flat assembler
Message board for the users of flat assembler.

Home Search Register
Log in to check your private messages Log in

Index > Main > How to call WINAPI without use Invoke???
Author
Thread Post new topic Reply to topic
jhonny6721



Joined: 07 Aug 2014
Posts: 26
jhonny6721
Hello, I need convert the following code:

Code:
invoke      FindFirstFile,file_extension, FIND_STRUCT


I need call the API using code like this:

Code:
;Push parameters for the function
    push file_extension     ;Put in the stack the address of FIND_STRUCT
    push FIND_STRUCT  ;File extension
    call FindFirstFile   ; find the first *.fly


I just need call the WinAPI using the call function, instead invoke Macro. Thanks for your answers

_________________
Мне нравится программирование.
Post 18 Aug 2014, 16:06
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 18450
Location: In your JS exploiting you and your system
revolution
Parameters are pushed in reverse order. And the call target is indirect.
Code:
push FIND_STRUCT
push file_extension
call [FindFirstFile]
Post 18 Aug 2014, 16:11
View user's profile Send private message Visit poster's website Reply with quote
neville



Joined: 13 Jul 2008
Posts: 507
Location: New Zealand
neville
jhonny6721 has admitted he is "researching" computer viruses.

Perhaps it can now be inferred that his research might be "delivered" via .fly email files.

_________________
FAMOS - the first memory operating system
Post 19 Aug 2014, 01:50
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 18450
Location: In your JS exploiting you and your system
revolution
Must be a fishing program? Or perhaps an insect database? An airline booking system? Trouser zipper failure analysis?
Post 19 Aug 2014, 01:57
View user's profile Send private message Visit poster's website Reply with quote
alexfru



Joined: 23 Mar 2014
Posts: 80
alexfru
Invoke GetProcAddress() to obtain the address of FindFirstFile(). Then call it.
Other than that, you'd probably need to construct the .EXE manually or analyze it in memory (i.e. find the import table and the address of FindFirstFile() in it).
Post 19 Aug 2014, 07:17
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 18450
Location: In your JS exploiting you and your system
revolution
alexfru wrote:
Invoke GetProcAddress() to obtain the address of FindFirstFile(). Then call it.
Other than that, you'd probably need to construct the .EXE manually or analyze it in memory (i.e. find the import table and the address of FindFirstFile() in it).
I wonder if you are confusing the use of invoke (the Q the OP asked) with the existence of a binding in the import table?
Post 19 Aug 2014, 09:44
View user's profile Send private message Visit poster's website Reply with quote
DOS386



Joined: 08 Dec 2006
Posts: 1898
DOS386
> How to call WINAPI without use Invoke???

Lowest level: http://board.flatassembler.net/topic.php?t=11170
Post 19 Sep 2014, 08:49
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Main index Download Documentation Examples Message board

Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.