flat assembler
Message board for the users of flat assembler.

Index > Windows > PE Native ... extrn ???

Goto page 1, 2, 3  Next
Author
Thread Post new topic Reply to topic
ouadji



Joined: 24 Dec 2008
Posts: 1081
Location: Belgium
ouadji
hi all Smile

I would call a function in a "dll", but I can not use the directive "EXTRN" ...
It's a driver ... format PE native 4.0 !

how do I do ? Confused

Thank you very much for your help


EDIT by DOS386 : moved from Main to Windows
Post 27 Dec 2009, 21:37
View user's profile Send private message Send e-mail Reply with quote
Fanael



Joined: 03 Jul 2009
Posts: 168
Fanael
Create import table.
Post 27 Dec 2009, 21:57
View user's profile Send private message Reply with quote
ouadji



Joined: 24 Dec 2008
Posts: 1081
Location: Belgium
ouadji
thank you for your reply Fanael
but I have never used "Import Table".
Can you help me a little more
Thank you.
Post 27 Dec 2009, 22:07
View user's profile Send private message Send e-mail Reply with quote
ouadji



Joined: 24 Dec 2008
Posts: 1081
Location: Belgium
ouadji
ok, I found the solution

Code:
format       PE native 4.0 at 10000h
entry        DriverEntry
section '.MyCode' code readable executable notpageable

proc DriverEntry pDriverObject, usRegistryPath
...
... ...
invoke Disasm, eax <-----
... ...
...
data import

library         ntoskrnl,'ntoskrnl.exe',\
                hal,'hal.dll'
             
library BeaEngine, 'c:\fasm\include\ddk\BeaEngine.dll'

include     'c:\fasm\include\ddk\ntoskrnl.inc'
include 'c:\fasm\include\ddk\hal.inc'

import BeaEngine, Disasm,'_Disasm@4' <--------------------- here

end data    


thank you very much for your help Smile


Last edited by ouadji on 29 Dec 2009, 00:46; edited 6 times in total
Post 27 Dec 2009, 22:23
View user's profile Send private message Send e-mail Reply with quote
ouadji



Joined: 24 Dec 2008
Posts: 1081
Location: Belgium
ouadji

this doesn't work ! I don't understand

Confused
Post 28 Dec 2009, 13:27
View user's profile Send private message Send e-mail Reply with quote
ouadji



Joined: 24 Dec 2008
Posts: 1081
Location: Belgium
ouadji
The compilation is ok, the driver starts correctly,
but when I call the function "disasm" (invoke Diasm ...)
I have not the correct address of this function.
The link with the "dll" has not been done.
I certainly made a mistake somewhere.
Someone has an idea? (sorry for my bad English)
thank you very much.
Post 29 Dec 2009, 00:38
View user's profile Send private message Send e-mail Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17279
Location: In your JS exploiting you and your system
revolution
ouadji, you have two "library" statements in your code. You must combine them into one.
Code:
library         ntoskrnl,'ntoskrnl.exe',\
                hal,'hal.dll',\
                BeaEngine, 'BeaEngine.dll'    
Post 29 Dec 2009, 00:42
View user's profile Send private message Visit poster's website Reply with quote
ouadji



Joined: 24 Dec 2008
Posts: 1081
Location: Belgium
ouadji
Code:
library      ntoskrnl, 'ntoskrnl.exe',\
               hal,        'hal.dll',\
                  BeaEngine, 'c:\fasm\include\ddk\BeaEngine.dll'

import  BeaEngine,      Disasm, '_Disasm@4'    


(thank you for your reply Revolution) Smile
Yes, I already tried that.
in this case, the compilation is also ok, but the driver don't start !!!
the function"StartService" returns an error code 0x7D1
(GetLastError - 0x7D1 - The specified driver is invalid)

I'll eat my keyboard Wink

go to bed, 02.10hrs here, i'll read you tomorrow.
Post 29 Dec 2009, 00:56
View user's profile Send private message Send e-mail Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17279
Location: In your JS exploiting you and your system
revolution
ouadji, try with removing the path (c:\fasm\include\ddk\) from your library statement. Use similar to what I posted above without the path.
Post 29 Dec 2009, 02:09
View user's profile Send private message Visit poster's website Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
ouadji, perhaps you actually want "format PE DLL native 4.0 at 10000h"?

Where "library" and "import" macros are coming from? Note that for drivers, you need "data 12" too.

Take a look at this: http://board.flatassembler.net/topic.php?t=3434
Post 29 Dec 2009, 02:23
View user's profile Send private message Reply with quote
ouadji



Joined: 24 Dec 2008
Posts: 1081
Location: Belgium
ouadji
Code:
without the path (from Revolution)
---------------------------------
library       ntoskrnl,       'ntoskrnl.exe',\
                 hal             'hal.dll',\
              BeaEngine,      'BeaEngine.dll'

(BeaEngine.dll in windows\system32, like ntoskrnl.exe and hall.dll)

with "ddl" directive (LocoDelAssembly)
-------------------------------------
format        PE dll native 4.0 at 10000h    


Result : no result, always the same error code 0x7D1

LocoDelAssembly:
------------------
a) Where "library" and "import" macros are coming from?
import : from fasm\include\macro\IMPORT32.INC
library : also ...\IMPORT32.INC

b) Note that for drivers, you need "data 12" too.

"data 12" ???? ... i don't understand.

http://board.flatassembler.net/topic.php?t=3434 <--- ?
thank you LocoDelAssembly, but i see nothing in this post can help me

Post 29 Dec 2009, 11:08
View user's profile Send private message Send e-mail Reply with quote
ouadji



Joined: 24 Dec 2008
Posts: 1081
Location: Belgium
ouadji

look at this LocoDelAssembly :
Here is an example of using this "dll" in a driver with MASM.


Code:
.686p
.model flat, stdcall
option casemap:none

include \masm32\include\w2k\ntstatus.inc
include \masm32\include\w2k\ntddk.inc
include \masm32\include\w2k\ntoskrnl.inc
includelib \masm32\lib\w2k\ntoskrnl.lib
include ..\..\HEADERS\BeaEngineMasm.inc

includelib ..\..\LIBRARY\BeaEngine.lib <--------------- ?

...
.....    


with the file "BeaEngine.dll" I have also a file "BeaEngine.lib.
Should we not link my driver with this file ".Lib" ?
How to link a file ".Lib" to a driver (PE native) with FASM ?

In the Macro "library" (Fasm - IMPORT32.INC),
I see nothing that creates the link between my driver and this "dll".
What do you think about it ?

Post 29 Dec 2009, 13:38
View user's profile Send private message Send e-mail Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17279
Location: In your JS exploiting you and your system
revolution
Check that BeaEngine.dll actually has the function '_Disasm@4' as an export name. Perhaps it could be named something else.
Post 29 Dec 2009, 14:19
View user's profile Send private message Visit poster's website Reply with quote
ouadji



Joined: 24 Dec 2008
Posts: 1081
Location: Belgium
ouadji

revolution :

I checked with IDA, the name is correct, and this function is exported.

But how to link a file ".Lib" with Fasm ... like in the example with Masm ?

I don't see how the content of the macro "library" could make this link.

Post 29 Dec 2009, 15:49
View user's profile Send private message Send e-mail Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17279
Location: In your JS exploiting you and your system
revolution
Maybe the fault is not with loading the BeaEngine.dll but is in some other part of the code.

What does 0x7D1 result code mean?
Post 29 Dec 2009, 16:19
View user's profile Send private message Visit poster's website Reply with quote
ouadji



Joined: 24 Dec 2008
Posts: 1081
Location: Belgium
ouadji
no. My driver has more than 2000 lines of code and works correctly, no problem before that.
When I delete "library BeaEngine ....", then there is no error.

2001 (0x7D1)
ERROR_BAD_DRIVER - The specified driver is invalid.
http://msdn.microsoft.com/en-us/library/ms681386(VS.85).aspx

what do you think of the example with masm?
In this example, masm needs to link with the file "BeaEngine.lib (.lib, not .dll)
How to link with a file ".Lib" and FASM ?
when I look the content of the macro "library", I don't see how this macro can make the link

(BeaEngine : http://beatrix2004.free.fr/BeaEngine/index1.php )

Post 29 Dec 2009, 16:51
View user's profile Send private message Send e-mail Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
ouadji, use the import macros provided by the link I posted, them are not the same to the regular executables, and in your code you don't have the IAT which is the "data 12" thing (check the includes of the attachment in last post of my link).
Post 29 Dec 2009, 17:54
View user's profile Send private message Reply with quote
ouadji



Joined: 24 Dec 2008
Posts: 1081
Location: Belgium
ouadji

Thank you for your reply LocoDelAssembly.
I tried with the import macros provided by your link,
but this does not work, same error code.
Please, look above, the example with the assembler MASM ...
MASM uses the file "BeaEngine.LIB" (not DLL) ,and has a macro to include a file "LIB". (includelib)
How to link a LIB file with FASM ?

Post 29 Dec 2009, 20:17
View user's profile Send private message Send e-mail Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Quote:

How to link a LIB file with FASM ?

You can't and it doesn't matter, you need LIB in MASM because that "assembler" is uncapable of generating executables images by itself, it needs to generate an OBJ and then you need a linker to get your SYS driver.

Could you upload some minimal (AND COMPILABLE) code so we can try to fix the problem?

Also note that the export is very likely to be called just "Disasm" and _Disasm@4 is just the mangled name used for linkers. I base my guess on this: int __stdcall Disasm(LPDISASM pDisAsm); (BeaEngine.h)
Post 29 Dec 2009, 21:01
View user's profile Send private message Reply with quote
ouadji



Joined: 24 Dec 2008
Posts: 1081
Location: Belgium
ouadji

yes, the name is "Disasm" ... call Disasm ... correct !
But for linkers the name is "_Disasm@4".


Code:
format MS COFF
extrn '_Disasm@4' as Disasm:dword <------ here
.....
puxh x
call Disasm
.....
(but I can not use the directive "EXTRN" I have a native PE format)
    


but if I change like this ...

Code:
format MS COFF
extrn '_Disasm@4' as TOTO:dword <------ here (TOTO)
.....
puxh x
call TOTO <------ in this case, "call TOTO"
.....
    


In fact, we can call this function as desired.
The most important is to respect the name for the linker.


Quote:

Could you upload some minimal (AND COMPILABLE) code ...


"some minimal" ... hihi ... from 2500 lines of code ... my god ! Wink
Yes, it is possible, but it takes time
I must start over and rebuild a minimum driver. Shocked
i will be back later ...

Post 29 Dec 2009, 23:22
View user's profile Send private message Send e-mail Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page 1, 2, 3  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.