flat assembler
Message board for the users of flat assembler.

Index > Windows > an error with "assume"

Author
Thread Post new topic Reply to topic
Necromancer13.13



Joined: 20 Apr 2008
Posts: 15
Location: Ukraine
Necromancer13.13
I'm trying to get addresses of functions of kernel32.dll %)

It's a part of code:

Code:
        mov     esi,[ebp+kernel32_base]
        mov     ebx,esi
        assume  esi:IMAGE_DOS_HEADER
        add     esi,[esi.e_lfanew]
        assume  esi:IMAGE_NT_HEADERS
        lea     esi,[esi.OptionalHeader]
        assume  esi:IMAGE_OPTIONAL_HEADER
        mov     esi,[esi.DataDirectoryExport]
        add     esi,[ebp+kernel32_base]
        assume  esi:IMAGE_EXPORT_DIRECTORY
        mov     eax,[esi.AddressOfNames]
        add     eax,ebx
        mov     [ebp+NameTableVA],eax
        mov     eax,[esi.AddressOfFunctions]
        add     eax,ebx
        mov     [ebp+AddressTableVA],eax
        mov     eax,[esi.AddressOfNameOrdinals]
        add     eax,ebx
        mov     [ebp+OrdinalTableVA],eax
        mov     esi,[ebp+NameTableVA]
        mov     [ebp+Counter],0
    


FASM doesn't compile this :'(

it finds some error in "assume esi:IMAGE_OPTIONAL_HEADER" Sad but why? Sad

_________________
FASM Rules!


Last edited by Necromancer13.13 on 11 May 2008, 10:35; edited 2 times in total
Post 11 May 2008, 08:48
View user's profile Send private message MSN Messenger ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17667
Location: In your JS exploiting you and your system
revolution
fasm doesn't have an assume directive, you need to do it with macros. Have you included the macros?
Post 11 May 2008, 09:05
View user's profile Send private message Visit poster's website Reply with quote
Necromancer13.13



Joined: 20 Apr 2008
Posts: 15
Location: Ukraine
Necromancer13.13
Yes, of course.
I've included '%fasminc%\macro\masm.inc'
Post 11 May 2008, 09:44
View user's profile Send private message MSN Messenger ICQ Number Reply with quote
Necromancer13.13



Joined: 20 Apr 2008
Posts: 15
Location: Ukraine
Necromancer13.13
help please! Sad How can I use assume? :'( Why does not it work? Sad
Post 11 May 2008, 10:47
View user's profile Send private message MSN Messenger ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17667
Location: In your JS exploiting you and your system
revolution
Have you tried searching this board yet? There are already some threads about assume problems and their solutions.
Post 11 May 2008, 12:10
View user's profile Send private message Visit poster's website Reply with quote
Necromancer13.13



Joined: 20 Apr 2008
Posts: 15
Location: Ukraine
Necromancer13.13
Oh.. yes.. sorry... I've found it... O__o

http://board.flatassembler.net/topic.php?t=8424

in masm.inc

"reg\#@assumed equ ;<--- add a backslash here "

But why there is no backslash there by default? Is this bug? =-O
Post 11 May 2008, 14:26
View user's profile Send private message MSN Messenger ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17667
Location: In your JS exploiting you and your system
revolution
Yes, it is a bug, and the fix has not yet been updated into the download package. Sad
Post 11 May 2008, 15:08
View user's profile Send private message Visit poster's website Reply with quote
Necromancer13.13



Joined: 20 Apr 2008
Posts: 15
Location: Ukraine
Necromancer13.13
heh.. It's a pity Sad

I've patched my masm.inc, but there is one more question about structures:(


Now I try to compile this

Code:
        
        mov     esi,[ebp+kernel32_base]
        mov     ebx,esi
        assume  esi:IMAGE_DOS_HEADER
        add     esi,[esi.e_lfanew]
        assume  esi:IMAGE_NT_HEADERS
        lea     esi,[esi.OptionalHeader]
        assume  esi:IMAGE_OPTIONAL_HEADER
    


FASM finds error in "lea esi,[esi.OptionalHeader]". But there is nothing wrong there =-O


P.S. These are some structures from an include-file peformat.inc:

Code:
struct IMAGE_NT_HEADERS
  Signature      dd ? ; IMAGE_NT_SIGNATURE
  FileHeader     IMAGE_FILE_HEADER
  OptionalHeader IMAGE_OPTIONAL_HEADER
ends
    


and

Code:
struct IMAGE_DOS_HEADER
  e_magic    dw ?           ; { Magic number                     } ; IMAGE_DOS_SIGNATURE
  e_cblp     dw ?           ; { Bytes on last page of file       }
  e_cp       dw ?           ; { Pages in file                    }
  e_crlc     dw ?           ; { Relocations                      }
  e_cparhdr  dw ?           ; { Size of header in paragraphs     }
  e_minalloc dw ?           ; { Minimum extra paragraphs needed  }
  e_maxalloc dw ?           ; { Maximum extra paragraphs needed  }
  e_ss       dw ?           ; { Initial (relative) SS value      }
  e_sp       dw ?           ; { Initial SP value                 }
  e_csum     dw ?           ; { Checksum                         }
  e_ip       dw ?           ; { Initial IP value                 }
  e_cs       dw ?           ; { Initial (relative) CS value      }
  e_lfarlc   dw ?           ; { File address of relocation table }
  e_ovno     dw ?           ; { Overlay number                   }
  e_res      dw 4 dup (?)   ; { Reserved words                   }
  e_oemid    dw ?           ; { OEM identifier (for e_oeminfo)   }
  e_oeminfo  dw ?           ; { OEM information; e_oemid specific}
  e_res2     dw 10 dup (?)  ; { Reserved words                   }
  e_lfanew   dd ?           ; { File address of new exe header   }
ends
    
Post 11 May 2008, 15:30
View user's profile Send private message MSN Messenger ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17667
Location: In your JS exploiting you and your system
revolution
Where is your IMAGE_OPTIONAL_HEADER structure. You may need to fully specify which member of the structure you want
Code:
lea     esi,[esi.OptionalHeader.someMemberHere]    
But I'm just guessing, try it.
Post 11 May 2008, 15:36
View user's profile Send private message Visit poster's website Reply with quote
Necromancer13.13



Joined: 20 Apr 2008
Posts: 15
Location: Ukraine
Necromancer13.13
Thank you, revolution!! Thank you! Smile)
Yeah! Smile) Now it works Smile
Thank you Smile)
Post 11 May 2008, 16:16
View user's profile Send private message MSN Messenger ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17667
Location: In your JS exploiting you and your system
revolution
3 x "Thank you" ---> so, 3 x "Your welcome".
Post 11 May 2008, 16:45
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.