flat assembler
Message board for the users of flat assembler.

Index > Windows > Ordinals

Author
Thread Post new topic Reply to topic
JohnCal



Joined: 18 Sep 2008
Posts: 4
JohnCal 28 Sep 2008, 23:58
Hi lets say I want to load" AddAtomA" from GetProcAddress, but instead of passing a string I pass a ordinal, here I use 0x02 for AddAtom:
Code:
push 0x02
push [Kernel32Lib]
call GetProcAddress    

This works fine on XP SP2, my question is will this change per OS (or service pack)? And also how can i make this work on multiple windows OSs?

-Thanks
Post 28 Sep 2008, 23:58
View user's profile Send private message Reply with quote
iic2



Joined: 26 Jun 2008
Posts: 122
iic2 29 Sep 2008, 00:40
per OS (AND service pack) since Win95 to date. I wonder why they do that. No way they would add to or take away from every single API but they change every API syntax (dword) causing the ordinal to change. I guest this is their way of keep the OS beyond (too much) scope. Just another form of protecting the OS and it secrets i guest.

When someone find something great, MS takes it away with a new service pack. If we were them, we probaly do the same...
Post 29 Sep 2008, 00:40
View user's profile Send private message Reply with quote
JohnCal



Joined: 18 Sep 2008
Posts: 4
JohnCal 29 Sep 2008, 01:14
Thanks that helped me out. Is their anyway I can be consistent using ordinals or am I just out of luck?

My goal: Use GetProcAddress without passing the API names as strings (and work at least from Windows 98 - Windows XP)
Post 29 Sep 2008, 01:14
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3175
Location: Denmark
f0dder 29 Sep 2008, 01:27
Microsoft should never have supported import-by-ordinal in the first place. There's nothing really great about them: doesn't mean much wrt. speed, doesn't add any obfuscation value, et cetera. The only thing you can save is a tiny bit of exe size, but that's utterly irrelevant unless you're doing <4k intros.
Post 29 Sep 2008, 01:27
View user's profile Send private message Visit poster's website Reply with quote
iic2



Joined: 26 Jun 2008
Posts: 122
iic2 29 Sep 2008, 05:19
I would do it just like any other search procedure. Cmp to see what OS is running than use what-ever Ordinals needed. You will surly end up with lots of cmp's and extra PROC's but big deal, you still get all the speed that ASM has to offers and disk space is cheap these days.

It's more fun than work. I do it all the time to keep in-step with 95 - xp the standard way ( I skip the ones i no longer have no interest in)

That's why I always say "my crazy code". More cmp and jmp that would drive anyone nuts in minutes. So yes, you can, if your up for the task.

f0dder, we might as well take advantage of that. So, using ordinals is cheaper Smile If one choose to be backward compatible, JohnCal concerns about using ordinals got to be as good as any other, if not better. How to do it ? Others knows better because I never tried it before.


Good Luck


Last edited by iic2 on 29 Sep 2008, 06:09; edited 1 time in total
Post 29 Sep 2008, 05:19
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3175
Location: Denmark
f0dder 29 Sep 2008, 06:06
iic2, if you need to have special-cases to support different OS (heck, even service pack) versions, you're going to lose any speed advantage ordinals could gain you (which I doubt is measurable anyway), your app will likely break on any OS/SP version you haven't tested, and one will have to question why you bother.

The only valid reason for import-by-ordinal would be some crazy-ass imports that aren't available in named form, but fortunately those are relatively rare... and usually something you shouldn't be messing with anyway.
Post 29 Sep 2008, 06:06
View user's profile Send private message Visit poster's website Reply with quote
karl



Joined: 07 Feb 2006
Posts: 63
Location: South Africa
karl 29 Sep 2008, 08:18
stupid question: why would you want to use the PE import table if you could just use GetProcAddress?
Post 29 Sep 2008, 08:18
View user's profile Send private message Reply with quote
iic2



Joined: 26 Jun 2008
Posts: 122
iic2 29 Sep 2008, 10:26
f0dder, Too late. I done it all ready, and I could had done it using ordinals and would have founded a way to make it easy to work with. I test everything with every OS by nature. Speed is not a problem. JohnCal, has his reasons. I'm sure he been around. He need help now, not me. I bet he knows the things you mension and just need to be sure of a few things. I was just throwing out ideas based on one of his questions.

See you latter
Post 29 Sep 2008, 10:26
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.