flat assembler
Message board for the users of flat assembler.

Index > Windows > error: undefined symbol 'LoadLibraryA'.

Author
Thread Post new topic Reply to topic
kerr



Joined: 24 Feb 2016
Posts: 156
kerr 05 Aug 2016, 09:56
Code:

format pe

entry start

start:
        dll db 'user32.dll',0
        api db 'MessageBoxA',0
        
        push ebx
        lea ebx,[dll]
        push ebx
        test eax,0
        jnz @@getapi
        lea ebx,[dll]
        push ebx 
        call LoadLibraryA
        @@getapi:
                lea ebx,[api]
                push ebx
                push eax
                call GetProcAddress
                push 0
                push 0
                push 0
                push 0
                call eax
                pop ebx
    


can you help me see?

error is here:
call LoadLibraryA
error: undefined symbol 'LoadLibraryA'.

_________________
I hope we will be good friends.
Post 05 Aug 2016, 09:56
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20299
Location: In your JS exploiting you and your system
revolution 05 Aug 2016, 10:01
You will have to define "LoadLibraryA" somewhere. fasm needs to be told what it is.

And indeed you will also need to include an import section in there somewhere else Windows won't load you code even if it did compile. Have a look at the working example files in the download. They show how to make import sections.
Post 05 Aug 2016, 10:01
View user's profile Send private message Visit poster's website Reply with quote
kerr



Joined: 24 Feb 2016
Posts: 156
kerr 07 Aug 2016, 05:31
revolution wrote:
You will have to define "LoadLibraryA" somewhere. fasm needs to be told what it is.

And indeed you will also need to include an import section in there somewhere else Windows won't load you code even if it did compile. Have a look at the working example files in the download. They show how to make import sections.



oh no!friends

i use the dynamic call system function, can not import resource table file *.inc.

_________________
I hope we will be good friends.
Post 07 Aug 2016, 05:31
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20299
Location: In your JS exploiting you and your system
revolution 07 Aug 2016, 07:33
Without a definition for LoadLibraryA you won't be able to compile the code.

And without an import section in your executable you will have trouble to convince the OS to load your exe.
Post 07 Aug 2016, 07:33
View user's profile Send private message Visit poster's website Reply with quote
JohnFound



Joined: 16 Jun 2003
Posts: 3499
Location: Bulgaria
JohnFound 07 Aug 2016, 07:43
kerr, IMHO, you are trying to write program that is far out of your current level of competence. (For example defining data after the "start" label is obvious and gross mistake).
Simply restart your learning process from the examples included in the FASM packages and don't continue further before fully understand how they work and what is the meaning of every program line.
Post 07 Aug 2016, 07:43
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
ProMiNick



Joined: 24 Mar 2012
Posts: 798
Location: Russian Federation, Sochi
ProMiNick 07 Aug 2016, 07:49
Code:
format pe 

entry start 

; uncomment next lines for win10 (I think target OS is win10 as OS of the most modern PCs)
; LoadLibraryA = 78D37070h
; GetProcAddress = 78D43630h

; or for win xp sp3
; LoadLibraryA = 7C801D7Bh
; GetProcAddress = 7C80AE30h

; other win ver - other offsets

section '.text' code readable executable

start: 
        jmp @f
        dll db 'user32.dll',0 
        api db 'MessageBoxA',0 
        @@: 
        push ebx 
        lea ebx,[dll] 
        push ebx 
        test eax,0 ; test for what? Is eax result of previously call? Where is that call?
        jnz @@getapi ; 
        lea ebx,[dll] 
        push ebx  
        call LoadLibraryA 
        @@getapi: 
                lea ebx,[api] 
                push ebx 
                push eax 
                call GetProcAddress 
                push 0 
                push 0 
                push 0 
                push 0 
                call eax 
                pop ebx     

_________________
I don`t like to refer by "you" to one person.
My soul requires acronim "thou" instead.
Post 07 Aug 2016, 07:49
View user's profile Send private message Send e-mail Reply with quote
kerr



Joined: 24 Feb 2016
Posts: 156
kerr 08 Aug 2016, 04:26
revolution wrote:
Without a definition for LoadLibraryA you won't be able to compile the code.

And without an import section in your executable you will have trouble to convince the OS to load your exe.



En Yes!

You Speak very good!

But I follow masm grammar write fasm complie shellcode code.

eg:

Code:
.data 
xdll db 'user32.dll',0 
xapi db 'MessageBoxA',0 
.code 
start: 
push ebx            
lea ebx,xdll 
push ebx 
call GetModuleHandle
test eax,0           ;LoadLibraryA 
jnz @@getapi 

lea ebx,xdll 
push ebx 
call LoadLibraryA 
@@getapi: 
lea ebx,xapi 
push ebx 
push eax  
call GetProcAddress 

push 0 
push 0 
push 0 
push 0 
call eax   ;CALL MessageBoxA
pop ebx 
end start 

    

_________________
I hope we will be good friends.
Post 08 Aug 2016, 04:26
View user's profile Send private message Reply with quote
kerr



Joined: 24 Feb 2016
Posts: 156
kerr 08 Aug 2016, 04:38
JohnFound wrote:
kerr, IMHO, you are trying to write program that is far out of your current level of competence. (For example defining data after the "start" label is obvious and gross mistake).
Simply restart your learning process from the examples included in the FASM packages and don't continue further before fully understand how they work and what is the meaning of every program line.



Hi friends

Thanks for your support and guidance
With my current technology is indeed very poor, it is far beyond my ability. But people are learning to make progress, and I don't want to stop all the time.

_________________
I hope we will be good friends.
Post 08 Aug 2016, 04:38
View user's profile Send private message Reply with quote
kerr



Joined: 24 Feb 2016
Posts: 156
kerr 08 Aug 2016, 04:53
ProMiNick wrote:
Code:
format pe 

entry start 

; uncomment next lines for win10 (I think target OS is win10 as OS of the most modern PCs)
; LoadLibraryA = 78D37070h
; GetProcAddress = 78D43630h

; or for win xp sp3
; LoadLibraryA = 7C801D7Bh
; GetProcAddress = 7C80AE30h

; other win ver - other offsets

section '.text' code readable executable

start: 
        jmp @f
        dll db 'user32.dll',0 
        api db 'MessageBoxA',0 
        @@: 
        push ebx 
        lea ebx,[dll] 
        push ebx 
        test eax,0 ; test for what? Is eax result of previously call? Where is that call?
        jnz @@getapi ; 
        lea ebx,[dll] 
        push ebx  
        call LoadLibraryA 
        @@getapi: 
                lea ebx,[api] 
                push ebx 
                push eax 
                call GetProcAddress 
                push 0 
                push 0 
                push 0 
                push 0 
                call eax 
                pop ebx     


I refer to is masm syntax fasm compile shellcode..




Code:

.data  
xdll db 'user32.dll',0  
xapi db 'MessageBoxA',0  
.code  
start:  
push ebx             
lea ebx,xdll  
push ebx  
call GetModuleHandle 
test eax,0           ;LoadLibraryA  
jnz @@getapi  

lea ebx,xdll  
push ebx  
call LoadLibraryA  
@@getapi:  
lea ebx,xapi  
push ebx  
push eax   
call GetProcAddress  

push 0  
push 0  
push 0  
push 0  
call eax   ;CALL MessageBoxA 
pop ebx  
end start  
    



But fasm cannot compile asm file ..

I want speak is I Logical thinking wrong

_________________
I hope we will be good friends.
Post 08 Aug 2016, 04:53
View user's profile Send private message Reply with quote
ProMiNick



Joined: 24 Mar 2012
Posts: 798
Location: Russian Federation, Sochi
ProMiNick 08 Aug 2016, 08:52
deleted
Post 08 Aug 2016, 08:52
View user's profile Send private message Send e-mail Reply with quote
kerr



Joined: 24 Feb 2016
Posts: 156
kerr 13 Aug 2016, 01:38
ProMiNick wrote:
deleted


what ?


hello can you help me ?

_________________
I hope we will be good friends.
Post 13 Aug 2016, 01:38
View user's profile Send private message Reply with quote
kerr



Joined: 24 Feb 2016
Posts: 156
kerr 13 Aug 2016, 01:41
revolution wrote:
Without a definition for LoadLibraryA you won't be able to compile the code.

And without an import section in your executable you will have trouble to convince the OS to load your exe.



Yes this is very trouble!

_________________
I hope we will be good friends.
Post 13 Aug 2016, 01:41
View user's profile Send private message Reply with quote
Walter



Joined: 26 Jan 2013
Posts: 155
Walter 13 Aug 2016, 03:51
This one I found interesting.

Code:
;********************
;* MyMessageBox.asm *
;********************

; http://www.rohitab.com/discuss/topic/38717-quick-tutorial-finding-kernel32-base-and-walking-its-export-table/
; http://blog.harmonysecurity.com/2009_06_01_archive.html

format PE GUI 4.0

entry start  

section '.text' code readable executable


start:  
    pushad
    call    CodeStart

CodeStart:
    pop     ebp
    sub     ebp,CodeStart           ; delta offset shit
 
    mov     ebx,[FS:0x30]           ; get a pointer to the PEB
    mov     ebx,[ebx+0x0C]          ; get PEB->Ldr
    mov     ebx,[ebx+0x14]          ; get PEB->Ldr.InMemoryOrderModuleList.Flink (1st entry)
    mov     ebx,[ebx]               ; 2nd Entry
    mov     ebx,[ebx]               ; 3rd Entry
    mov     ebx,[ebx+0x10]          ; Get Kernel32 Base
    mov     [ebp+dwKernelBase],ebx
    add     ebx,[ebx+0x3C]          ; Start of PE header
    mov     ebx,[ebx+0x78]          ; RVA of export dir
    add     ebx,[ebp+dwKernelBase]  ; VA of export dir
    mov     [ebp+dwExportDirectory],ebx
 
    lea     edx,[ebp+api_GetProcAddress]
    mov     ecx,[ebp+len_GetProcAddress]
    call    GetFunctionAddress
    mov     [ebp+AGetProcAddressA],eax
    lea     edx,[ebp+api_LoadLibrary]
    push    edx
    push    dword [ebp+dwKernelBase]
    call    eax
    mov     [ebp+ALoadLibraryA],eax
    lea     edx,[ebp+szUser32]
    push    edx
    call    eax
    lea     edx,[ebp+api_MessageBoxA]
    push    edx
    push    eax
    mov     ebx,[ebp+AGetProcAddressA]
    call    ebx
    mov     [ebp+AMessageBoxAA],eax
 
    push    0
    lea     edx,[ebp+szTitle]
    push    edx
    lea     edx,[ebp+szMsg]
    push    edx
    push    0
    call    eax
    popad
 
    push    0xBBBBBBBB   ;OEP
    retn
 
GetFunctionAddress:
    push    ebx
    push    esi
    push    edi
 
    mov     esi, [ebp+dwExportDirectory]
    mov     esi, [esi+0x20]          ;RVA of ENT
    add     esi, [ebp+dwKernelBase]  ;VA of ENT
    xor     ebx,ebx
    cld
 
    looper:

    inc     ebx
    lodsd
    add     eax,[ebp+dwKernelBase]   ;eax now points to the string of a function
    push    esi                      ;preserve it for the outer loop
    mov     esi,eax
    mov     edi,edx
    cld
    push    ecx
    repe    cmpsb
    pop     ecx
    pop     esi
    jne     looper
 
    dec     ebx
    mov     eax,[ebp+dwExportDirectory]
    mov     eax,[eax+0x24]          ;RVA of EOT
    add     eax,[ebp+dwKernelBase]  ;VA of EOT
    movzx   eax , word [ebx*2+eax]  ;eax now holds the ordinal of our function
    mov     ebx,[ebp+dwExportDirectory]
    mov     ebx,[ebx+0x1C]          ;RVA of EAT
    add     ebx,[ebp+dwKernelBase]  ;VA of EAT
    mov     ebx,[eax*4+ebx]
    add     ebx,[ebp+dwKernelBase]
    mov     eax,ebx

    pop     edi
    pop     esi
    pop     ebx
    ret
 
section '.data' data readable writeable

szTitle            db "Caption",0
szMsg              db "Text.",0
szUser32           db "User32.dll",0
AGetProcAddressA   dd 0
api_GetProcAddress db "GetProcAddress"
len_GetProcAddress dd $-api_GetProcAddress
ALoadLibraryA      dd 0
api_LoadLibrary    db "LoadLibraryA",0
AMessageBoxAA      dd 0
api_MessageBoxA    db "MessageBoxA",0
dwKernelBase       dd 0
dwExportDirectory  dd 0
    
Post 13 Aug 2016, 03:51
View user's profile Send private message Reply with quote
Walter



Joined: 26 Jan 2013
Posts: 155
Walter 13 Aug 2016, 04:35
ProMiNick's example on Windows 10.

Code:
format PE GUI 4.0

entry start  

; These values worked for me on Windows 10

LoadLibraryA = 73F98500h
GetProcAddress = 73F8A200h

start:
        jmp @f
        strCaption db 'Caption',0
        strText db 'Text.',0
        dll db 'user32.dll',0  
        api db 'MessageBoxA',0  
        @@:  
        push ebx  
        lea ebx,[dll]  
        push ebx  
        test eax,0 ; test for what? Is eax result of previously call? Where is that call? 
        jnz @@getapi ;  
        lea ebx,[dll]  
        push ebx   
        call LoadLibraryA

    @@getapi:

                lea ebx,[api]
                push ebx
                push eax  
                call GetProcAddress  
                push 0  
                push strCaption
                push strText
                push 0  
                call eax  
                                                       
    
Post 13 Aug 2016, 04:35
View user's profile Send private message Reply with quote
kerr



Joined: 24 Feb 2016
Posts: 156
kerr 16 Aug 2016, 01:59
Walter wrote:
This one I found interesting.

Code:
;********************
;* MyMessageBox.asm *
;********************

; http://www.rohitab.com/discuss/topic/38717-quick-tutorial-finding-kernel32-base-and-walking-its-export-table/
; http://blog.harmonysecurity.com/2009_06_01_archive.html

format PE GUI 4.0

entry start  

section '.text' code readable executable


start:  
    pushad
    call    CodeStart

CodeStart:
    pop     ebp
    sub     ebp,CodeStart           ; delta offset shit
 
    mov     ebx,[FS:0x30]           ; get a pointer to the PEB
    mov     ebx,[ebx+0x0C]          ; get PEB->Ldr
    mov     ebx,[ebx+0x14]          ; get PEB->Ldr.InMemoryOrderModuleList.Flink (1st entry)
    mov     ebx,[ebx]               ; 2nd Entry
    mov     ebx,[ebx]               ; 3rd Entry
    mov     ebx,[ebx+0x10]          ; Get Kernel32 Base
    mov     [ebp+dwKernelBase],ebx
    add     ebx,[ebx+0x3C]          ; Start of PE header
    mov     ebx,[ebx+0x78]          ; RVA of export dir
    add     ebx,[ebp+dwKernelBase]  ; VA of export dir
    mov     [ebp+dwExportDirectory],ebx
 
    lea     edx,[ebp+api_GetProcAddress]
    mov     ecx,[ebp+len_GetProcAddress]
    call    GetFunctionAddress
    mov     [ebp+AGetProcAddressA],eax
    lea     edx,[ebp+api_LoadLibrary]
    push    edx
    push    dword [ebp+dwKernelBase]
    call    eax
    mov     [ebp+ALoadLibraryA],eax
    lea     edx,[ebp+szUser32]
    push    edx
    call    eax
    lea     edx,[ebp+api_MessageBoxA]
    push    edx
    push    eax
    mov     ebx,[ebp+AGetProcAddressA]
    call    ebx
    mov     [ebp+AMessageBoxAA],eax
 
    push    0
    lea     edx,[ebp+szTitle]
    push    edx
    lea     edx,[ebp+szMsg]
    push    edx
    push    0
    call    eax
    popad
 
    push    0xBBBBBBBB   ;OEP
    retn
 
GetFunctionAddress:
    push    ebx
    push    esi
    push    edi
 
    mov     esi, [ebp+dwExportDirectory]
    mov     esi, [esi+0x20]          ;RVA of ENT
    add     esi, [ebp+dwKernelBase]  ;VA of ENT
    xor     ebx,ebx
    cld
 
    looper:

    inc     ebx
    lodsd
    add     eax,[ebp+dwKernelBase]   ;eax now points to the string of a function
    push    esi                      ;preserve it for the outer loop
    mov     esi,eax
    mov     edi,edx
    cld
    push    ecx
    repe    cmpsb
    pop     ecx
    pop     esi
    jne     looper
 
    dec     ebx
    mov     eax,[ebp+dwExportDirectory]
    mov     eax,[eax+0x24]          ;RVA of EOT
    add     eax,[ebp+dwKernelBase]  ;VA of EOT
    movzx   eax , word [ebx*2+eax]  ;eax now holds the ordinal of our function
    mov     ebx,[ebp+dwExportDirectory]
    mov     ebx,[ebx+0x1C]          ;RVA of EAT
    add     ebx,[ebp+dwKernelBase]  ;VA of EAT
    mov     ebx,[eax*4+ebx]
    add     ebx,[ebp+dwKernelBase]
    mov     eax,ebx

    pop     edi
    pop     esi
    pop     ebx
    ret
 
section '.data' data readable writeable

szTitle            db "Caption",0
szMsg              db "Text.",0
szUser32           db "User32.dll",0
AGetProcAddressA   dd 0
api_GetProcAddress db "GetProcAddress"
len_GetProcAddress dd $-api_GetProcAddress
ALoadLibraryA      dd 0
api_LoadLibrary    db "LoadLibraryA",0
AMessageBoxAA      dd 0
api_MessageBoxA    db "MessageBoxA",0
dwKernelBase       dd 0
dwExportDirectory  dd 0
    



Very Happy Very Happy Very Happy Very Happy

Yes,Yes,Yes
this is my want .

thank you Okami .

Can you say something about it?
Method for realizing this program .

_________________
I hope we will be good friends.
Post 16 Aug 2016, 01:59
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.