flat assembler
Message board for the users of flat assembler.

Index > Macroinstructions > Optimizing library/import macro

Author
Thread Post new topic Reply to topic
okasvi



Joined: 18 Aug 2005
Posts: 382
Location: Finland
okasvi
Tomasz, is it possible to modify import/library macros to do this:
Code:
format PE Console
entry $
        push    0
        call    [ExitProcess]
      krnl32:
        GetStdHandle    dd      RVA _GetStdHandle
        ExitProcess     dd      RVA _ExitProcess
        Sleep           dd      RVA _Sleep
        WriteConsole    dd      RVA _WriteConsole
                        dw      0
        _GetStdHandle   db      0,0,'GetStdHandle',0
      _krnl32           db      'kernel32'
        _ExitProcess    db      0,0,'ExitProcess'
        _Sleep          db      0,0,'Sleep'
        _WriteConsole   db      0,0,'WriteConsoleA',0

      user32:
        wsprintf        dd      RVA _wsprintf
        MessageBox      dd      RVA _MessageBox
                        dw      0
        _wsprintf       db      0,0,'wsprintfA',0
      _user32           db      'user32'
        _MessageBox     db      0,0,'MessageBoxA',0
      aapi32:
        RegCloseKey     dd      RVA _RegCloseKey
                        dw      0
        _RegCloseKey    db      0,0,'RegCloseKey',0
      _aapi32           db      'advapi32'
data import
        dd      0,0,0, RVA _krnl32, RVA krnl32
        dd      0,0,0, RVA _user32, RVA user32
        dd      0,0,0, RVA _aapi32, RVA aapi32
        dd      0,0,0,0,0
end data
dd $ - krnl32
db 'X' ;to make it easier to find size of imports    

instead of this:
Code:
format PE Console
entry $
        push    0
        call    [ExitProcess]
iat:
data import
        dd      0,0,0, RVA _krnl32, RVA krnl32
        dd      0,0,0, RVA _user32, RVA user32
        dd      0,0,0, RVA _aapi32, RVA aapi32
        dd      0,0,0,0,0

      krnl32:
        GetStdHandle    dd      RVA _GetStdHandle
        ExitProcess     dd      RVA _ExitProcess
        Sleep           dd      RVA _Sleep
        WriteConsole    dd      RVA _WriteConsole
                        dd      0
      _krnl32           db      'kernel32',0
        _GetStdHandle   db      0,0,'GetStdHandle',0
        _ExitProcess    db      0,0,'ExitProcess',0
        _Sleep          db      0,0,'Sleep',0
        _WriteConsole   db      0,0,'WriteConsoleA',0

      user32:
        wsprintf        dd      RVA _wsprintf
        MessageBox      dd      RVA _MessageBox
                        dd      0
      _user32           db      'user32',0
        _MessageBox     db      0,0,'MessageBoxA',0
        _wsprintf       db      0,0,'wsprintfA',0

      aapi32:
        RegCloseKey     dd      RVA _RegCloseKey
                        dd      0
      _aapi32           db      'advapi32',0
        _RegCloseKey    db      0,0,'RegCloseKey',0
end data
dd $ - iat
db 'X' ;to make it easier to find size of imports    


with these examples the differences isnt much, only like 30bytes(?), but with bigger import table it's easier to notice. Or would it be really useless for import macros and that I should continue building IAT manually?
edit: Or maybe you want to go by standard with macros on official fasm-package?

_________________
When We Ride On Our Enemies
support reverse smileys |:


Last edited by okasvi on 08 Sep 2006, 21:58; edited 1 time in total
Post 08 Sep 2006, 17:46
View user's profile Send private message MSN Messenger Reply with quote
RedGhost



Joined: 18 May 2005
Posts: 443
Location: BC, Canada
RedGhost
Binary size optimization is always good Very Happy

_________________
redghost.ca
Post 08 Sep 2006, 18:35
View user's profile Send private message AIM Address MSN Messenger Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
Code:
dd $ - krnl32 
db 'X' ;to make it easier to find size of imports    

you have this in header...

to your problem, try this:
Code:
include 'MACROS/apia/kernel32.inc'
data import
import kernel32, 'kernel32.dll'    

end data

it could be what you want. However i believe this is NOT proper method, all FirstThunks (but not OriginalFirstThunks) have to be located inside data import... i think it is to make it possibile for loader to load just needed part of executable. Why would we otherwise need data length in header?
Post 08 Sep 2006, 20:08
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
okasvi



Joined: 18 Aug 2005
Posts: 382
Location: Finland
okasvi
Code:
dd $ - krnl32 
db 'X' ;to make it easier to find size of imports    

this was for seeing the size of optimized IAT and original, thought, I forgot to put proper labels around normal IAT on later example.

Code:
include 'MACROS/apia/kernel32.inc'
data import
import kernel32, 'kernel32.dll'    


this quite not doesnt do the optimizations I've made... ie. after
Code:
WriteConsole    dd      RVA _WriteConsole    
I got dw 0 and orig. has dd 0, because I'm using first two bytes of this: []_GetStdHandle db 0,0,'GetStdHandle',0[/code] to complete the dword needed after krnl32 table and there is some others too Wink

I'll fix the labels for 'unoptimized' IAT so last dword of src shows size of IAT correctly

edit: fixed, btw. for those who doesnt spot it, my size savings rely on reordering to remove unnecessary zeros
Post 08 Sep 2006, 21:57
View user's profile Send private message MSN Messenger Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.