flat assembler
Message board for the users of flat assembler.
![]() |
Author |
|
Tomasz Grysztar 12 Jan 2004, 09:58
http://board.flatassembler.net/topic.php?t=37
(this is exactly the same problem and the same solution applies). |
|||
![]() |
|
roticv 12 Jan 2004, 13:07
[offtopic]hmm the code does not work across all variant of windows[/offtopic]
|
|||
![]() |
|
HarryTuttle 12 Jan 2004, 13:19
the code does not work if you have different version of dll.
test your dll's function offsets and add to the base adres: 4 example the kernel32.dll base is:77e80000h and offsets may be different. Exchange the right value of all hard-coded adresses and run: Code: format PE GUI 4.0 ;or console /as you wish include '%fasminc%/win32a.inc' entry go section '.data' data readable writeable form db '%s%x',10,0 hexa db 'addres: ',0 ;************************************************* section '.code' code readable writeable executable go: call go1 db 'user32.dll',0 go1: mov eax,77e9fee8h ;LoadLibraryA ;your maybe 77e8a254 call eax cinvoke printf,form,hexa,eax cinvoke printf,form,hexa,[ExitProcess] push 0 call stp1 db 'Test OK !',0 stp1: call stp2 db 'Hello World!',0 stp2: push 0 mov eax,77e33256h ;MessageBoxA your maybe 77e375d5 call eax push 1 mov eax,77ea6542h ;ExitProcess ,yours 77e98f94 ??? call eax ;********************************************** section '.idata' import data readable writeable library kernel32,'KERNEL32.dll',\ crtdll,'crtdll.dll' import kernel32,\ ExitProcess,'ExitProcess' import crtdll,\ printf,'printf' I still have no idea why the code will be not work if I cut : Code: cinvoke printf,form,hexa,eax cinvoke printf,form,hexa,[ExitProcess] maybe U know? regards, h _________________ Microsoft: brings power of yesterday to computers of today. |
|||
![]() |
|
roticv 12 Jan 2004, 13:44
My point would be that you should not be hardcoding the address of function from kernel32.dll. In fact, some examples of address whereby user32.dll is maped onto is
Win95 (3rd release?) - 0xBFF70000 Win98 (1st and 2nd editions) - 0xBFF70000 WinME - 0xBFF60000 WinNT4 (service pack 4 and 5) - 0x77F00000 I grabbed it from somewhere. So don't blame me if the values are wrong. I think it does not work because you are using windows 2k (correct me if i am wrong with that assumption). Under 2k, it is not allowed for an exe to run if it does not have any imports. |
|||
![]() |
|
HarryTuttle 12 Jan 2004, 14:02
U R absolutely right, the first example does not work, that's why I post it!
The code even can't be compiled. I improved it but like most of the time, something's going wrong. My system is 2K(bingo roticv!) with all security patches are aviable from the MS. Before patching the addresses of procs were different ![]() best regards, h 4 the people who want to know that address: To display yours image base address of Kernel32.dll run this: Code: include '%fasminc%/win32ax.inc' .data szKer db 'kernel32 image base is: ',10 szBuffer rb 9 db 0 forma db '0x%x',0 addresKern dd ? .code start: call go db 'kernel32.dll',0 go: call [LoadLibrary] mov [addresKern],eax invoke wsprintf,szBuffer,forma,[addresKern] invoke MessageBox,0,szKer,szBuffer,0 invoke ExitProcess,0 .end start _________________ Microsoft: brings power of yesterday to computers of today. |
|||
![]() |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.