flat assembler
Message board for the users of flat assembler.

Index > Windows > Using LoadLibraryA n GetProcAddre without import kernel32

Author
Thread Post new topic Reply to topic
MinhHung



Joined: 10 Sep 2010
Posts: 51
Location: Viet Nam
MinhHung
Code:
format PE ;GUI 4.0

        push table1
        call init
        push    -11
        call    dword [GetStdHandle]
        push    0
        push    a
        push    11
        push    MessageBoxA
        push    eax
        call    dword [WriteConsoleA]
        push    1000
        call    dword [Sleep]


        push table2
        call init
        test eax,eax
        je exit
        push user32
        call [LoadLibrary]
        mov [user32handle],eax
        push  MessageBoxA
        push eax
        call [GetProcAddress]
        push 0
        push user32
        push MessageBoxA
        push 0
        call eax
     exit:ret
a dd 0
user32  db 'user32.dll',0
user32handle dd 0
MessageBoxA db 'MessageBoxA',0
MessageBoxAddr dd 0

table1:      ;sort by name
GetStdHandle    dd GetStdHandleName
Sleep           dd SleepName
WriteConsoleA   dd WriteConsoleAName
                dd 0
table2:      ;sort by name
GetProcAddress  dd GetProcAddressName
LoadLibrary     dd LoadLibraryName
                dd 0

GetStdHandleName        db 'GetStdHandle',0
SleepName               db 'Sleep',0
WriteConsoleAName       db 'WriteConsoleA',0
GetProcAddressName      db 'GetProcAddress',0
LoadLibraryName         db 'LoadLibraryA',0

istr_cmp:
        push esi
        push ecx
        push edx
        xor edx,edx
        mov esi,ebx
        mov ecx,eax
        dec ecx
        istr_cmp_loop:
                inc ecx
                lodsb
                cmp al,0
                je istr_cmp_ret
                cmp al,byte[ecx]
                je istr_cmp_loop
                pop edx
                pop ecx
                pop esi
                xor eax,eax
                ret
        istr_cmp_ret:
                cmp byte[ecx],0
                cmovne eax,edx
                pop edx
                pop ecx
                pop esi
                ret
init:
          push ebx
          push ecx
          push edx
          push esi
          push edi
          mov esi,[esp+24]
          mov eax,[esp+28]
          and eax,$fff0 shl 16
          mov ecx,eax
          mov edx,eax
          mov eax,[eax+$3C]
          or eax,ecx
          mov ebx,[eax+$34]
          cmp ecx,ebx
          jne init_fail
          mov ebx,[eax+$78]
          or ecx,ebx
          mov eax,[ecx+$1c]
          mov ebx,[ecx+$20]
          or eax,edx
          or ebx,edx
          init_getproc_start:
              push eax
              lodsd
              mov edi,eax
              test eax,eax
              je  init_getproc_end
              pop eax
              init_getproc_loop:
                push ebx
                push eax
                mov eax,[ebx]
                test eax,eax
                je init_getproc_not_ok
                or eax,edx
                mov ebx,edi
                call istr_cmp
                test eax,eax
                jne init_getproc_ok
                pop eax
                pop ebx
                add ebx,4
                add eax,4
                jmp init_getproc_loop
              init_getproc_not_ok:
                   pop eax
                   pop ebx
                   jmp init_fail
              init_getproc_ok:
                   mov eax,[esp]
                   mov eax,[eax]
                   or eax,edx
                   mov edi,esi
                   sub edi,4
                   stosd
                   pop eax
                   pop ebx
                   add eax,4
                   add ebx,4
                   jmp init_getproc_start
                init_getproc_end:
                pop eax
                pop edi
                pop esi
                pop edx
                pop ecx
                pop ebx
                mov eax,1
                ret 4
          init_fail:
          pop edi
          pop esi
          pop edx
          pop ecx
          pop ebx
          xor eax,eax
          ret 4    

It work in Microsoft Window xp, i don't know it can run in other OS or not...


if it can't run in other Microsoft Window, please tell me!!!

_________________
sorry for my english
Post 06 Dec 2011, 12:21
View user's profile Send private message Yahoo Messenger Reply with quote
khatch



Joined: 24 Oct 2011
Posts: 68
khatch
Hello "MinhHung"
i am using windows 7 32 bit
and i assembled it successfully but when execute the binary main.exe i got this error :

Problem signature:
Problem Event Name: APPCRASH
Application Name: main.exe
Application Version: 0.0.0.0
Application Timestamp: 4ede2025
Fault Module Name: main.exe
Fault Module Version: 0.0.0.0
Fault Module Timestamp: 4ede2025
Exception Code: c0000005
Exception Offset: 00001123
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 12289
Additional Information 1: 0a9e
Additional Information 2: 0a9e372d3b4ad19135b953a78882e789
Additional Information 3: 0a9e
Additional Information 4: 0a9e372d3b4ad19135b953a78882e789

and i think the problem is at line (93)d your source in function "init" and this is the screenshot of "ollydbg" .
Can you explain this function more if you don`t could fix it on windows 7 32 bit

REGARD.


Description: i preferred decompress with 7-zip
Download
Filename: olly-win7-32bit.7z
Filesize: 97.76 KB
Downloaded: 24 Time(s)


_________________
Jesus Christ is our Savior
Post 06 Dec 2011, 15:23
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
use the address $200000 to get the process environment structure. There, you will find handles to GDI, console input/output, current directory dll path, image path and many more.
Post 06 Dec 2011, 16:52
View user's profile Send private message Reply with quote
MinhHung



Joined: 10 Sep 2010
Posts: 51
Location: Viet Nam
MinhHung
"khatch" thanks!
now i try to make it can run in win7 32bit

"typedef"
i can't read at this address $200000
Post 08 Dec 2011, 13:17
View user's profile Send private message Yahoo Messenger Reply with quote
hopcode



Joined: 04 Mar 2008
Posts: 563
Location: Germany
hopcode
Hi MinhHung,
there is no speed gain using that proc. it is actually very
slow. look here for 2 different binary search algo GetProcAddress.

http://sites.google.com/site/x64lab/home/notes-on-x64-windows-gui-programming/customizing-the-getprocaddress

my code, 64 bit, and lingo's code,32bit (below attached in thread)
though lingo resolves forward reference in a standard way.
Cheers

.:mrk[hopcode]
.:x64lab:.
group http://groups.google.com/group/x64lab
site http://sites.google.com/site/x64lab

_________________
⠓⠕⠏⠉⠕⠙⠑
Post 11 Dec 2011, 13:33
View user's profile Send private message Visit poster's website Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
If you don't import from kernel32, your app won't work under Windows 2000 (you can import from a DLL that ends up importing from kernel32, though, it doesn't have to be a direct import). For later OSes, kernel32 is always injected, whether you end up importing from it or not.
Post 11 Dec 2011, 21:00
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.