flat assembler
Message board for the users of flat assembler.

Index > Windows > Import a DLL by hand?

Goto page Previous  1, 2
Author
Thread Post new topic Reply to topic
f0dder



Joined: 19 Feb 2004
Posts: 3175
Location: Denmark
f0dder 15 Aug 2006, 11:07
RedGhost: you just lost Win9x support there - that does matter to a few people.

Also, "be careful on win2k with this, you need atleast 1 valid import" is actually incorrect. What you need is at least one import either from kernel32, or that ends up importing from kernel32. Ie, importing something from "dummy.dll" is not enough, but importing GDI32:Arc (shortest import possible?) works, since GDI32 imports from KERNEL32...
Post 15 Aug 2006, 11:07
View user's profile Send private message Visit poster's website Reply with quote
RedGhost



Joined: 18 May 2005
Posts: 443
Location: BC, Canada
RedGhost 15 Aug 2006, 12:37
f0dder wrote:
RedGhost: you just lost Win9x support there - that does matter to a few people.

Also, "be careful on win2k with this, you need atleast 1 valid import" is actually incorrect. What you need is at least one import either from kernel32, or that ends up importing from kernel32. Ie, importing something from "dummy.dll" is not enough, but importing GDI32:Arc (shortest import possible?) works, since GDI32 imports from KERNEL32...


I thought it was kernel32.dll or ntdll.dll which I was implying, thanks for correcting me.

It is exactly the same for Win9x but the location in PEB is a bit different, someone on this forum posted a code solution for it Smile

_________________
redghost.ca
Post 15 Aug 2006, 12:37
View user's profile Send private message AIM Address MSN Messenger Reply with quote
Xanfa



Joined: 03 Aug 2006
Posts: 29
Xanfa 15 Aug 2006, 12:44
Never heard about PEB before ! Can you explain more ?
Post 15 Aug 2006, 12:44
View user's profile Send private message Yahoo Messenger Reply with quote
karl



Joined: 07 Feb 2006
Posts: 63
Location: South Africa
karl 15 Aug 2006, 21:39
Process Environment Block

check structure here :
http://undocumented.ntinternals.net/UserMode/Undocumented%20Functions/NT%20Objects/Process/PEB.html

"Structure PEB (Process Enviroment Block) contains all User-Mode parameters associated by system with current process. "
Post 15 Aug 2006, 21:39
View user's profile Send private message Reply with quote
karl



Joined: 07 Feb 2006
Posts: 63
Location: South Africa
karl 15 Aug 2006, 21:44
ooo, found wonderful information here:
http://www.microsoft.com/mspress/books/sampchap/4354.asp

sample of the awesome Inside Windows book. search for Figure 6-4
Post 15 Aug 2006, 21:44
View user's profile Send private message Reply with quote
karl



Joined: 07 Feb 2006
Posts: 63
Location: South Africa
karl 23 Aug 2006, 13:15
i've been trying to import without macros for a while. you can write out the .exe manually (search for manual .exe in windows forum) but now i see you can do it how tomasz does it:

Code:
format PE
entry start

start:
push 0
push caption
push message
push 0
call [MessageBox]
push 0
call [ExitProcess]

caption db 'warning',0
message db 'you are importing without a macro',0

section '.idata' import data readable writeable

  dd 0,0,0,rva kernel_name,rva kernel_table
  dd 0,0,0,rva user32_name,rva user32_table
  dd 0,0,0,0,0

  kernel_table:
    ExitProcess dd rva _ExitProcess
    dd 0
  
  user32_table:
    MessageBox dd rva _MessageBox
    dd 0
    
  kernel_name db 'KERNEL32.DLL',0
  user32_name db 'USER32.DLL',0
  
  _ExitProcess dw 0
    db 'ExitProcess',0
  _MessageBox dw 0
    db 'MessageBoxA',0
    


pretty cool, huh?
Post 23 Aug 2006, 13:15
View user's profile Send private message Reply with quote
karl



Joined: 07 Feb 2006
Posts: 63
Location: South Africa
karl 23 Aug 2006, 14:44
first line should be 'format PE gui' Smile
Post 23 Aug 2006, 14:44
View user's profile Send private message Reply with quote
karl



Joined: 07 Feb 2006
Posts: 63
Location: South Africa
karl 23 Aug 2006, 14:45
first line should be 'format PE gui' Smile
Post 23 Aug 2006, 14:45
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.