flat assembler
Message board for the users of flat assembler.

Index > Windows > Import a DLL by hand?

Goto page 1, 2  Next
Author
Thread Post new topic Reply to topic
SomeoneNew



Joined: 12 Aug 2006
Posts: 54
SomeoneNew 12 Aug 2006, 14:34
Hello guys,

How can I import a DLL by hand?
(Without using the Import macro)

I would like to call MessageBoxA From User32, do I have to call the DLL or can I use a LIB?


Also, how can I compile my project as a .LIB so I can later on Import in my programs under other languages. Also, how can I import a .LIB in FASM? when I use the 'Import' macro, is fasm importing from a LIB which then calls the DLL or how does it work?. Shocked

Thanks in the meantime Smile

_________________
Im new, sorry if I bothered with any stupid question Smile
Post 12 Aug 2006, 14:34
View user's profile Send private message Reply with quote
UCM



Joined: 25 Feb 2005
Posts: 285
Location: Canada
UCM 12 Aug 2006, 14:56
Hello, and welcome to the FASM board!

FASM does not use LIB files. The "import" macro imports functions directly from DLLs, and does no checking whether it actually exists within the DLL. Unfortunately, FASM is also incapable of producing LIB files as output, only plain DLLs.

(About your first question, search the message board for a topic called "Optimizing Hello World", there were manual imports there.)
Post 12 Aug 2006, 14:56
View user's profile Send private message Reply with quote
SomeoneNew



Joined: 12 Aug 2006
Posts: 54
SomeoneNew 12 Aug 2006, 16:39
Hi, thanks for the welcome and the answer as well!.

So you can not use a LIB in FASM, is this a linkers job?
How could I go on using a lib in FASM?
Or it is not possible?

I will look about those topics though
Post 12 Aug 2006, 16:39
View user's profile Send private message Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 8351
Location: Kraków, Poland
Tomasz Grysztar 12 Aug 2006, 17:50
SomeoneNew wrote:
So you can not use a LIB in FASM, is this a linkers job?

Exactly - you need a linker for this. And to make fasm generate the files that linkers can recognize, use the COFF or ELF output format (depending on what linker you decide to use).
Post 12 Aug 2006, 17:50
View user's profile Send private message Visit poster's website Reply with quote
SomeoneNew



Joined: 12 Aug 2006
Posts: 54
SomeoneNew 12 Aug 2006, 18:38
Tomasz, What linkers can I use that are Freeware?.
What are the pros and cons of COFF and ELF?.
Post 12 Aug 2006, 18:38
View user's profile Send private message Reply with quote
UCM



Joined: 25 Feb 2005
Posts: 285
Location: Canada
UCM 12 Aug 2006, 19:05
Provided with the MASM32 package, as well as the Microsoft Visual C++ Express Edition (dunno about EE packages), is an incremental linker "link.exe". Also, the "GoLink" linker is available for free from http://www.jorgon.freeserve.co.uk/ . Also, there is Alink ( http://alink.sourceforge.net/ ).
Post 12 Aug 2006, 19:05
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3175
Location: Denmark
f0dder 12 Aug 2006, 20:32
Licensing issues might keep you away from the Microsoft linker and the MASM32 package... I'd suggest looking into Pelle Orinious "polink" instead.
Post 12 Aug 2006, 20:32
View user's profile Send private message Visit poster's website Reply with quote
SomeoneNew



Joined: 12 Aug 2006
Posts: 54
SomeoneNew 13 Aug 2006, 08:50
Is it hard to write a linker if not??

I cant find polink anywhere but can i use POLINK for whatever i want without paying??
Post 13 Aug 2006, 08:50
View user's profile Send private message Reply with quote
polygon7



Joined: 14 Aug 2003
Posts: 62
Location: Poznan, Poland
polygon7 13 Aug 2006, 14:16
SomeoneNew wrote:
Is it hard to write a linker if not??

I think it is hard to write a linker.
SomeoneNew wrote:
I cant find polink anywhere but can i use POLINK for whatever i want without paying??

Look at Pelles C package.

_________________
best regards
p7
Post 13 Aug 2006, 14:16
View user's profile Send private message Visit poster's website Reply with quote
okasvi



Joined: 18 Aug 2005
Posts: 382
Location: Finland
okasvi 13 Aug 2006, 14:55
more for first question;
You can use LoadLibraryA/GetProcAddress for using dlls more dynamically.
Post 13 Aug 2006, 14:55
View user's profile Send private message MSN Messenger Reply with quote
UCM



Joined: 25 Feb 2005
Posts: 285
Location: Canada
UCM 13 Aug 2006, 16:55
But you need to import LoadLibrary and GetProcAddress Razz
Post 13 Aug 2006, 16:55
View user's profile Send private message Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 13 Aug 2006, 18:51
if you really want to have some gain from using these, then you should also use UnloadLibrary
Post 13 Aug 2006, 18:51
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
daluca



Joined: 05 Nov 2005
Posts: 86
daluca 14 Aug 2006, 06:03
i remember that there is a way to calculate the entry point of
LoadLibraryA/GetProcAddress but y don't remember where i readed
can someone give a link or some hint?
Post 14 Aug 2006, 06:03
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3175
Location: Denmark
f0dder 14 Aug 2006, 09:52
You can depend on a couple of undocumented things to get the kernel32 base address, then manually scan it's export table. Your own GetProcAddress needs to, at the very minimum, support forwarded exports and ordinals; it really should also do binary search and bound imports, unless you want it to be slower than the regular GetProcAddress.

Also note that you must have at least one import that ends up importing from kernel32 if you want your executable to run on all windows versions.
Post 14 Aug 2006, 09:52
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 14 Aug 2006, 11:19
you could search entire memory for export table exporting "GetProcAddress", this is slow, but could be very reliable way...
Post 14 Aug 2006, 11:19
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
Xanfa



Joined: 03 Aug 2006
Posts: 29
Xanfa 14 Aug 2006, 13:03
Hi, I do this for whatever I want in Kernel32.dll:

When your program start, the dword pointed by esp (dword [esp]) is an address in kernel.dll file. Need some knowlege about PE file format can help you import by hand. Look at this code:

;program start
mov eax,[esp]
and eax,0xFFFFF000
mov ecx,0x100
_loop_:
mov bx,word [eax]
cmp bx,word 'MZ'
je may_be_kernel_base
_next_:
dec eax,0x1000 ; section alignment
loop _loop_

Cant_found_kernel:
;when you here, you were fail, so should return to system

may_be_kernel_base:
mov ebx,[eax+0x3C]
add ebx,eax
cmp word[ebx],'PE'
jne _next_

Ok_kernel_base_now_in_eax:
;Here you had kernel base address in eax
;Please check PE format to find out the Export section
;You can search for function's name, or only LoadLibrary,UnloadLibrary
;and GetProcAddress


Oh this is wrote from my memory, may be have error in it. But this only a suggestion !
Goodluck everybody !
Post 14 Aug 2006, 13:03
View user's profile Send private message Yahoo Messenger Reply with quote
Xanfa



Joined: 03 Aug 2006
Posts: 29
Xanfa 14 Aug 2006, 13:08
For Masm32 package: www.masm32.com
For golink: www.download.int3.net
Post 14 Aug 2006, 13:08
View user's profile Send private message Yahoo Messenger Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3175
Location: Denmark
f0dder 14 Aug 2006, 14:43
vid wrote:
you could search entire memory for export table exporting "GetProcAddress", this is slow, but could be very reliable way...

Negative. It might end up crashing because of page permissions or memory holes - so at least needs SEH. Would be more reliable to use the dword-at-ESP-at-program-startup method, even if it's not guaranteed this will keep working.

_________________
Image - carpe noctem
Post 14 Aug 2006, 14:43
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid 14 Aug 2006, 15:29
of course that with SEH....
Post 14 Aug 2006, 15:29
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
RedGhost



Joined: 18 May 2005
Posts: 443
Location: BC, Canada
RedGhost 14 Aug 2006, 18:11
You people are crazy.

Look in the PEB for the kernel32 base, from there you can enumerate the EAT. kernel32.dll is always loaded by a PE. kernel32.dll handle will always be in PEB. If there is an EAT it will always be in the PE header, which you can successfully navigate from the module handle which is the base address.

Code:
getkernel32base:
mov eax, [fs:0x30]  ;PEB
mov eax, [eax+0x0C]
mov esi, [eax+0x1C]
lodsd
mov eax, [eax+0x08]
ret
    


You can do the same for ntdll.dll and etc. Very easy way to have an empty IAT without the need of some packer (be careful on win2k with this, you need atleast 1 valid import).

I also recommend POLINK.

_________________
redghost.ca
Post 14 Aug 2006, 18:11
View user's profile Send private message AIM Address MSN Messenger Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page 1, 2  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.