flat assembler
Message board for the users of flat assembler.

Index > Macroinstructions > append to struc?

Author
Thread Post new topic Reply to topic
mindcooler



Joined: 01 Dec 2009
Posts: 423
Location: Västerås, Sweden
mindcooler
Is it possible to append stuff to a struct?

I would like to build a couple of dependent memory blocks like this:

Code:
append name1,data11,data12
append name2,data21,data22
..
    

to produce someting like:

Code:
names:
name1, name2

data:
data11,data12
data21,data22
    


Am I making any sense? Smile I'm trying to figure out how to build import tables.

_________________
This is a block of text that can be added to posts you make.
Post 18 Jun 2010, 17:59
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr
mindcooler,

Something like this?
Code:
list equ

macro append lib, [funcs] {
common
  match _list, list \{
    restore list
    list equ _list, lib, <funcs>
  \}
  match , list \{
    restore list
    list equ lib, <funcs>
  \}
}

macro process_list [lib, funcs] {
  dd lib#.ilt, 0, 0, lib#.name, lib#.iat
common
  dd 5 dup 0
forward
  lib#.ilt: irp func, funcs \{ dd func\#.name \}
  dd 0
forward
  lib#.iat: irp func, funcs \{ func dd func\#.name \}
  dd 0
forward
  lib#.name db `lib, 0
forward
  irp func, funcs \{
    align 2
    func\#.name dw 0
    db \`func, 0
  \}
}

append kernel32, LoadLibraryA, GetProcAddress, ExitProcess
append user32, MessageBoxA

match _list, list { process_list _list }
db "Addresses:"
align 4
dd LoadLibraryA, GetProcAddress, ExitProcess, MessageBoxA    
Post 19 Jun 2010, 01:02
View user's profile Send private message Reply with quote
mindcooler



Joined: 01 Dec 2009
Posts: 423
Location: Västerås, Sweden
mindcooler
baldr wrote:
macro append lib, [funcs] {
common
match _list, list \{
restore list
list equ _list, lib, <funcs>
\}
match , list \{
restore list
list equ lib, <funcs>
\}
}


Does this just concatenate the arguments to one long string (

macro process_list [lib, funcs] {list equ kernel32, LoadLibraryA, GetProcAddress, ExitProcess, user32, MessageBoxA)?

If so, how does the process macro know what is a lib and what is a func?
Quote:
macro process_list [lib, funcs]


Edit: Is "," matched as a separator token?

_________________
This is a block of text that can be added to posts you make.
Post 19 Jun 2010, 17:59
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr
mindcooler,

It does. The idea is to collect lib/import tuples and unroll them into import directory.

match is crucial because of FASM order of processing: equs aren't expanded when they are part of macro arguments.

Refresh your knowledge here. Macro arguments can be complex (i.e. contain <> subunits).

First non-literal (i.e. not preceded by «=») comma separates match template from the rest (to be matched against template).


Last edited by baldr on 19 Jun 2010, 18:56; edited 1 time in total
Post 19 Jun 2010, 18:24
View user's profile Send private message Reply with quote
mindcooler



Joined: 01 Dec 2009
Posts: 423
Location: Västerås, Sweden
mindcooler
I see it now, the functions are grouped with <> to preserve ',', and is then expanded with irp.
Post 19 Jun 2010, 18:55
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr
mindcooler,

Iterated, right. Wink
Post 19 Jun 2010, 18:59
View user's profile Send private message Reply with quote
mindcooler



Joined: 01 Dec 2009
Posts: 423
Location: Västerås, Sweden
mindcooler
With the help of your example I made this:

Code:
imports equ \
   kernel32,<Sleep,WriteConsoleA,GetStdHandle>,\
   user32,<MessageBoxA>

idata:

macro create_imports [dll,functions]
{
   dd 0,0,0,dll#.name,dll#.iat
common
   dd 5 dup 0
   idata.size = $-idata
forward
   dll#.iat: irp function,functions
   \{
      function: dd function\#.name
   \}
   dd 0
forward
   dll#.name: db `dll#'.dll',0
forward
   irp function, functions
   \{
      align 2
      function\#.name: dw 0
      db \`function,0
   \}
}

match _imports,imports
{
   create_imports _imports
}    


Which boils down to

Code:
idata:
                dd 0,0,0,kernel32.name,kernel32.iat
         dd 0,0,0,user32.name,user32.iat
             dd 5 dup 0

              idata.size=$-idata

              kernel32.iat:
                   Sleep:dd Sleep.name
                     WriteConsoleA:dd WriteConsoleA.name
                     GetStdHandle:dd GetStdHandle.name
               dd 0
                user32.iat:
                     MessageBoxA:dd MessageBoxA.name
         dd 0

            kernel32.name:db 'kernel32.dll',0
             user32.name:db 'user32.dll',0

                     align 2
                     Sleep.name:dw 0
                 db 'Sleep',0

                  align 2
                     WriteConsoleA.name:dw 0
                 db 'WriteConsoleA',0

                  align 2
                     GetStdHandle.name:dw 0
                  db 'GetStdHandle',0

                   align 2
                     MessageBoxA.name:dw 0
                   db 'MessageBoxA',0
    

_________________
This is a block of text that can be added to posts you make.
Post 19 Jun 2010, 20:54
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr
mindcooler,

.DLL file extension is quite common for DLLs, how about .BPL (Borland), .WCX (Total Commander plug-in) or .WLL (IDA core)? Import directory needs only file name, why don't use it as reference to DLL? I'm not 100% sure but it can be without default ".DLL" suffix (probably it's NT-specific, export forwarding appears to store only base name without extension in forwarder string).

Another enhancement is to eliminate duplicates in imports. Not an easy task though. Wink

match instant-macro probably could be modified to accept [] grouping in pattern, then we won't need separate create_imports macro (of little use by itself, except in your example you may invoke it directly, because of static import list).
Post 20 Jun 2010, 10:43
View user's profile Send private message Reply with quote
mindcooler



Joined: 01 Dec 2009
Posts: 423
Location: Västerås, Sweden
mindcooler
baldr wrote:
.DLL file extension is quite common for DLLs, how about .BPL (Borland), .WCX (Total Commander plug-in) or .WLL (IDA core)? Import directory needs only file name, why don't use it as reference to DLL? I'm not 100% sure but it can be without default ".DLL" suffix (probably it's NT-specific, export forwarding appears to store only base name without extension in forwarder string).


Well what do you know, it works without extension!

baldr wrote:
Another enhancement is to eliminate duplicates in imports. Not an easy task though. Wink


It is probably a rare case, atleast for me. You could solve it with name mangling, but I like it clean.

baldr wrote:

match instant-macro probably could be modified to accept [] grouping in pattern, then we won't need separate create_imports macro (of little use by itself, except in your example you may invoke it directly, because of static import list).


I did away with the appended list, as I don't need to append it anymore.

Code:
idata:
                import  kernel32,<Sleep,WriteConsoleA>    

_________________
This is a block of text that can be added to posts you make.
Post 20 Jun 2010, 20:07
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.