flat assembler
Message board for the users of flat assembler.

Index > Windows > export forwarding, import by ordinals

Author
Thread Post new topic Reply to topic
asmrox



Joined: 19 Jan 2008
Posts: 160
asmrox 22 Feb 2008, 04:13
1. How should look eat to forward to another dll?
2. how should look iat to import smth by index?
Post 22 Feb 2008, 04:13
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20303
Location: In your JS exploiting you and your system
revolution 22 Feb 2008, 13:00
1. You point the address of the exported function to a string that is inside the export table. This triggers the loader to use the string to import from another module.

2. You put the ordinal number in the first two bytes of the import string. Normally these two bytes would be zeros. They act as a hint if you also include the string, but without a string then they are used directly.
Post 22 Feb 2008, 13:00
View user's profile Send private message Visit poster's website Reply with quote
asmrox



Joined: 19 Jan 2008
Posts: 160
asmrox 22 Feb 2008, 13:20
second work ok
test_table:
function dd RVA 00000001
dd 0

but first dont. How do i know address of a function from external dll? And... how the program will know the dll?
Post 22 Feb 2008, 13:20
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20303
Location: In your JS exploiting you and your system
revolution 22 Feb 2008, 13:39
in the export address table:
Code:
...
dd RVA func_abc
dd RVA func_jkl_forwarded_string
dd RVA func_xyz
...    


in the export names table:
Code:
...
dd RVA func_abc_string
dd RVA func_jkl_string
dd RVA func_xyz_string
...    


the export ordinals table is no change

And the names:
Code:
...
func_abc_string: db 'ABC',0
func_jkl_string: db 'JKL',0
func_xyz_string: db 'XYZ',0
;the following name MUST be within the export section or it won't work
func_jkl_forwarded_string: db 'modulename.JKL',0    


BTW I don't understand your example, it looks wrong to me

instead of:
dw 0
db 'import',0

you use:
dw ordinal
db 'import',0

or you can use:
dw ordinal
db 0
Post 22 Feb 2008, 13:39
View user's profile Send private message Visit poster's website Reply with quote
asmrox



Joined: 19 Jan 2008
Posts: 160
asmrox 22 Feb 2008, 14:00
Code:
format pe dll
section '.edata' export data readable
dd 0,0,0,0,1
dd 1,0,RVA e_addr,0,0
e_addr:
dd RVA _forward
_forward db 'user32.MessageBoxA',0    

thanks again Smile
Post 22 Feb 2008, 14:00
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.