flat assembler
Message board for the users of flat assembler.

Index > Windows > [x64] Dll is not working

Author
Thread Post new topic Reply to topic
yoshimitsu



Joined: 07 Jul 2011
Posts: 96
yoshimitsu 21 Dec 2011, 22:25
I can't seem to get a 64bit dll working..

for example:
I simply copied the code out of this thread.
Windows refuses to load the dll, though, with the message that's it's not a correct image..
Post 21 Dec 2011, 22:25
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4624
Location: Argentina
LocoDelAssembly 22 Dec 2011, 14:37
mmmh, I'm having problems as well. I just tried converting the DLL example to 64-bit, but I get this message
Windows 7 wrote:
---------------------------
LASTERR.EXE - Bad Image
---------------------------
C:\Users\Hernan\Desktop\DLL\ERRORMSG.DLL is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support.
---------------------------
OK
---------------------------


Here is the code, what's wrong here?

ERRORMSG.ASM
Code:
; DLL creation example

format PE64 GUI 5.0 DLL
entry DllEntryPoint

include 'win64a.inc'

section '.text' code readable executable

proc DllEntryPoint hinstDLL,fdwReason,lpvReserved
        mov     eax,TRUE
        ret
endp

; VOID ShowErrorMessage(HWND hWnd,DWORD dwError);

proc ShowErrorMessage hWnd,dwError
  local lpBuffer:DWORD

        mov     [hWnd], rcx
        mov     [dwError], rdx

        lea     rax,[lpBuffer]
        invoke  FormatMessage,FORMAT_MESSAGE_ALLOCATE_BUFFER+FORMAT_MESSAGE_FROM_SYSTEM,0,[dwError],LANG_NEUTRAL,rax,0,0
        invoke  MessageBox,[hWnd],[lpBuffer],NULL,MB_ICONERROR+MB_OK
        invoke  LocalFree,[lpBuffer]
        ret
endp

; VOID ShowLastError(HWND hWnd);

proc ShowLastError hWnd

        mov     [hWnd], rcx

        invoke  GetLastError
        stdcall ShowErrorMessage,[hWnd],eax
        ret
endp

section '.idata' import data readable writeable

  library kernel,'KERNEL32.DLL',\
          user,'USER32.DLL'

  import kernel,\
         GetLastError,'GetLastError',\
         SetLastError,'SetLastError',\
         FormatMessage,'FormatMessageA',\
         LocalFree,'LocalFree'

  import user,\
         MessageBox,'MessageBoxA'

section '.edata' export data readable

  export 'ERRORMSG.DLL',\
         ShowErrorMessage,'ShowErrorMessage',\
         ShowLastError,'ShowLastError'

section '.reloc' fixups data discardable    
LASTERR.ASM
Code:
format PE64 GUI 5.0
entry start

include 'win64a.inc'

section '.text' code readable executable

  start:
        invoke  ShowLastError,HWND_DESKTOP
        invoke  ExitProcess,0

section '.idata' import data readable writeable

  library kernel,'KERNEL32.DLL',\
          errormsg,'ERRORMSG.DLL'

  import kernel,\
         ExitProcess,'ExitProcess'

  import errormsg,\
         ShowLastError,'ShowLastError'    
Post 22 Dec 2011, 14:37
View user's profile Send private message Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 8359
Location: Kraków, Poland
Tomasz Grysztar 22 Dec 2011, 14:56
http://board.flatassembler.net/topic.php?p=33087#33087

Quick fix: use "data fixups" instead of separate section for relocations.

Also: you forgot to align the stack at entry point ("sub rsp,8" should do the job).
Post 22 Dec 2011, 14:56
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20451
Location: In your JS exploiting you and your system
revolution 22 Dec 2011, 15:23
See also here. Might be useful info.
Post 22 Dec 2011, 15:23
View user's profile Send private message Visit poster's website Reply with quote
yoshimitsu



Joined: 07 Jul 2011
Posts: 96
yoshimitsu 22 Dec 2011, 16:37
since addressing is RIP relative in x64, in which case would I even need fixups?
Is it possible to skip them entirely?
I recall that a dll without a relocation entry refuses to load on x86

side question:
why exactly is something like "lea rax,[ExitProcess+rax]" invalid and what's a good workaround?
(lea rcx,[ExitProcess]
lea rax,[rax+rcx]?)
Post 22 Dec 2011, 16:37
View user's profile Send private message Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 8359
Location: Kraków, Poland
Tomasz Grysztar 22 Dec 2011, 17:02
yoshimitsu wrote:
why exactly is something like "lea rax,[ExitProcess+rax]" invalid and what's a good workaround?
This could be invalid only when ExitProcess was relocatable 64-bit address and to specify such value you would need 8-byte immediate, while displacement in [reg+imm] addressing is at most 32-bit signed value. So possible workarounds would be:
Code:
mov rcx,ExitProcess ; generates 64-bit relocation
add rax,rcx    
Code:
lea rcx,[ExitProcess] ; uses RIP-relative addressing, doesn't need relocation
add rax,rcx    

Second variant has shorter opcode and is PIC (doesn't need fixups), so it's better.

However with PE format you generally should not have this problem, as it is possible to have 32-bit VA relocation there. Perhaps you are using some quite old fasm version which was not able to generate such fixup?
Post 22 Dec 2011, 17:02
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.