

Code:
invoke NtQuerySystemInformation, 5, [pBuffer], 20000h, 0
    


Code:
section '.idata' import data readable writeable

  
  library    kernel32,'KERNEL32.DLL',\   
          user32,  'USER32.DLL',\
          comdlg32,'COMDLG32.DLL',\
          shlwapi, 'SHLWAPI.DLL',\
          ole32,   'OLE32.DLL',\
          gdi32,   'GDI32.DLL',\
          comctl32, 'comctl32.dll',\
          shell32, 'SHELL32.DLL',\
          ntdll1,'ntdll.dll'

include     '%fasminc%\api\kernel32.inc'
include     '%fasminc%\api\gdi32.inc'
include     '%fasminc%\api\comctl32.inc'
include     '%fasminc%\api\user32.inc'
include     '%fasminc%\api\comdlg32.inc'
include     '%fasminc%\api\shell32.inc'
include     '%fasminc%\api\ntdll.inc'
    




For some reason it gives me this error
Code:
flat assembler  version 1.67.21  (503271 kilobytes memory)
C:\Documents and Settings\Owner\Desktop\crap\fasmexp\Anti-Debug Research\Debugger Checks\Process Based\ParentIdV2\pidv2.asm [41]:
       invoke NtQuerySystemInformation, 5, [pBuffer], 20000h, 0
C:\WinAsm\Assemblers\fasm\INCLUDE\win32ax.inc [42] invoke [1]:
     \common call [proc] \}
error: undefined symbol.
    
Post 21 Aug 2007, 23:50
View user's profile Send private message Reply with quote
Ehtyar



Joined: 26 Sep 2006
Posts: 51
Ehtyar
You must either change the label you assigned to the ntdll.dll library delcaration thus:
Code:
ntdll1,'ntdll.dll' ->> ntdll,'ntdll.dll'
    

or change the ntdll symbol in the include to match your library declaration thus(line 1 of ntdll.inc):
Code:
import ntdll,\ ->> import ntdll1,\
    

In future be sure not to randomly alter symbols unless you're sure of the repercussions.

Ehtyar.
Post 24 Aug 2007, 23:59
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.