flat assembler
Message board for the users of flat assembler.
Index
> Projects and Ideas > hash importer Goto page Previous 1, 2 |
Author |
|
hidden 06 Mar 2007, 16:05
vid wrote: hidden: so, if once there will be some collision, how will your app beheave? vid wrote: hidden: noticed another thing... you are forgetting to check return values from API calls. You must check description of every API call you use if it can return error, and check that error. vid wrote: In case error is returned, release all resources you have taken (free memory, close files), write error message and quit. It bring up error message only when program calls to not imported function. |
|||
06 Mar 2007, 16:05 |
|
vid 06 Mar 2007, 16:47
hidden wrote:
what happens in case of collision? Quote: It bring up error message only when program calls to not imported function. I think "importer" should return error in this case, and caller should check this error after calling importer. Also you should error some kind of error code, prefereably Windows error codes. Having single error message for any kind of error is not enough. Is method used in your "GetKernel" procedure documented? Or at least reliably working on all windowses? Finally, you should add more error checking during findings procs (is it MZ? is it PE? does it have exports? Is ordinal in range? Does RVAs point into file?), and it will be nice project. PS: Code: virtual at $ proc dd ? end virtual this can be better written as Code: label proc dword PS2: You should warn users somewhere in docs, that hashes are overwritten to code, so they must be placed in writeable executable segment. |
|||
06 Mar 2007, 16:47 |
|
hidden 06 Mar 2007, 21:14
Quote: you didn't answer the question Smile Quote: Is method used in your "GetKernel" procedure documented? Or at least reliably working on all windowses? Quote: Is ordinal in range? Does RVAs point into file? If I'll check every RVA and every ordinal, how long will it import all the functions? Quote: PS2: |
|||
06 Mar 2007, 21:14 |
|
vid 06 Mar 2007, 21:38
Quote: It will chose the last function in export table matched hash and length Quote: Why? Nobody would ever notice few extra cycles per application run, but surely programmer wouldn't be happy to spend hour looking for bug releated to bad DLL. This also helps yourself to track bug in your code. Quote: This method is not documented, it's not mine, but it works on 9x, 2k and xp, I didn't try it on vista, but it should work. Anyway you can find kernel on return address by BaseByAddr. Quote: I can do this, but I think if anybody programming on assembler, he should know, if it's import - it should be writable and if program calls there it should be executable. |
|||
06 Mar 2007, 21:38 |
|
hidden 07 Mar 2007, 03:39
Quote: and what's wrong with proper method I don't know any documented method to get kernel addr except using LoadLibrary from import table. About checking RVA, if I will add this check, this code will be bigger twice or more, I thick is much easily and fester way to add own exception handler, that will show message with address of exception and current element in import table. Program have to shutdown anyway. What do you thick, is it better? |
|||
07 Mar 2007, 03:39 |
|
f0dder 07 Mar 2007, 23:26
As for speed... too bad that hash checking "somewhat complicates" using binary search of exports
|
|||
07 Mar 2007, 23:26 |
|
hidden 08 Mar 2007, 20:43
Updated: Added checking every access to memory, "is it in range of export section?"
|
|||
08 Mar 2007, 20:43 |
|
vid 08 Mar 2007, 20:51
f0dder:
|
|||
08 Mar 2007, 20:51 |
|
Goto page Previous 1, 2 < Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.