flat assembler
Message board for the users of flat assembler.

Index > Main > api not found Error

Author
Thread Post new topic Reply to topic
shism2



Joined: 14 Sep 2005
Posts: 248
shism2 23 Aug 2007, 01:29
...
I get an error when using the ntdll.dll

I tried using this


Code:
invoke NtQuerySystemInformation, 5, [pBuffer], 20000h, 0 

 
    


Code:


section '.idata' import data readable writeable 

   
  library    kernel32,'KERNEL32.DLL',\    
          user32,  'USER32.DLL',\ 
          comdlg32,'COMDLG32.DLL',\ 
          shlwapi, 'SHLWAPI.DLL',\ 
          ole32,   'OLE32.DLL',\ 
          gdi32,   'GDI32.DLL',\ 
          comctl32, 'comctl32.dll',\ 
          shell32, 'SHELL32.DLL',\ 
          ntdll1,'ntdll.dll' 

include     '%fasminc%\api\kernel32.inc' 
include     '%fasminc%\api\gdi32.inc' 
include     '%fasminc%\api\comctl32.inc' 
include     '%fasminc%\api\user32.inc' 
include     '%fasminc%\api\comdlg32.inc' 
include     '%fasminc%\api\shell32.inc' 
include     '%fasminc%\api\ntdll.inc' 

 
    






For some reason it gives me this error

Code:

flat assembler  version 1.67.21  (503271 kilobytes memory) 
C:\Documents and Settings\Owner\Desktop\crap\fasmexp\Anti-Debug Research\Debugger Checks\Process Based\ParentIdV2\pidv2.asm [41]: 
        invoke NtQuerySystemInformation, 5, [pBuffer], 20000h, 0 
C:\WinAsm\Assemblers\fasm\INCLUDE\win32ax.inc [42] invoke [1]: 
     \common call [proc] \} 
error: undefined symbol. 
    


Anyone have any idea why this would happen ?
Post 23 Aug 2007, 01:29
View user's profile Send private message Reply with quote
Yardman



Joined: 12 Apr 2005
Posts: 244
Location: US
Yardman 23 Aug 2007, 04:46
[ Post removed by author. ]


Last edited by Yardman on 04 Apr 2012, 02:47; edited 1 time in total
Post 23 Aug 2007, 04:46
View user's profile Send private message Reply with quote
madmatt



Joined: 07 Oct 2003
Posts: 1045
Location: Michigan, USA
madmatt 23 Aug 2007, 09:44
Yardmans right, it should read:
Code:
ntdll, 'ntdll.dll'    
Post 23 Aug 2007, 09:44
View user's profile Send private message Reply with quote
shism2



Joined: 14 Sep 2005
Posts: 248
shism2 24 Aug 2007, 00:09
Now I get this

Code:
C:\WinAsm\Assemblers\fasm\FASM.EXE "C:\Documents and Settings\Owner\Desktop\crap\fasmexp\Anti-Debug Research\Debugger Checks\Process Based\ParentIdV2\pidv2.asm"  "pidv2.exe" 

flat assembler  version 1.67.22  (467890 kilobytes memory)
C:\WinAsm\Assemblers\fasm\INCLUDE\api\ntdll.inc [1]:
import  ntdll,\
C:\WinAsm\Assemblers\fasm\INCLUDE\macro/import32.inc [28] import [4]:
     if used label
error: reserved word used as symbol.
    



Code:
section '.idata' import data readable writeable

  
  library    kernel32,'KERNEL32.DLL',\   
          user32,  'USER32.DLL',\
          comdlg32,'COMDLG32.DLL',\
          shlwapi, 'SHLWAPI.DLL',\
          ole32,   'OLE32.DLL',\
          gdi32,   'GDI32.DLL',\
          comctl32, 'comctl32.dll',\
          shell32, 'SHELL32.DLL',\
          ntdll,'ntdll.dll'

include     '%fasminc%\api\kernel32.inc'
include     '%fasminc%\api\gdi32.inc'
include     '%fasminc%\api\comctl32.inc'
include     '%fasminc%\api\user32.inc'
include     '%fasminc%\api\comdlg32.inc'
include     '%fasminc%\api\shell32.inc'
include     '%fasminc%\api\ntdll.inc'
    



Code:
import  ntdll,\
        CsrAllocateCaptureBuffer,'CsrAllocateCaptureBuffer',\
        CsrAllocateMessagePointer,'CsrAllocateMessagePointer',\
        CsrCaptureMessageBuffer,'CsrCaptureMessageBuffer',\
etc.............
    
Post 24 Aug 2007, 00:09
View user's profile Send private message Reply with quote
Yardman



Joined: 12 Apr 2005
Posts: 244
Location: US
Yardman 24 Aug 2007, 03:05
[ Post removed by author. ]


Last edited by Yardman on 04 Apr 2012, 02:48; edited 1 time in total
Post 24 Aug 2007, 03:05
View user's profile Send private message Reply with quote
shism2



Joined: 14 Sep 2005
Posts: 248
shism2 24 Aug 2007, 03:17
Because it's an FPU instruction... Btw thank you very much
Post 24 Aug 2007, 03:17
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4624
Location: Argentina
LocoDelAssembly 24 Aug 2007, 03:25
Yardman, sorry for my curiosity but, from where did you copy that line?Razz

[edit]I reply myself, NTDLL.DLL has a function named fabs in its export table. Well, the function can be either removed or change its label to other name (but keeping the quoted string intact)[/edit]
Post 24 Aug 2007, 03:25
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.