flat assembler
Message board for the users of flat assembler.

Index > Main > GetProcAddress and Loadlibrary

Author
Thread Post new topic Reply to topic
khanh1984



Joined: 13 Jul 2009
Posts: 17
khanh1984 15 Jul 2009, 06:55
Hi everybody,

Today I'm trying to code a very simple application that simply demonstrated how to use keyboard hook and started to use LoadLibrary and GetProcAddress API function. However, when I make a call to GetProcAddress, the 1st function was retrieved sucessfully but not the second. After examing the symbol name in the dll file, I'v found them to be still correct. So where the thing goes wrong ?
I include here the source code of both DLL file and main application. You can compile it right away and see it yourself.

DLL CODE
Code:
format PE GUI 4.0 DLL
entry DllMain

include "win32a.inc"
include "\macro\if.inc"



section '.data' data readable writeable shareable
     msg1 db "Ko bam phim xuong",0
     msg2 db "Call nexthook",0
 hook dw 0

section '.code' code readable executable
proc DllMain hinstDLL,fdwReason,lpvReserved
  mov eax,TRUE
        ret
endp


proc KBHookSetup DLL_module

      mov eax,[DLL_module]
        invoke SetWindowsHookEx,WH_KEYBOARD,KBHookFilter,dword [eax],0
      mov dword [hook],eax
ret
endp

proc KBHookFilter keycode,wParam,lParam
     mov ebx,[lParam]
    shr ebx,31
  mov eax,[keycode]
      .if eax = HC_ACTION
         .if ebx = 0
                 .if [wParam]=30h
                            invoke MessageBox,NULL,msg1,NULL,MB_OK
                      .endif
              .endif  
    .else
               invoke MessageBox,NULL,msg2,MB_OK
           mov eax,[keycode]
              mov ebx,[wParam]
            mov ecx,[lParam]
    
            invoke CallNextHookEx,dword [hook],eax,ebx,ecx
              ret
 .endif
xor eax,eax   
ret
endp



section '.edata' export data readable 
  export 'HOOKDLL.DLL',\
  KBHookSetup,'KBHookSetup',\
  KBHookFilter,'KBHook'
     

section ".idata" import data readable writeable
   library kernel32,'kernel32.dll',\
                user32,'user32.dll'
       import user32,\
             MessageBox,'MessageBoxA',\
               SetWindowsHookEx,'SetWindowsHookExA',\
           CallNextHookEx, 'CallNextHookEx'

section '.reloc' fixups data discardable
    


Main Application code
Code:
include 'win32ax.inc'
include 'rc.inc'

.data

msg MSG
nResult dw 0
hModule dw 0
hook dw 0 
Dll_module dw 0
_dll_hook_setup dw 0
_dll_hook_filter dw 0
error db 1,2,3,4
    db      "can't load the module",0
 kbh db "KBHookSetup",0
 kbf db "KBHookFilter",0        
 .code       
start:
  
    invoke  GetModuleHandle,NULL
        mov dword [hModule],eax
     invoke  DialogBoxParam,eax,IDD_DLG1001,NULL,DLG_Function,NULL
       .if eax = 0
         mov dword [nResult],eax
             invoke MessageBox,NULL,"Hi! I'm the example program!","Win32 Assembly",MB_OK
   .endif
      
    invoke UnhookWindowsHook,[hook]
     invoke  ExitProcess,0

proc DLG_Function,hwnd,uMsg,wParam,lParam

mov eax,[uMsg]
cmp eax ,WM_DESTROY
jz .wm_destroy
cmp eax,WM_COMMAND
jz .wm_command
cmp eax,WM_CLOSE
jz .wm_close
cmp eax,WM_INITDIALOG
jz .wm_initdialog
jmp .default

.wm_initdialog:
      invoke LoadLibrary,"C:\HOOKDLL.DLL"
      mov dword [Dll_module],eax
  .if eax =  0
                        invoke MessageBox,NULL,"the specified modulesss could not be found",NULL,MB_OK
                    invoke ExitProcess,0
        .endif
      mov ecx,dword [Dll_module]
  invoke GetProcAddress,ecx,"KBHookSetup"
   mov dword [_dll_hook_setup],eax
     .if eax=0
           invoke MessageBox,NULL,"Can't get the function address setup",NULL,MB_OK
         invoke FreeLibrary,[Dll_module]
             invoke ExitProcess,NULL
     .endif
      mov ecx,dword [Dll_module]
  invoke GetProcAddress,ecx,"KBHook"
        mov dword [_dll_hook_filter],eax
    .if eax = 0
         invoke MessageBox,NULL,"Can't get the function address filter",NULL,MB_OK
                invoke FreeLibrary,[Dll_module]
             invoke ExitProcess,NULL
     .endif
      
    invoke _dll_hook_setup,Dll_module

       mov dword [hook],eax
        jmp .exit
.wm_destroy:
   invoke PostQuitMessage,,NULL
        jmp .exit
.wm_command:
   mov eax, [wParam]
   .if ax = IDC_BUTTON_EXIT
            shr eax,16
          .if ax=BN_CLICKED                     ;click exit buttion
                   mov eax,[hwnd]
                      invoke DestroyWindow,[hwnd]
                 invoke FreeLibrary,[Dll_module]
             .endif
      .endif
      jmp .exit
.wm_close:
     mov eax,[hwnd]
      invoke EndDialog,eax,nResult
        jmp .exit
.default:
      mov eax,FALSE
       ret
.exit:
       mov eax,TRUE

ret
endp



.end start

section '.rsrc' data readable resource from 'rc.res'
    
Post 15 Jul 2009, 06:55
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20343
Location: In your JS exploiting you and your system
revolution 15 Jul 2009, 07:41
You have defined all of your global variable as words.
Code:
nResult dw 0
hModule dw 0
hook dw 0
Dll_module dw 0
_dll_hook_setup dw 0
_dll_hook_filter dw 0     
You should define them as dwords.
Code:
nResult dd 0
hModule dd 0
hook dd 0
Dll_module dd 0
_dll_hook_setup dd 0
_dll_hook_filter dd 0     
Then you won't need the 'dword' overrides in the code.
Post 15 Jul 2009, 07:41
View user's profile Send private message Visit poster's website Reply with quote
khanh1984



Joined: 13 Jul 2009
Posts: 17
khanh1984 15 Jul 2009, 08:50
How idiot I'm. After changing into double word, the program runs as expected. I'always forget that dw stands for "define word" not "double word" ???
Post 15 Jul 2009, 08:50
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 15 Jul 2009, 10:34
Btw, when WinAPI function returns error, you can use GetLastError and FormatMessage to get text error message, that can be displayed. It wouldn't help with this particular bug, but you should think of doing it to catch other bugs in future more easily.
Post 15 Jul 2009, 10:34
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.