flat assembler
Message board for the users of flat assembler.
Index
> Windows > Simple Native file help. |
Author |
|
baldr 09 Sep 2010, 23:12
Overflowz,
For example, invoke LoadLibrary, "your dll name". |
|||
09 Sep 2010, 23:12 |
|
LocoDelAssembly 09 Sep 2010, 23:43
That NATIVE keyword must have generated a driver actually (specifically a WDM driver).
Note that once the library (without NATIVE keyword) is loaded, after accepting the message box the process will be terminated. Also, this is not exporting any function so there is not seems to be much value of creating this DLL. Check the examples inside the package, one of them comes with a DLL example. |
|||
09 Sep 2010, 23:43 |
|
Overflowz 09 Sep 2010, 23:57
Baldr, its with .sys extension.
LocoDelAssembly, its like DLL file with .sys ? and it's using dll functions ? I dont understand. It creates self with .sys extension and I should add dll functions instead of those ? Thanks. |
|||
09 Sep 2010, 23:57 |
|
Overflowz 10 Sep 2010, 00:14
Well, created now native dll file with dll functions but I'm getting error "Invalid access to memory" when calling from rundll32 and also, I have section .reloc added too. here's code tell me if I'm wrong with something.
Code: format PE NATIVE 4.0 DLL include 'WIN32AX.INC' entry main .data msg db 'Hello!',0 .code proc main,hInst,dwReason,lpReserved mov eax,[dwReason] cmp eax,DLL_PROCESS_ATTACH je attached jmp quit attached: invoke MessageBox,0,msg,'Test',MB_OK mov eax,[dwReason] cmp eax,DLL_PROCESS_DETACH je quit quit: mov eax,1 ret endp data import library user32,'user32.dll',kernel32,'kernel32.dll' include 'API\USER32.INC' include 'API\KERNEL32.INC' end data section '.reloc' fixups data discardable |
|||
10 Sep 2010, 00:14 |
|
LocoDelAssembly 10 Sep 2010, 01:23
Are you trying to create a driver or to create a regular DLL library? If the later is the case (which is the only way for your code to start to be valid since you can't use USER32 and KERNEL32 functions from drivers and your main proc is not a valid driver entry), then stop using the "NATIVE" keyword, just remove it to generate normal DLLs.
BTW, don't think that not using "native" is like some sort of VB6 p-code, it is still plain machine code, it is just the Windows subsystem that is different. Please, really read the DLL example, it comes with a DLL and also an application that makes use of that DLL. |
|||
10 Sep 2010, 01:23 |
|
Overflowz 10 Sep 2010, 10:43
I just need native dll for size. its very small like 700 bytes. Is there any way to do something like this and call it ? ty.
|
|||
10 Sep 2010, 10:43 |
|
revolution 10 Sep 2010, 10:57
The Windows loader does not know how to load driver files. Just use the normal pe dll (without the native) then Windows can load it.
BTW: Can you explain why you need a 700 byte DLL? Because if you are really short on memory then you should not be creating DLLs. Instead you should be putting such code directly into your main exe. |
|||
10 Sep 2010, 10:57 |
|
Overflowz 10 Sep 2010, 11:21
Well, I'm not pro to put code into exe file. I just want to make smallest file just for size. I'm just interested what difference is between sys and dll files and how to use sys. I know how to program dll but sys were hard.. thanks.
|
|||
10 Sep 2010, 11:21 |
|
baldr 10 Sep 2010, 12:58
Overflowz,
.sys suffix is default for native PE compiled with fasm (you can override it with as "dll" added to format directive). LoadLibrary() ignores file name suffix, though loader requires PE to be flagged as DLL in IMAGE_FILE_HEADER.Characteristics to call its entry, main. Another thing is default section/file alignment (0x20/0x20 for native PE, as opposed to default 0x1000/0x200). More important difference is that native PE is supposed to use native NT API (e.g. NtCreateFile() instead of CreateFile()), not Win32 subsystem's (which can be unavailable or not properly initialized). |
|||
10 Sep 2010, 12:58 |
|
Overflowz 10 Sep 2010, 13:04
Oh I got it. Thanks.
|
|||
10 Sep 2010, 13:04 |
|
b1528932 11 Sep 2010, 16:12
Quote: The Windows loader does not know how to load driver files. i though in windows parent process must load exe (open file, read imports, load proper dlls). Is there something like 'loader'? i dont think so. |
|||
11 Sep 2010, 16:12 |
|
baldr 11 Sep 2010, 16:35
b1528932,
Even DOS 2.0 was able to assist in loading MZ executable, do you think Windows stepped back in that matter? Or maybe you've successfully tried (if even once) to hand-load PE correctly? I mean, relocations, import+dependencies, TLS and many things I don't remember right now. CreateProcess() knows them all, believe me. |
|||
11 Sep 2010, 16:35 |
|
b1528932 11 Sep 2010, 21:02
CreateProcess() is user api, meaning os doesnt take any action in mapping. By os i mean code executing in cpl = 0.
|
|||
11 Sep 2010, 21:02 |
|
baldr 12 Sep 2010, 08:49
b1528932,
CreateProcess() doesn't use kernel? Get real. NtCreateProcessEx() is the core of it. The rest is a wrapper, pretty complex though. BTW, part of Win32 subsystem (namely Win32k.Sys) runs in kernel mode. Looks like offtopic. |
|||
12 Sep 2010, 08:49 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.