Index
> Windows > Using this api structure.... ???? |
| Author |
|
|
Vasilev Vjacheslav
Code: format pe gui 4.0 entry start include '%fasminc%\win32a.inc' section '.idata' data readable writeable szFlatHello db "hello",0 section '.udata' readable writeable hInstance dd ? hBlah dd ? section '.code' code readable executable start: mov eax,[ExitProcess] mov [hBlah],eax invoke GetModuleHandle,NULL mov [hInstance],eax invoke MessageBox,NULL,szFlatHello,NULL,NULL invoke ExitProcess,NULL section '.idata' import data readable writeable library kernel32,'kernel32.dll',\ user32,'user32.dll' include '%fasminc%\apia\kernel32.inc' include '%fasminc%\apia\user32.inc' ; eof |
|||
16 Sep 2005, 05:35 |
|
|
shism2
format PE GUI 4.0
;format PE CONSOLE ;======================================================================= ;======================================================================= entry start include '%fasminc%\win32a.inc' mov eax,[ExitProcess] mov [hBlah],eax invoke GetModuleHandle,NULL mov [hInstance],eax invoke MessageBox,NULL,flathello,NULL,NULL invoke ExitProcess,NULL ;+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ align 4 flathello db "Flat hello",0 ;+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ align 4 hInstance dd ? hBlah dd ? ;======================================================================= data import library kernel32,'KERNEL32.DLL',\ user32, 'USER32.DLL' import kernel32,\ ExitProcess,hBlah,\ GetModuleHandle,'GetModuleHandleA' import user32,\ MessageBox,'MessageBoxA' end data This is what I have so far... Im trying to use the object hBlah in the imports.. How could I do that? |
|||
|
16 Sep 2005, 06:03 |
|
|
shoorick
hi!
Quote:
ExitProcess will be used as label to dword, which will be filled with offset of function 'ExitProcess' in kernel32.dll with loader while loading. so, what do you wish? to get this offset while runtime is possible with: mov eax,[ExitProcess] then you can "invoke" it with push 0 call eax for example |
|||
|
16 Sep 2005, 08:01 |
|
|
shism2
No I wish this part
To Load hBlah into import kernel32,\ ExitProcess,'LOAD HBLAH INTO HERE',\ Is it possible to do this at runtime.. |
|||
|
16 Sep 2005, 18:52 |
|
|
coconut
dont think that will work if at assembly time hBlah isnt known - what will get written to IAT? what exactly do you want to do?
|
|||
|
16 Sep 2005, 19:00 |
|
|
shoorick
maybe you want to do this:
Code: ;======================================================================= include '%fasminc%\win32a.inc' ;======================================================================= section '.flat' code readable writeable executable entry $ mov eax,[ExitProcess] xchg eax,[MessageBox] mov [ExitProcess],eax invoke ExitProcess,0,flathello,0,0 invoke MessageBox,0 ;+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ align 4 flathello db "Flat hello",0 ;======================================================================= section '.idata' import data readable writeable library kernel32,'KERNEL32.DLL',\ user32, 'USER32.DLL' include '%fasminc%\apia\kernel32.inc' include '%fasminc%\apia\user32.inc' ;======================================================================= - this is working  _________________ UNICODE forever! |
|||
|
16 Sep 2005, 20:26 |
|
|
shism2
Thats unique shoorick and sort of like that
 ...
The hblah = exitprocess .... I was thinking of implementing sort of a crypted import table that gets decrypted ...But it seems that it can't use this 
Like lets say using this mov eax,[ExitProcess] mov [hBlah],eax invoke GetModuleHandle,NULL mov [hInstance],eax invoke MessageBox,NULL,flathello,NULL,NULL invoke ExitProcess,NULL ;+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ align 4 flathello db "Flat hello",0 ;+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ align 4 hInstance dd ? hBlah dd ? ;======================================================================= data import library kernel32,'KERNEL32.DLL',\ user32, 'USER32.DLL' import kernel32,\ ExitProcess,hBlah,\ GetModuleHandle,'GetModuleHandleA' import user32,\ MessageBox,'MessageBoxA' end data At runtime hblah which is encrypted gets decrypted and allows for the api calls to work...This is just an example TRYING to load 'ExitProcess' into hblah and having hblah in the import table be replaced with ExitProcess |
|||
|
16 Sep 2005, 20:38 |
|
|
Reverend
Imports don't work this way. They are pre-loaded before starting the main code
|
|||
|
16 Sep 2005, 21:40 |
|
|
shoorick
maybe you do not understand conception of import enough well:
1.import table exists exactly for normal placing offsets according to dll and function names by loader while loading. if you do not wish to show which functions you are using - hide their names anywhere you want and at runtime decode them and use loadlibrary: all hackers do this. 2.you can of course get once real offsets for functions, encrypt them, and then decrypt at runtime, but offsets can (will!) be differ on other system depending on version/sp/etc - so, this is commonly unusable. 3.if you do not plan to use import table so you do not need to create it at all - you can store offsets to functions wherever you want. Code: ;======================================================================= format PE GUI 4.0 ;format PE CONSOLE ;======================================================================= include '%fasminc%\win32a.inc' ;======================================================================= section '.flat' code import readable writeable executable ;----------------------------------------------------------------------- library kernel32,'KERNEL32.DLL' ;----------------------------------------------------------------------- import kernel32,\ ExitProcess,'ExitProcess',\ LoadLibrary,'LoadLibraryA',\ GetProcAddress,'GetProcAddress' ;----------------------------------------------------------------------- align 4 messagebox db 'MessageBoxA',0 align 4 MessageBox dd 0EBFEEBFEh user32 db 'user32.dll',0 ;----------------------------------------------------------------------- @@: entry $ invoke LoadLibrary,user32 invoke GetProcAddress,eax,messagebox mov [MessageBox],eax ;----------------------------------------------------------------------- invoke MessageBox,0,messagebox,user32,0 ;----------------------------------------------------------------------- invoke ExitProcess,0 ;======================================================================= _________________ UNICODE forever! |
|||
|
16 Sep 2005, 22:12 |
|
|
shoorick
this even more cool
:
Code: ;----------------------------------------------------------------------- align 4 messagebox db 'MessageBoxA',0 user32 db 'user32.dll',0 ;----------------------------------------------------------------------- entry $ MessageBox dd 0C18B02EBh invoke LoadLibrary,user32 invoke GetProcAddress,eax,messagebox mov [MessageBox],eax ;----------------------------------------------------------------------- invoke MessageBox,0,messagebox,user32,0 ;----------------------------------------------------------------------- |
|||
|
16 Sep 2005, 22:27 |
|
|
coconut
no need to define .flat section, fasm does it for you (and sets entry) if no section defined
|
|||
|
16 Sep 2005, 23:41 |
|
< Last Thread | Next Thread > |
Forum Rules:
|