flat assembler
Message board for the users of flat assembler.

Index > Windows > Exporting the fas-file's symbols

Author
Thread Post new topic Reply to topic
yoshimitsu



Joined: 07 Jul 2011
Posts: 96
yoshimitsu
Hello,
after reading mindcooler's post about extracting labels from the generated fas-file to include those in the pe exports so e.g. OllyDbg or FDbg displays them, I thought about making a macro from it to stay entirely within FASM.

Since version 1.71, FASM is able to read and write to different addressing spaces from within others, so now you can easily include data in the output from within a virtual block.

To make correct use of it, you have to generate a fas-file with Ctrl+F8 at first and then compile it again, so the macro takes the values from the fresh fas-file.

If you already have an export-directive, use output_symbols instead, compile with Ctrl+F9 and copy the assembly-time message to append it to your export-call.

symbols.inc:
Code:
macro gen_symbols filename,ext
 { local SYM_LABEL,.,imagebase
   local pos,count,_SYMBOLS_SIZE,_SYMBOLS_COUNT
   local symbols_table,symbols_length,strings_table,prepr_source
   local module,addresses,names,ordinals,buffer
   local current,address,name,ordinal
   local symbol,value,flags,sib,len,a

   SYM_LABEL  = 109h ;SYM_DEFINED+SYM_USED+SYM_OPTIMIZED
   .:imagebase=.-rva .

   data export
    _symbols_section::
    dd 0,0,0,rva module,1
    dd _SYMBOLS_COUNT,_SYMBOLS_COUNT
    dd rva addresses,rva names,rva ordinals
    addresses dd _SYMBOLS_COUNT dup 0
    names dd _SYMBOLS_COUNT dup 0
    ordinals dw _SYMBOLS_COUNT dup 0
    module db filename#'.'#ext,0
    buffer db _SYMBOLS_SIZE dup 0
   end data

   pos   = 0
   count = 0

   virtual at 0
    file filename#'.fas'

    load symbols_table  dword from 24
    load symbols_length dword from 28
    load strings_table  dword from 16
    load prepr_source   dword from 32

    current = symbols_table
    address = addresses
    name    = names
    ordinal = ordinals

    repeat symbols_length/32
     load symbol dword from current+24
     load value  qword from current
     load flags   word from current+8
     load sib    dword from current+12

     if flags and SYM_LABEL=SYM_LABEL&sib=0&symbol<>0
      store dword value-imagebase  at _symbols_section:address
      store dword rva (buffer+pos) at _symbols_section:name
      store  word count            at _symbols_section:ordinal

      if symbol and (1 shl 31)>0        ;asciiz
       symbol = symbol and 7FFFFFFFh
       len = 0
       repeat 255
        load a byte from strings_table+symbol+%-1
        if a=0
         break
        end if
        store byte a at _symbols_section:buffer+pos+%-1
        len = len+1
       end repeat
      else                              ;pascal
       load len byte from prepr_source+symbol
       repeat len
        load a byte from prepr_source+symbol+%
        store byte a at _symbols_section:buffer+pos+%-1
       end repeat
      end if
      pos     = pos+len+1
      count   = count+1
      address = address+4
      name    = name+4
      ordinal = ordinal+2
     end if
     current = current+32
    end repeat
   end virtual

   _SYMBOLS_SIZE  = pos
   _SYMBOLS_COUNT = count }

macro output_symbols filename,ext
 { local SYM_LABEL,current
   local symbols_table,symbols_length,strings_table,prepr_source
   local symbol,flags,sib,len,a

   SYM_LABEL = 109h ;SYM_DEFINED+SYM_USED+SYM_OPTIMIZED

   ;display '  export '''#filename#'.'#ext#''''

   virtual at 0
    file filename#'.fas'

    load symbols_table  dword from 24
    load symbols_length dword from 28
    load strings_table  dword from 16
    load prepr_source   dword from 32

    current = symbols_table

    repeat symbols_length/32
     load symbol dword from current+24
     load flags   word from current+8
     load sib    dword from current+12

     if flags and SYM_LABEL=SYM_LABEL&sib=0&symbol<>0
      display ',\',13,10,'         '
      if symbol and (1 shl 31)>0        ;asciiz
       symbol = symbol and 7FFFFFFFh
       len = 0
       repeat 255
        load a byte from strings_table+symbol+%-1
        if a=0
         break
        end if
        display a
        len = len+1
       end repeat
       display ','''
       repeat len
        load a byte from strings_table+symbol+%-1
        display a
       end repeat
      else                              ;pascal
       load len byte from prepr_source+symbol
       repeat len
        load a byte from prepr_source+symbol+%
        display a
       end repeat
       display ','''
       repeat len
        load a byte from prepr_source+symbol+%
        display a
       end repeat
      end if
      display ''''
     end if
     current = current+32
    end repeat
   end virtual }
    


here's an example:
Code:
format PE GUI 4.0
entry start

include 'win32a.inc'

section '.code' code readable executable

  start:
        call    my_func
        push    0
        call    [ExitProcess]

  my_func:
        mov     [my_var],0
        retn

section '.data' data readable writeable

  my_var rd 1

  include 'symbols.inc'
  gen_symbols 'TestFile','exe'

section '.idata' import data readable

  library kernel32,'KERNEL32.DLL'
  include 'api\kernel32.inc'
    


Edit:
"load value dword from current" -> "load value qword from current" for x64


Last edited by yoshimitsu on 26 Oct 2012, 08:51; edited 2 times in total
Post 23 Oct 2012, 17:53
View user's profile Send private message Reply with quote
khatch



Joined: 24 Oct 2011
Posts: 68
khatch
hello,
sorry but "::" gave me "Error: invalid name" in file symbols.inc [14]
so i changed to ":" then assembled fine to me in fasmw 1.70.03 _ ide version 0.95.11 in windows platform

_________________
Jesus Christ is our Savior
Post 24 Oct 2012, 17:12
View user's profile Send private message Reply with quote
JohnFound



Joined: 16 Jun 2003
Posts: 3502
Location: Bulgaria
JohnFound
Use FASM 1.71 or newer. It has new features.
Post 24 Oct 2012, 17:50
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
khatch



Joined: 24 Oct 2011
Posts: 68
khatch
Hi,
THANK YOU JohnFound because your post helped me Very Happy

_________________
Jesus Christ is our Savior
Post 24 Oct 2012, 18:14
View user's profile Send private message Reply with quote
l_inc



Joined: 23 Oct 2009
Posts: 881
l_inc
yoshimitsu
I hope you've read not only the mindcooler's post . Because this reduces the value of the macro to a large extent.
Post 25 Oct 2012, 20:56
View user's profile Send private message Reply with quote
yoshimitsu



Joined: 07 Jul 2011
Posts: 96
yoshimitsu
You can, however, use it with debugging tools other than OllyDbg (for which there already is a nice plugin) like FDbg.
Post 26 Oct 2012, 08:49
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.