flat assembler
Message board for the users of flat assembler.
Index
> Windows > PE Native ... extrn ??? Goto page 1, 2, 3 Next |
Author |
|
Fanael 27 Dec 2009, 21:57
Create import table.
|
|||
27 Dec 2009, 21:57 |
|
ouadji 27 Dec 2009, 22:07
thank you for your reply Fanael
but I have never used "Import Table". Can you help me a little more Thank you. |
|||
27 Dec 2009, 22:07 |
|
ouadji 27 Dec 2009, 22:23
ok, I found the solution
Code: format PE native 4.0 at 10000h entry DriverEntry section '.MyCode' code readable executable notpageable proc DriverEntry pDriverObject, usRegistryPath ... ... ... invoke Disasm, eax <----- ... ... ... data import library ntoskrnl,'ntoskrnl.exe',\ hal,'hal.dll' library BeaEngine, 'c:\fasm\include\ddk\BeaEngine.dll' include 'c:\fasm\include\ddk\ntoskrnl.inc' include 'c:\fasm\include\ddk\hal.inc' import BeaEngine, Disasm,'_Disasm@4' <--------------------- here end data thank you very much for your help Last edited by ouadji on 29 Dec 2009, 00:46; edited 6 times in total |
|||
27 Dec 2009, 22:23 |
|
ouadji 28 Dec 2009, 13:27
this doesn't work ! I don't understand |
|||
28 Dec 2009, 13:27 |
|
ouadji 29 Dec 2009, 00:38
The compilation is ok, the driver starts correctly,
but when I call the function "disasm" (invoke Diasm ...) I have not the correct address of this function. The link with the "dll" has not been done. I certainly made a mistake somewhere. Someone has an idea? (sorry for my bad English) thank you very much. |
|||
29 Dec 2009, 00:38 |
|
revolution 29 Dec 2009, 00:42
ouadji, you have two "library" statements in your code. You must combine them into one.
Code: library ntoskrnl,'ntoskrnl.exe',\ hal,'hal.dll',\ BeaEngine, 'BeaEngine.dll' |
|||
29 Dec 2009, 00:42 |
|
ouadji 29 Dec 2009, 00:56
Code: library ntoskrnl, 'ntoskrnl.exe',\ hal, 'hal.dll',\ BeaEngine, 'c:\fasm\include\ddk\BeaEngine.dll' import BeaEngine, Disasm, '_Disasm@4' (thank you for your reply Revolution) Yes, I already tried that. in this case, the compilation is also ok, but the driver don't start !!! the function"StartService" returns an error code 0x7D1 (GetLastError - 0x7D1 - The specified driver is invalid) I'll eat my keyboard go to bed, 02.10hrs here, i'll read you tomorrow. |
|||
29 Dec 2009, 00:56 |
|
revolution 29 Dec 2009, 02:09
ouadji, try with removing the path (c:\fasm\include\ddk\) from your library statement. Use similar to what I posted above without the path.
|
|||
29 Dec 2009, 02:09 |
|
LocoDelAssembly 29 Dec 2009, 02:23
ouadji, perhaps you actually want "format PE DLL native 4.0 at 10000h"?
Where "library" and "import" macros are coming from? Note that for drivers, you need "data 12" too. Take a look at this: http://board.flatassembler.net/topic.php?t=3434 |
|||
29 Dec 2009, 02:23 |
|
ouadji 29 Dec 2009, 11:08
Code: without the path (from Revolution) --------------------------------- library ntoskrnl, 'ntoskrnl.exe',\ hal 'hal.dll',\ BeaEngine, 'BeaEngine.dll' (BeaEngine.dll in windows\system32, like ntoskrnl.exe and hall.dll) with "ddl" directive (LocoDelAssembly) ------------------------------------- format PE dll native 4.0 at 10000h Result : no result, always the same error code 0x7D1 LocoDelAssembly: ------------------ a) Where "library" and "import" macros are coming from? import : from fasm\include\macro\IMPORT32.INC library : also ...\IMPORT32.INC b) Note that for drivers, you need "data 12" too. "data 12" ???? ... i don't understand. http://board.flatassembler.net/topic.php?t=3434 <--- ? thank you LocoDelAssembly, but i see nothing in this post can help me |
|||
29 Dec 2009, 11:08 |
|
ouadji 29 Dec 2009, 13:38
look at this LocoDelAssembly : Here is an example of using this "dll" in a driver with MASM. Code: .686p .model flat, stdcall option casemap:none include \masm32\include\w2k\ntstatus.inc include \masm32\include\w2k\ntddk.inc include \masm32\include\w2k\ntoskrnl.inc includelib \masm32\lib\w2k\ntoskrnl.lib include ..\..\HEADERS\BeaEngineMasm.inc includelib ..\..\LIBRARY\BeaEngine.lib <--------------- ? ... ..... with the file "BeaEngine.dll" I have also a file "BeaEngine.lib. Should we not link my driver with this file ".Lib" ? How to link a file ".Lib" to a driver (PE native) with FASM ? In the Macro "library" (Fasm - IMPORT32.INC), I see nothing that creates the link between my driver and this "dll". What do you think about it ? |
|||
29 Dec 2009, 13:38 |
|
revolution 29 Dec 2009, 14:19
Check that BeaEngine.dll actually has the function '_Disasm@4' as an export name. Perhaps it could be named something else.
|
|||
29 Dec 2009, 14:19 |
|
ouadji 29 Dec 2009, 15:49
revolution : I checked with IDA, the name is correct, and this function is exported. But how to link a file ".Lib" with Fasm ... like in the example with Masm ? I don't see how the content of the macro "library" could make this link. |
|||
29 Dec 2009, 15:49 |
|
revolution 29 Dec 2009, 16:19
Maybe the fault is not with loading the BeaEngine.dll but is in some other part of the code.
What does 0x7D1 result code mean? |
|||
29 Dec 2009, 16:19 |
|
ouadji 29 Dec 2009, 16:51
no. My driver has more than 2000 lines of code and works correctly, no problem before that.
When I delete "library BeaEngine ....", then there is no error. 2001 (0x7D1) ERROR_BAD_DRIVER - The specified driver is invalid. http://msdn.microsoft.com/en-us/library/ms681386(VS.85).aspx what do you think of the example with masm? In this example, masm needs to link with the file "BeaEngine.lib (.lib, not .dll) How to link with a file ".Lib" and FASM ? when I look the content of the macro "library", I don't see how this macro can make the link (BeaEngine : http://beatrix2004.free.fr/BeaEngine/index1.php ) |
|||
29 Dec 2009, 16:51 |
|
LocoDelAssembly 29 Dec 2009, 17:54
ouadji, use the import macros provided by the link I posted, them are not the same to the regular executables, and in your code you don't have the IAT which is the "data 12" thing (check the includes of the attachment in last post of my link).
|
|||
29 Dec 2009, 17:54 |
|
ouadji 29 Dec 2009, 20:17
Thank you for your reply LocoDelAssembly. I tried with the import macros provided by your link, but this does not work, same error code. Please, look above, the example with the assembler MASM ... MASM uses the file "BeaEngine.LIB" (not DLL) ,and has a macro to include a file "LIB". (includelib) How to link a LIB file with FASM ? |
|||
29 Dec 2009, 20:17 |
|
LocoDelAssembly 29 Dec 2009, 21:01
Quote:
You can't and it doesn't matter, you need LIB in MASM because that "assembler" is uncapable of generating executables images by itself, it needs to generate an OBJ and then you need a linker to get your SYS driver. Could you upload some minimal (AND COMPILABLE) code so we can try to fix the problem? Also note that the export is very likely to be called just "Disasm" and _Disasm@4 is just the mangled name used for linkers. I base my guess on this: int __stdcall Disasm(LPDISASM pDisAsm); (BeaEngine.h) |
|||
29 Dec 2009, 21:01 |
|
ouadji 29 Dec 2009, 23:22
yes, the name is "Disasm" ... call Disasm ... correct ! But for linkers the name is "_Disasm@4". Code: format MS COFF extrn '_Disasm@4' as Disasm:dword <------ here ..... puxh x call Disasm ..... (but I can not use the directive "EXTRN" I have a native PE format) but if I change like this ... Code: format MS COFF extrn '_Disasm@4' as TOTO:dword <------ here (TOTO) ..... puxh x call TOTO <------ in this case, "call TOTO" ..... In fact, we can call this function as desired. The most important is to respect the name for the linker. Quote:
"some minimal" ... hihi ... from 2500 lines of code ... my god ! Yes, it is possible, but it takes time I must start over and rebuild a minimum driver. i will be back later ... |
|||
29 Dec 2009, 23:22 |
|
Goto page 1, 2, 3 Next < Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.