flat assembler
Message board for the users of flat assembler.

Index > Windows > question for advanced windows programmers

Author
Thread Post new topic Reply to topic
at0mic



Joined: 09 Mar 2005
Posts: 12
at0mic
I can't get the pointer to data inside IMAGE_IMPORT_DIRECTORY
I explore its by PE STUDIO ,PE Editor and HEX WORKSHOP

and see this

Image

but as you see it is virtual-offset not real offset in file where it is just 600h

Image

any could help me with it, please ?

_________________
at0mic!
Post 11 Mar 2005, 15:37
View user's profile Send private message Reply with quote
pelaillo
Missing in inaction


Joined: 19 Jun 2003
Posts: 878
Location: Colombia
pelaillo
Actually, on your disk, the size of your section is 200h but windows will load your PE starting from virtual address 400000h and the size of your section becomes 1000h and needed relocations are calculated.

The 600h offset makes me guess that your import section is the third section on your PE file.
Post 11 Mar 2005, 15:56
View user's profile Send private message Yahoo Messenger Reply with quote
at0mic



Joined: 09 Mar 2005
Posts: 12
at0mic
You are right but how do you know ?

can't the sections be in 300h alignment instead of 200h ?


where can I get it , and why in some of porgramm virtual addres is equal fille offset ?

thanks a lot !

I found file alignment but still have no ide how to figure out the import data
Image

_________________
at0mic!
Post 11 Mar 2005, 16:39
View user's profile Send private message Reply with quote
Vasilev Vjacheslav



Joined: 11 Aug 2004
Posts: 392
Vasilev Vjacheslav
i think my code helps you

Code:
format pe gui 4.0
entry start

include '%fasminc%\win32a.inc'
include 'imagehdr.inc'

MAX_PATH                        = 260

macro   m2m     dest,src
{
        push    src
        pop     dest
}

section '.data' data readable writable

  szFilter              db "All Files",0,"*.*",0,0
  szTitle               db "Select file to delete",0

section '.udata' readable writeable

  hInstance             dd ?
  hFileHandle           dd ?
  hFileSize             dd ?
  hFileMap              dd ?
  hFileView             dd ?

  szFilePath            rb MAX_PATH

section '.code' code readable executable

  start:
        invoke  GetModuleHandle,NULL
        or      eax,eax
        jz      .exit_prog

        mov     [hInstance],eax

        stdcall _openfile,szFilePath
        or      eax,eax
        jz      .exit_prog

        invoke  CreateFile,szFilePath,GENERIC_READ,FILE_SHARE_READ,NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,NULL
        or      eax,eax
        jle     .exit_prog

        mov     [hFileHandle],eax
        invoke  GetFileSize,eax,NULL
        or      eax,eax
        jle     .close_exit

        invoke  CreateFileMapping,[hFileHandle],NULL,PAGE_READONLY,NULL,NULL,NULL
        or      eax,eax
        jz      .close_exit

        mov     [hFileMap],eax
        invoke  MapViewOfFile,eax,FILE_MAP_READ,NULL,NULL,NULL
        or      eax,eax
        jz      .unmap_exit

        mov     [hFileView],eax
        mov     edi,eax

        cmp     word [edi+IMAGE_DOS_HEADER.e_magic],"MZ"
        jnz     .unmap_exit

        mov     esi,[edi+IMAGE_DOS_HEADER.e_lfanew]
        add     esi,edi

        cmp     word [esi+IMAGE_NT_HEADERS.Signature],"PE"
        jnz     .unmap_exit

        mov     eax,dword [esi+IMAGE_NT_HEADERS.OptionalHeader.DataDirectory+8]

        stdcall _rvatova,[hFileView],eax
        add     eax,edi
        
        ; now eax contain import table descriptor

        invoke  UnmapViewOfFile,[hFileView]

  .unmap_exit:
        invoke  CloseHandle,[hFileMap]

  .close_exit:
        invoke  CloseHandle,[hFileHandle]

  .exit_prog:
        invoke  ExitProcess,NULL

  proc  _rvatova, lpFileView,lpRVA
        pushad
        mov     esi,[lpFileView]
        add     esi,[esi+IMAGE_DOS_HEADER.e_lfanew]
        mov     edi,[lpRVA]
        mov     edx,esi
        add     edx,sizeof.IMAGE_NT_HEADERS
        mov     cx,[esi+IMAGE_NT_HEADERS.FileHeader.NumberOfSections]
        movzx   ecx,cx

  .while_start:
        or      ecx,ecx
        jle     .endw

        cmp     [edx+IMAGE_SECTION_HEADER.VirtualAddress],edi
        ja      @F

        mov     eax,[edx+IMAGE_SECTION_HEADER.VirtualAddress]
        add     eax,[edx+IMAGE_SECTION_HEADER.SizeOfRawData]

        cmp     edi,eax
        jae     @F

        mov     eax,[edx+IMAGE_SECTION_HEADER.VirtualAddress]
        sub     edi,eax
        mov     eax,[edx++IMAGE_SECTION_HEADER.PointerToRawData]
        add     eax,edi
        jmp     .out

  @@:
        add     edx,sizeof.IMAGE_SECTION_HEADER
        dec     ecx
        jmp     .while_start

  .endw:
        xor     eax,eax

  .out:
        mov     [esp+28],eax
        popad
        return
  endp

  proc  _openfile, lpFileBuffer
        .ofn       OPENFILENAME

        enter
        lea     edi,[.ofn]
        stdcall _zeromem,edi,sizeof.OPENFILENAME

        mov     [edi+OPENFILENAME.lStructSize],sizeof.OPENFILENAME
        mov     [edi+OPENFILENAME.hwndOwner],HWND_DESKTOP
        m2m     [edi+OPENFILENAME.lpstrFile],[lpFileBuffer]
        mov     [edi+OPENFILENAME.nMaxFile],MAX_PATH
        mov     [edi+OPENFILENAME.lpstrFilter],szFilter
        mov     [edi+OPENFILENAME.nFilterIndex],1
        mov     [edi+OPENFILENAME.lpstrFileTitle],NULL
        mov     [edi+OPENFILENAME.nMaxFileTitle],NULL
        mov     [edi+OPENFILENAME.lpstrInitialDir],NULL
        mov     [edi+OPENFILENAME.Flags],OFN_EXPLORER+OFN_FILEMUSTEXIST+OFN_HIDEREADONLY
        mov     [edi+OPENFILENAME.lpstrTitle],szTitle
        invoke  GetOpenFileName,edi
        return
  endp

  proc _zeromem, var,size
        invoke  RtlZeroMemory,[var],[size]
        return
  endp

section '.idata' import data readable writeable

  library       kernel32,'kernel32.dll',\
                user32,'user32.dll',\
                comdlg32,'comdlg32.dll'

  include       '%fasminc%\apia\kernel32.inc'
  include       '%fasminc%\apia\user32.inc'
  include       '%fasminc%\apia\comdlg32.inc'

; eof
    

_________________
[not enough memory]
Post 11 Mar 2005, 19:06
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.