flat assembler
Message board for the users of flat assembler.
Index
> Windows > Import a DLL by hand? Goto page 1, 2 Next |
Author |
|
UCM 12 Aug 2006, 14:56
Hello, and welcome to the FASM board!
FASM does not use LIB files. The "import" macro imports functions directly from DLLs, and does no checking whether it actually exists within the DLL. Unfortunately, FASM is also incapable of producing LIB files as output, only plain DLLs. (About your first question, search the message board for a topic called "Optimizing Hello World", there were manual imports there.) |
|||
12 Aug 2006, 14:56 |
|
SomeoneNew 12 Aug 2006, 16:39
Hi, thanks for the welcome and the answer as well!.
So you can not use a LIB in FASM, is this a linkers job? How could I go on using a lib in FASM? Or it is not possible? I will look about those topics though |
|||
12 Aug 2006, 16:39 |
|
Tomasz Grysztar 12 Aug 2006, 17:50
SomeoneNew wrote: So you can not use a LIB in FASM, is this a linkers job? Exactly - you need a linker for this. And to make fasm generate the files that linkers can recognize, use the COFF or ELF output format (depending on what linker you decide to use). |
|||
12 Aug 2006, 17:50 |
|
SomeoneNew 12 Aug 2006, 18:38
Tomasz, What linkers can I use that are Freeware?.
What are the pros and cons of COFF and ELF?. |
|||
12 Aug 2006, 18:38 |
|
UCM 12 Aug 2006, 19:05
Provided with the MASM32 package, as well as the Microsoft Visual C++ Express Edition (dunno about EE packages), is an incremental linker "link.exe". Also, the "GoLink" linker is available for free from http://www.jorgon.freeserve.co.uk/ . Also, there is Alink ( http://alink.sourceforge.net/ ).
|
|||
12 Aug 2006, 19:05 |
|
f0dder 12 Aug 2006, 20:32
Licensing issues might keep you away from the Microsoft linker and the MASM32 package... I'd suggest looking into Pelle Orinious "polink" instead.
|
|||
12 Aug 2006, 20:32 |
|
SomeoneNew 13 Aug 2006, 08:50
Is it hard to write a linker if not??
I cant find polink anywhere but can i use POLINK for whatever i want without paying?? |
|||
13 Aug 2006, 08:50 |
|
polygon7 13 Aug 2006, 14:16
SomeoneNew wrote: Is it hard to write a linker if not?? I think it is hard to write a linker. SomeoneNew wrote: I cant find polink anywhere but can i use POLINK for whatever i want without paying?? Look at Pelles C package. _________________ best regards p7 |
|||
13 Aug 2006, 14:16 |
|
okasvi 13 Aug 2006, 14:55
more for first question;
You can use LoadLibraryA/GetProcAddress for using dlls more dynamically. |
|||
13 Aug 2006, 14:55 |
|
UCM 13 Aug 2006, 16:55
But you need to import LoadLibrary and GetProcAddress
|
|||
13 Aug 2006, 16:55 |
|
vid 13 Aug 2006, 18:51
if you really want to have some gain from using these, then you should also use UnloadLibrary
|
|||
13 Aug 2006, 18:51 |
|
daluca 14 Aug 2006, 06:03
i remember that there is a way to calculate the entry point of
LoadLibraryA/GetProcAddress but y don't remember where i readed can someone give a link or some hint? |
|||
14 Aug 2006, 06:03 |
|
f0dder 14 Aug 2006, 09:52
You can depend on a couple of undocumented things to get the kernel32 base address, then manually scan it's export table. Your own GetProcAddress needs to, at the very minimum, support forwarded exports and ordinals; it really should also do binary search and bound imports, unless you want it to be slower than the regular GetProcAddress.
Also note that you must have at least one import that ends up importing from kernel32 if you want your executable to run on all windows versions. |
|||
14 Aug 2006, 09:52 |
|
vid 14 Aug 2006, 11:19
you could search entire memory for export table exporting "GetProcAddress", this is slow, but could be very reliable way...
|
|||
14 Aug 2006, 11:19 |
|
Xanfa 14 Aug 2006, 13:03
Hi, I do this for whatever I want in Kernel32.dll:
When your program start, the dword pointed by esp (dword [esp]) is an address in kernel.dll file. Need some knowlege about PE file format can help you import by hand. Look at this code: ;program start mov eax,[esp] and eax,0xFFFFF000 mov ecx,0x100 _loop_: mov bx,word [eax] cmp bx,word 'MZ' je may_be_kernel_base _next_: dec eax,0x1000 ; section alignment loop _loop_ Cant_found_kernel: ;when you here, you were fail, so should return to system may_be_kernel_base: mov ebx,[eax+0x3C] add ebx,eax cmp word[ebx],'PE' jne _next_ Ok_kernel_base_now_in_eax: ;Here you had kernel base address in eax ;Please check PE format to find out the Export section ;You can search for function's name, or only LoadLibrary,UnloadLibrary ;and GetProcAddress Oh this is wrote from my memory, may be have error in it. But this only a suggestion ! Goodluck everybody ! |
|||
14 Aug 2006, 13:03 |
|
Xanfa 14 Aug 2006, 13:08
|
|||
14 Aug 2006, 13:08 |
|
f0dder 14 Aug 2006, 14:43
vid wrote: you could search entire memory for export table exporting "GetProcAddress", this is slow, but could be very reliable way... Negative. It might end up crashing because of page permissions or memory holes - so at least needs SEH. Would be more reliable to use the dword-at-ESP-at-program-startup method, even if it's not guaranteed this will keep working. _________________ - carpe noctem |
|||
14 Aug 2006, 14:43 |
|
vid 14 Aug 2006, 15:29
of course that with SEH....
|
|||
14 Aug 2006, 15:29 |
|
RedGhost 14 Aug 2006, 18:11
You people are crazy.
Look in the PEB for the kernel32 base, from there you can enumerate the EAT. kernel32.dll is always loaded by a PE. kernel32.dll handle will always be in PEB. If there is an EAT it will always be in the PE header, which you can successfully navigate from the module handle which is the base address. Code: getkernel32base: mov eax, [fs:0x30] ;PEB mov eax, [eax+0x0C] mov esi, [eax+0x1C] lodsd mov eax, [eax+0x08] ret You can do the same for ntdll.dll and etc. Very easy way to have an empty IAT without the need of some packer (be careful on win2k with this, you need atleast 1 valid import). I also recommend POLINK. _________________ redghost.ca |
|||
14 Aug 2006, 18:11 |
|
Goto page 1, 2 Next < Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.