flat assembler
Message board for the users of flat assembler.

Index > Windows > Windows Includes - The Final Solution:

Author
Thread Post new topic Reply to topic
bitRAKE



Joined: 21 Jul 2003
Posts: 4024
Location: vpcmpistri
bitRAKE 24 Apr 2021, 00:28
https://github.com/microsoft/win32metadata

When I first learnt about this project I was quite frustrated because I had been working on some automation to grok Windows APIs; and it was clear this project was positioned to stomp on my face. Additionally, I have basically steered clear of DotNet for years, and didn't want to do anything with it.

Because this effort aggregates work from many programming communities, I believe it should become the canonical standard for anyone wishing to interoperate with the Windows API. I've began working on a tool to create projections for fasmg from the .winmd files. It also has the added benefit of dropping a lot of legacy definitions. (Although there is talk about adding deprecated interfaces so they wouldn't be completely abandoned.)

I would go as far as to say that any interface which wants to work on Windows should produce a .winmd file for programmers. All the languages with tools connecting to this project instantly gain use of these interfaces - not just the Win32 API.

Although the .winmd files use the CLI metadata to define interfaces, it's not specifically biased to DotNet, imho. DotNet languages still need to produce projections for those language rather than use .winmd files directly through reflection.

Other programming tools can also benefit from the .winmd files: editors, language servers, linters, etc.

ECMA-335 is a wordy spec with errors, but my file reader is progressing nicely. Is anyone else interested in this to maybe produce includes for fasm1?


To check on other projects using the metadata:
https://github.com/microsoft/win32metadata/blob/master/docs/projections.md
https://github.com/microsoft/win32metadata/network/dependents
https://github.com/microsoft/win32metadata/network

_________________
¯\(°_o)/¯ “languages are not safe - uses can be” Bjarne Stroustrup


Last edited by bitRAKE on 24 Apr 2021, 14:40; edited 1 time in total
Post 24 Apr 2021, 00:28
View user's profile Send private message Visit poster's website Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 4024
Location: vpcmpistri
bitRAKE 24 Apr 2021, 11:41
Here is the front-end .winmd reader. It has been created to follow the spec as closely as possible with no assumption regarding the projections being produced. This is important because the parent project is so new and changing.

A quick example of accessing the tables is like:
Code:
display 10,'Debug (TypeRef Table):',10
repeat rows.TypeRef
        Read.TypeRef R,(%-1)

        match any,R.Scope
        repeat 1,a:R.TypeName,b:R.TypeNamespace,c:R.ScopeIndex
                display 9,'TypeName: ',R.TypeNameString,' (',`a,')',10
                display 9,'TypeNamespace: ',R.TypeNamespaceString,' (',`b,')',10
                display 9,'Scope: ',`any,' (',`c,')',10,10
        end repeat
        end match
end repeat    
There is one error I have not resolved, but I just made note of it and continue moving forward ...
Code:
caution: stream_tables size mismatch in virtualization.
(7141122 not 7141124, respectively)    
My model of the table array is two bytes larger than the file data.

Only the .winmd file is needed to use this. There are some in /Baseline, no need to have Visual Studio or build the parent project.


Description: .winmd Reader
Download
Filename: winmd.zip
Filesize: 12.56 KB
Downloaded: 388 Time(s)


_________________
¯\(°_o)/¯ “languages are not safe - uses can be” Bjarne Stroustrup
Post 24 Apr 2021, 11:41
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20303
Location: In your JS exploiting you and your system
revolution 24 Apr 2021, 13:15
bitRAKE wrote:
It also has the added benefit of dropping a lot of legacy definitions.
For me this "benefit" is a huge negative.

I don't like the idea of of forcing all new code to force users to use the latest and worst versions of Windows.

It should be the programmers job to write for the user. Not the job of the user to change their system to suit the whims of the programmers. IMO Cool
Post 24 Apr 2021, 13:15
View user's profile Send private message Visit poster's website Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 4024
Location: vpcmpistri
bitRAKE 24 Apr 2021, 14:35
revolution wrote:
I don't like the idea of of forcing all new code to force users to use the latest and worst versions of Windows.

It should be the programmers job to write for the user. Not the job of the user to change their system to suit the whims of the programmers. IMO Cool
That's a silly concept. Who the user is changes based on what scale you are viewing the system at. To say someone is forcing changes to anyone else is a false duality.

If a user wants legacy Windows then a .winmd can be produced for that, and programmers can still use modern tools. It's not an either/or option.

Clearly I'm writing for the future which no doubt will include some legacy stuff.

_________________
¯\(°_o)/¯ “languages are not safe - uses can be” Bjarne Stroustrup
Post 24 Apr 2021, 14:35
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20303
Location: In your JS exploiting you and your system
revolution 24 Apr 2021, 19:29
Maybe we are talking about different things?

If you drop support for legacy than all your generated code will force users to "upgrade" if they need to run it.

Example: fasmw still runs on Win95. There is no need to change that. But if you say no to legacy and start using all the new shiny APis "for performance" or "for security" or "to satisfy google ranking" then all users will be required to update to the latest privacy killing Win10. And for what? The only winner is MS. Everyone else loses.
Post 24 Apr 2021, 19:29
View user's profile Send private message Visit poster's website Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 4024
Location: vpcmpistri
bitRAKE 24 Apr 2021, 20:25
You grabbed a fragment of a sentence to change the topic.
https://board.flatassembler.net/topic.php?t=17713

I'm talking about the topic of this post.

fasmg runs on Win95, too. So, if you have an interest in this topic then running Win95 is not a hindrance. Yet, if your only interesting is in fasmw and Win95 then I wonder why you'd be interested in this topic? This topic is about a language neutral representation of the Windows API, and projections to custom languages.

_________________
¯\(°_o)/¯ “languages are not safe - uses can be” Bjarne Stroustrup


Last edited by bitRAKE on 03 May 2021, 18:18; edited 1 time in total
Post 24 Apr 2021, 20:25
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20303
Location: In your JS exploiting you and your system
revolution 24 Apr 2021, 21:01
But your "language neutral representation of the Windows API" won't have legacy definitions. Hence the problem. It becomes more like "language neutral representation of only the latest Windows APIs".
Post 24 Apr 2021, 21:01
View user's profile Send private message Visit poster's website Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 4024
Location: vpcmpistri
bitRAKE 24 Apr 2021, 21:48
It's true that the finer details of the project are difficult to know without digging deeper. MS doesn't have an internal database of APIs - the source code is the last word in documentation - has been that way all along. So, the internal tools scrape source and object files to discover as much as possible. This is augmented by hand-tuning.

The internal tools can be applied more generally and there will be multiple .winmd files. The project is only a couple months old and it's bucking the tread at MS, so maybe it will die - who knows? I just see it much more differently than the surface understanding. Seems like other people do, too.

(This might be because I was doing a similar thing when I came across this.)

_________________
¯\(°_o)/¯ “languages are not safe - uses can be” Bjarne Stroustrup


Last edited by bitRAKE on 03 May 2021, 18:17; edited 1 time in total
Post 24 Apr 2021, 21:48
View user's profile Send private message Visit poster's website Reply with quote
ProMiNick



Joined: 24 Mar 2012
Posts: 798
Location: Russian Federation, Sochi
ProMiNick 24 Apr 2021, 23:39
latest windows api always could be passed via delay import, not one windows provide, but own implementation.
look this:
Code:
; Example of making 32-bit PE program as raw code and data

format PE GUI
entry start

include 'win32a.inc'

section '.text' code readable executable

virtual at 0
        dd custldr
end virtual

customloader:
        invoke  LoadLibrary,delaykernel32.%name
        test    eax,eax
        jz      .fail
        mov     edx,[ExitProcess+(delaykernel32.lookup-delaykernel32.address)]
        add     edx,2+$-rva $
        ;mov     edx,_test
        invoke  GetProcAddress,eax,edx
        test    eax,eax
        jnz     .ret
      .fail:
        dec     eax
      .ret:
        mov     [ExitProcess],eax
        ret


  start:
      .testExit:
        cmp     [ExitProcess],0
        jg      .callExit
        js      .couldntrunExit
        call    customloader
        jmp     .testExit
      .couldntrunExit:
        invoke  MessageBox,0,_message1,_caption,0
        ret
      .callExit:
        invoke  MessageBox,0,_message2,_caption,0
        invoke  ExitProcess,0


section '.data' data readable writeable

  _caption db 'Win32 assembly program',0
  _message1 db 'Inalid kernel32 delay lookup',0
  _message2 db 'Valid kernel32 delay lookup',0

section '.idata' import data readable writeable

        library kernel32,'KERNEL32.DLL',\
                delaykernel32,kernel32,\
                user32,'USER32.DLL',\
                pedemo,''


  include 'os_specs/windows/api/x86/kernel32.inc'
  include 'os_specs/windows/api/x86/user32.inc'

        customimport delaykernel32,ExitProcess,'ExitProcessDD';customimport delaykernel32,ExitProcess,'ExitProcess'

        customimport  pedemo,custldr,'customloader'

section '.reloc' fixups data readable discardable       ; needed for Win32s
    

in addition to
Code:
; Macroinstructions for making import section

macro library [name,string]
 { common
    import.data:
   forward
    if defined name#.address
     if name#.address-name#.lookup
      dd RVA name#.lookup,0,0,RVA name#.%name,RVA name#.address
     end if
    end if
    name#.referred = 1
   common
    dd 0,0,0,0,0
   forward
    if defined name#.address
     if name#.address-name#.lookup
      if string eqtype ''
       name#.%name db string,0
       rb RVA $ and 1
      else
       name#.%name = string#.%name
      end if
     end if
    end if }

macro import name,[label,string]
 { common
    rb (- rva $) and 3
    if defined name#.referred
     name#.lookup:
   forward
     if used label
      if ~ defined delayed.#label
       if string eqtype ''
        local _label
        dd RVA _label
       else
        dd 80000000h + string
       end if
      end if
     end if
   common
     if $ > name#.lookup
      dd 0
     end if
     name#.address:
   forward
     if used label
      if ~ defined delayed.#label
       if string eqtype ''
        label dd RVA _label
       else
        label dd 80000000h + string
       end if
      end if
     end if
   common
     if $ > name#.address
      dd 0
     end if
   forward
     if used label & string eqtype ''
      _label dw 0
      db string,0
      rb RVA $ and 1
     end if
   common
    end if
    if defined import_extension
     extend_import label
    end if   }     

this
Code:
macro customimport name,[label,string]
 { common
    rb (- rva $) and 3
    if defined name#.referred
     name#.lookup:
   forward
     if (label eqtype [*]) | used label
      if string eqtype ''
       local _label
       dd RVA _label
      else
       dd 80000000h + string
      end if
     end if
   common
     if $ > name#.lookup
      dd 0
     end if
     name#.address:
   forward
     if label eqtype [*]
      dd 0
     else
      if used label
       delayed.#label:
       if ~definite label
        label dd 0
       end if
      end if
     end if
   common
     if $ > name#.address
      dd 0
     end if
   forward
     if ((label eqtype [*]) | used label) & string eqtype ''
      _label dw 0
      db string,0
      rb RVA $ and 1
     end if
   common
    end if }         

and because my build environment specific (universal version compilable with any assembler in any environment):
Code:
db $4D,$5A,$80,$00,$01,$00,$00,$00,$04,$00,$10,$00,$FF,$FF,$00,$00
db $40,$01,$00,$00,$00,$00,$00,$00,$40,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$80,$00,$00,$00
db $0E,$1F,$BA,$0E,$00,$B4,$09,$CD,$21,$B8,$01,$4C,$CD,$21,$54,$68
db $69,$73,$20,$70,$72,$6F,$67,$72,$61,$6D,$20,$63,$61,$6E,$6E,$6F
db $74,$20,$62,$65,$20,$72,$75,$6E,$20,$69,$6E,$20,$44,$4F,$53,$20
db $6D,$6F,$64,$65,$2E,$0D,$0A,$24,$00,$00,$00,$00,$00,$00,$00,$00
db $50,$45,$00,$00,$4C,$01,$04,$00,$AA,$A2,$84,$60,$00,$00,$00,$00
db $00,$00,$00,$00,$E0,$00,$0E,$01,$0B,$01,$01,$49,$00,$02,$00,$00
db $00,$06,$00,$00,$00,$00,$00,$00,$2E,$10,$00,$00,$00,$10,$00,$00
db $00,$20,$00,$00,$00,$00,$40,$00,$00,$10,$00,$00,$00,$02,$00,$00
db $01,$00,$00,$00,$00,$00,$00,$00,$03,$00,$0A,$00,$00,$00,$00,$00
db $00,$50,$00,$00,$00,$04,$00,$00,$E3,$BB,$00,$00,$02,$00,$40,$00
db $00,$10,$00,$00,$00,$10,$00,$00,$00,$00,$01,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$10,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$30,$00,$00,$28,$01,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$40,$00,$00,$24,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$2E,$74,$65,$78,$74,$00,$00,$00
db $71,$00,$00,$00,$00,$10,$00,$00,$00,$02,$00,$00,$00,$04,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$20,$00,$00,$60
db $2E,$64,$61,$74,$61,$00,$00,$00,$50,$00,$00,$00,$00,$20,$00,$00
db $00,$02,$00,$00,$00,$06,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$40,$00,$00,$C0,$2E,$69,$64,$61,$74,$61,$00,$00
db $28,$01,$00,$00,$00,$30,$00,$00,$00,$02,$00,$00,$00,$08,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$40,$00,$00,$C0
db $2E,$72,$65,$6C,$6F,$63,$00,$00,$24,$00,$00,$00,$00,$40,$00,$00
db $00,$02,$00,$00,$00,$0A,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$40,$00,$00,$42,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $68,$64,$30,$40,$00,$FF,$15,$90,$30,$40,$00,$85,$C0,$74,$18,$8B
db $15,$E8,$30,$40,$00,$81,$C2,$02,$00,$40,$00,$52,$50,$FF,$15,$8C
db $30,$40,$00,$85,$C0,$75,$01,$48,$A3,$F0,$30,$40,$00,$C3,$83,$3D
db $F0,$30,$40,$00,$00,$7F,$1E,$78,$07,$E8,$C2,$FF,$FF,$FF,$EB,$EE
db $6A,$00,$68,$00,$20,$40,$00,$68,$17,$20,$40,$00,$6A,$00,$FF,$15
db $D0,$30,$40,$00,$C3,$6A,$00,$68,$00,$20,$40,$00,$68,$34,$20,$40
db $00,$6A,$00,$FF,$15,$D0,$30,$40,$00,$6A,$00,$FF,$15,$F0,$30,$40
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $57,$69,$6E,$33,$32,$20,$61,$73,$73,$65,$6D,$62,$6C,$79,$20,$70
db $72,$6F,$67,$72,$61,$6D,$00,$49,$6E,$61,$6C,$69,$64,$20,$6B,$65
db $72,$6E,$65,$6C,$33,$32,$20,$64,$65,$6C,$61,$79,$20,$6C,$6F,$6F
db $6B,$75,$70,$00,$56,$61,$6C,$69,$64,$20,$6B,$65,$72,$6E,$65,$6C
db $33,$32,$20,$64,$65,$6C,$61,$79,$20,$6C,$6F,$6F,$6B,$75,$70,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $80,$30,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$64,$30,$00,$00
db $8C,$30,$00,$00,$E8,$30,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $64,$30,$00,$00,$F0,$30,$00,$00,$C8,$30,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$72,$30,$00,$00,$D0,$30,$00,$00,$08,$31,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$7E,$30,$00,$00,$10,$31,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$4B,$45,$52,$4E,$45,$4C,$33,$32,$2E,$44,$4C,$4C
db $00,$00,$55,$53,$45,$52,$33,$32,$2E,$44,$4C,$4C,$00,$00,$00,$00
db $A6,$30,$00,$00,$B8,$30,$00,$00,$00,$00,$00,$00,$A6,$30,$00,$00
db $B8,$30,$00,$00,$00,$00,$00,$00,$00,$00,$45,$78,$69,$74,$50,$72
db $6F,$63,$65,$73,$73,$00,$00,$00,$47,$65,$74,$50,$72,$6F,$63,$41
db $64,$64,$72,$65,$73,$73,$00,$00,$00,$00,$4C,$6F,$61,$64,$4C,$69
db $62,$72,$61,$72,$79,$41,$00,$00,$D8,$30,$00,$00,$00,$00,$00,$00
db $D8,$30,$00,$00,$00,$00,$00,$00,$00,$00,$4D,$65,$73,$73,$61,$67
db $65,$42,$6F,$78,$41,$00,$00,$00,$F8,$30,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$45,$78,$69,$74,$50,$72
db $6F,$63,$65,$73,$73,$44,$44,$00,$18,$31,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$63,$75,$73,$74,$6F,$6D
db $6C,$6F,$61,$64,$65,$72,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$10,$00,$00,$24,$00,$00,$00,$01,$30,$07,$30,$11,$30,$17,$30
db $1F,$30,$29,$30,$30,$30,$43,$30,$48,$30,$50,$30,$58,$30,$5D,$30
db $65,$30,$6D,$30,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00
db $00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00,$00    

as result program has importsthat are not exist in current OS version but PE is succesfully executed in every windows version.
customimport has few differences (name#.address - table of zeroes) from import that makes import not required and delayable.
New functional is always good but it should be in delay import with manual LoadLibrary & GetProcAddress and not in one MS provided.
Post 24 Apr 2021, 23:39
View user's profile Send private message Send e-mail Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.