flat assembler
Message board for the users of flat assembler.

Index > Windows > Simple Native file help.

Author
Thread Post new topic Reply to topic
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
Hello everyone! Smile I have written simple native dll file. I have 1 question. How to call it from program or windows or how I can use that ? Ty. here's simple code.
Code:
format PE NATIVE 4.0 DLL
entry main
include 'WIN32AX.INC'
.data
msg db 'Hello!',0
.code
main:
invoke MessageBox,0,msg,'Test',MB_OK
invoke ExitProcess,0
data import
library user32,'user32.dll',kernel32,'kernel32.dll'
include 'API\USER32.INC'
include 'API\KERNEL32.INC'
end data
section '.reloc' fixups discardable    
Post 09 Sep 2010, 22:27
View user's profile Send private message Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr
Overflowz,

For example, invoke LoadLibrary, "your dll name".
Post 09 Sep 2010, 23:12
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
That NATIVE keyword must have generated a driver actually (specifically a WDM driver).

Note that once the library (without NATIVE keyword) is loaded, after accepting the message box the process will be terminated. Also, this is not exporting any function so there is not seems to be much value of creating this DLL. Check the examples inside the package, one of them comes with a DLL example.
Post 09 Sep 2010, 23:43
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
Baldr, its with .sys extension.
LocoDelAssembly, its like DLL file with .sys ? and it's using dll functions ? I dont understand. It creates self with .sys extension and I should add dll functions instead of those ? Thanks.
Post 09 Sep 2010, 23:57
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
Well, created now native dll file with dll functions but I'm getting error "Invalid access to memory" when calling from rundll32 and also, I have section .reloc added too. here's code tell me if I'm wrong with something.
Code:
format PE NATIVE 4.0 DLL
include 'WIN32AX.INC'
entry main
.data
msg db 'Hello!',0
.code
proc main,hInst,dwReason,lpReserved
mov eax,[dwReason]
cmp eax,DLL_PROCESS_ATTACH
je attached
jmp quit
attached:
invoke MessageBox,0,msg,'Test',MB_OK
mov eax,[dwReason]
cmp eax,DLL_PROCESS_DETACH
je quit
quit:
mov eax,1
ret
endp
data import
library user32,'user32.dll',kernel32,'kernel32.dll'
include 'API\USER32.INC'
include 'API\KERNEL32.INC'
end data
section '.reloc' fixups data discardable     
Post 10 Sep 2010, 00:14
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Are you trying to create a driver or to create a regular DLL library? If the later is the case (which is the only way for your code to start to be valid since you can't use USER32 and KERNEL32 functions from drivers and your main proc is not a valid driver entry), then stop using the "NATIVE" keyword, just remove it to generate normal DLLs.

BTW, don't think that not using "native" is like some sort of VB6 p-code, it is still plain machine code, it is just the Windows subsystem that is different.

Please, really read the DLL example, it comes with a DLL and also an application that makes use of that DLL.
Post 10 Sep 2010, 01:23
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
I just need native dll for size. its very small like 700 bytes. Is there any way to do something like this and call it ? ty.
Post 10 Sep 2010, 10:43
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17669
Location: In your JS exploiting you and your system
revolution
The Windows loader does not know how to load driver files. Just use the normal pe dll (without the native) then Windows can load it.

BTW: Can you explain why you need a 700 byte DLL? Because if you are really short on memory then you should not be creating DLLs. Instead you should be putting such code directly into your main exe.
Post 10 Sep 2010, 10:57
View user's profile Send private message Visit poster's website Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
Well, I'm not pro to put code into exe file. I just want to make smallest file just for size. I'm just interested what difference is between sys and dll files and how to use sys. I know how to program dll but sys were hard.. thanks.
Post 10 Sep 2010, 11:21
View user's profile Send private message Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr
Overflowz,

.sys suffix is default for native PE compiled with fasm (you can override it with as "dll" added to format directive).

LoadLibrary() ignores file name suffix, though loader requires PE to be flagged as DLL in IMAGE_FILE_HEADER.Characteristics to call its entry, main. Another thing is default section/file alignment (0x20/0x20 for native PE, as opposed to default 0x1000/0x200).

More important difference is that native PE is supposed to use native NT API (e.g. NtCreateFile() instead of CreateFile()), not Win32 subsystem's (which can be unavailable or not properly initialized).
Post 10 Sep 2010, 12:58
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
Oh I got it. Thanks. Smile
Post 10 Sep 2010, 13:04
View user's profile Send private message Reply with quote
b1528932



Joined: 21 May 2010
Posts: 287
b1528932
Quote:
The Windows loader does not know how to load driver files.

i though in windows parent process must load exe (open file, read imports, load proper dlls). Is there something like 'loader'? i dont think so.
Post 11 Sep 2010, 16:12
View user's profile Send private message Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr
b1528932,

Even DOS 2.0 was able to assist in loading MZ executable, do you think Windows stepped back in that matter? Or maybe you've successfully tried (if even once) to hand-load PE correctly? I mean, relocations, import+dependencies, TLS and many things I don't remember right now.

CreateProcess() knows them all, believe me.
Post 11 Sep 2010, 16:35
View user's profile Send private message Reply with quote
b1528932



Joined: 21 May 2010
Posts: 287
b1528932
CreateProcess() is user api, meaning os doesnt take any action in mapping. By os i mean code executing in cpl = 0.
Post 11 Sep 2010, 21:02
View user's profile Send private message Reply with quote
baldr



Joined: 19 Mar 2008
Posts: 1651
baldr
b1528932,

CreateProcess() doesn't use kernel? Get real. NtCreateProcessEx() is the core of it. The rest is a wrapper, pretty complex though.

BTW, part of Win32 subsystem (namely Win32k.Sys) runs in kernel mode.

Looks like offtopic.
Post 12 Sep 2010, 08:49
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.