flat assembler
Message board for the users of flat assembler.
Index
> Windows > How to make a api call in a dynamically loaded binary code? |
Author |
|
Spool 06 Feb 2013, 07:42
[ Post removed by author. ]
Last edited by Spool on 17 Mar 2013, 10:09; edited 1 time in total |
|||
06 Feb 2013, 07:42 |
|
revolution 06 Feb 2013, 07:45
Short answer: Yes it is possible.
Long answer: Search this board for topics about exe's having no imports section. BTW: Moved to Windows section. |
|||
06 Feb 2013, 07:45 |
|
Spool 06 Feb 2013, 07:48
[ Post removed by author. ]
Last edited by Spool on 17 Mar 2013, 10:09; edited 1 time in total |
|||
06 Feb 2013, 07:48 |
|
TheRedPill 06 Feb 2013, 17:49
These answers could be of help to me, i only had a short run over the pages, but they look very promising:
http://board.flatassembler.net/topic.php?t=3845 http://board.flatassembler.net/topic.php?t=5666 http://board.flatassembler.net/topic.php?t=7718 http://board.flatassembler.net/topic.php?t=9367 As it seems, at first sight, its not as easy as i thought it would be and its always never 100% safe to work with as some AV software or another protection mechanism will do a false positive on the generated code. Beside that, there seems to be no really 100% approved way to do this. |
|||
06 Feb 2013, 17:49 |
|
f0dder 06 Feb 2013, 18:49
If you are the one designing both the dynamically loaded binary as well as the invoking code, there shouldn't be any problems - make a convention that LL+GPA are on the stack, or registers, or to some data structure pointed to by <whatever> when the binary code is called.
Shellcode is a different matter, though. |
|||
06 Feb 2013, 18:49 |
|
nmaps 08 Feb 2013, 05:32
There are several ways, although the easiest [to understand and implement] is to use the fact that kernel32.dll is loaded into each process, so use the PEB's LDR_MODULE list to find kernel32.dll and get its base address, then navigate the PE headers to the imports section and walk it until you get the functions you need.
All the structs can be found on msdn or undocumented.ntinternals.net |
|||
08 Feb 2013, 05:32 |
|
ACP 09 Feb 2013, 23:13
When parsing PEB or using some other internal Windows structures keep in mind that those could differ between x86 and x64 versions. Furthermore you need to remember about WoW layer in case of x64 running x86 process.
|
|||
09 Feb 2013, 23:13 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.