|
NASM - Erstellung eines Win64-Bit Images für die Verwendung mit mehr als 2 Funccalls
Hallo,
ich würde gerne Wissen wollen, wie man mehr als nur eine Funktion in den folgenden Snippet aufrufen kann. Ich habe dazu eine kleine .DLL geschrieben, die ein einziges Export hat. Ich würde gerne mehr Exports verwenden wollen. Der vorliegende Code funktioniert und kann mittels: C:\nasm -f bin -o win.exe win.asm übersetzt werden. Danke schonmal für sachdienliche Hinweise.
Code:
BITS 64
%define align(n,r) (((n+(r-1))/r)*r) ; DOS Header dw 'MZ' ; e_magic dw 0 ; [UNUSED] e_cblp dw 0 ; [UNUSED] c_cp dw 0 ; [UNUSED] e_crlc dw 0 ; [UNUSED] e_cparhdr dw 0 ; [UNUSED] e_minalloc dw 0 ; [UNUSED] e_maxalloc dw 0 ; [UNUSED] e_ss dw 0 ; [UNUSED] e_sp dw 0 ; [UNUSED] e_csum dw 0 ; [UNUSED] e_ip dw 0 ; [UNUSED] e_cs dw 0 ; [UNUSED] e_lfarlc dw 0 ; [UNUSED] e_ovno times 4 dw 0 ; [UNUSED] e_res dw 0 ; [UNUSED] e_oemid dw 0 ; [UNUSED] e_oeminfo times 10 dw 0 ; [UNUSED] e_res2 dd pe_hdr ; e_lfanew ; PE Header pe_hdr: dw 'PE', 0 ; Signature ; Image File Header dw 0x8664 ; Machine dw 0x01 ; NumberOfSections dd 0 ; [UNUSED] TimeDateStamp dd 0 ; PointerToSymbolTable dd 0 ; NumberOfSymbols dw opt_hdr_size ; SizeOfOptionalHeader dw 0x22 ; Characteristics ; Optional Header, COFF Standard Fields opt_hdr: dw 0x020b ; Magic (PE32+) db 0x0e ; MajorLinkerVersion db 0x16 ; MinorLinkerVersion dd code_size ; SizeOfCode dd 0 ; SizeOfInitializedData dd 0 ; SizeOfUninitializedData dd entry ; AddressOfEntryPoint dd iatbl ; BaseOfCode ; Optional Header, NT Additional Fields dq 0x000140000000 ; ImageBase dd 0x10 ; SectionAlignment dd 0x10 ; FileAlignment dw 0x06 ; MajorOperatingSystemVersion dw 0 ; MinorOperatingSystemVersion dw 0 ; MajorImageVersion dw 0 ; MinorImageVersion dw 0x06 ; MajorSubsystemVersion dw 0 ; MinorSubsystemVersion dd 0 ; Reserved1 dd file_size ; SizeOfImage dd hdr_size ; SizeOfHeaders dd 0 ; CheckSum dw 0x02 ; Subsystem (Windows GUI) dw 0x8160 ; DllCharacteristics dq 0x100000 ; SizeOfStackReserve dq 0x1000 ; SizeOfStackCommit dq 0x100000 ; SizeOfHeapReserve dq 0x1000 ; SizeOfHeapCommit dd 0 ; LoaderFlags dd 0x02 ; NumberOfRvaAndSizes ; Optional Header, Data Directories dd 0 ; Export, RVA dd 0 ; Export, Size dd itbl ; Import, RVA dd itbl_size ; Import, Size opt_hdr_size equ $-opt_hdr ; Section Table section_name db '.' ; Name times 8-($-section_name) db 0 dd sect_size ; VirtualSize dd iatbl ; VirtualAddress dd code_size ; SizeOfRawData dd iatbl ; PointerToRawData dd 0 ; PointerToRelocations dd 0 ; PointerToLinenumbers dw 0 ; NumberOfRelocations dw 0 ; NumberOfLinenumbers dd 0x60000020 ; Characteristics hdr_size equ $-$$ code: ; Import Address Directory iatbl: dq symbol dq 0 iatbl_size equ $-iatbl ; Strings title: db "Hallo Welt !!!", 0 content: db "ABCDEFGHIJKL", 0 ; Entry entry: mov r9d, 0x00240040 ; uType lea r8, [rel title] ; lpCaption lea rdx, [rel content] ; lpText xor ecx, ecx ; hWnd jmp [rel iatbl] ; MessageBoxN times align($-$$,16)-($-$$) db 0xcc ; Import Directory itbl: dq intbl ; OriginalFirstThunk dd 0 ; TimeDateStamp dd dll_name ; ForwarderChain dd iatbl ; Name dq 0 ; FirstThunk itbl_size equ $-itbl ; Import Name Table intbl: dq symbol dq 0 ; Symbol symbol: dw 0x0 ; [UNUSED] Function Order db 'ShowMessageA', 0 ; Function Name dw 0x0 db 'kalli', 0 dll_name: db 'kalle32.dll', 0 db 0 sect_size equ $-code times align($-$$,16)-($-$$) db 0 code_size equ $-code file_size equ $-$$ |
AW: NASM - Erstellung eines Win64-Bit Images für die Verwendung mit mehr als 2 Funcca
Hi,
You said you are calling one export, but i don't see any export, your code is showing the message in the DllEntry, that DLL doesn't have any export at all. Point on that code: 1) You are complicating things for yourself with all the handmade headers, just don't !, NASM will do it all for your, and it will be right. 2) Use export section instead of building the export and import sections by hand. 3) Please search the net for a good example like this post  https://forum.nasm.us/index.php?topic=2365.15 and you can read the code in that thread, that how a everyday DLL should like, writing the PE manually is dangerous zone and easily can blocked by AntiViruses, writing a DLL in NASM or MASM is way easier and shorter.There is many resources for NASM on the internet and they have a very nice forum too. Hope that helps, and good luck. |
AW: NASM - Erstellung eines Win64-Bit Images für die Verwendung mit mehr als 2 Funcca
Hi,
I don't want use a Linker. I would like produce a Flat-Image on the fly. The DLL Library Code looks like:
Delphi-Quellcode:
Then I have extend the Assembly Code:
library kalle32;
uses windows; procedure kalli(h: HWND; lpText: PChar; lpCaption: PChar; mb: UINT); stdcall; export; begin MessageBoxA(h,Pchar(lpText),PChar(lpCaption),mb); end; exports kalli; begin MessageBoxA(0,'hallo','kaaass',0); end.
Code:
There must be an mistake somewhere.
BITS 64
%define align(n,r) (((n+(r-1))/r)*r) ; DOS Header dw 'MZ' ; e_magic dw 0 ; [UNUSED] e_cblp dw 0 ; [UNUSED] c_cp dw 0 ; [UNUSED] e_crlc dw 0 ; [UNUSED] e_cparhdr dw 0 ; [UNUSED] e_minalloc dw 0 ; [UNUSED] e_maxalloc dw 0 ; [UNUSED] e_ss dw 0 ; [UNUSED] e_sp dw 0 ; [UNUSED] e_csum dw 0 ; [UNUSED] e_ip dw 0 ; [UNUSED] e_cs dw 0 ; [UNUSED] e_lfarlc dw 0 ; [UNUSED] e_ovno times 4 dw 0 ; [UNUSED] e_res dw 0 ; [UNUSED] e_oemid dw 0 ; [UNUSED] e_oeminfo times 10 dw 0 ; [UNUSED] e_res2 dd pe_hdr ; e_lfanew ; PE Header pe_hdr: dw 'PE', 0 ; Signature ; Image File Header dw 0x8664 ; Machine dw 0x01 ; NumberOfSections dd 0 ; [UNUSED] TimeDateStamp dd 0 ; PointerToSymbolTable dd 0 ; NumberOfSymbols dw opt_hdr_size ; SizeOfOptionalHeader dw 0x22 ; Characteristics ; Optional Header, COFF Standard Fields opt_hdr: dw 0x020b ; Magic (PE32+) db 0x0e ; MajorLinkerVersion db 0x16 ; MinorLinkerVersion dd code_size ; SizeOfCode dd 0 ; SizeOfInitializedData dd 0 ; SizeOfUninitializedData dd entry ; AddressOfEntryPoint dd iatbl ; BaseOfCode ; Optional Header, NT Additional Fields dq 0x000140000000 ; ImageBase dd 0x10 ; SectionAlignment dd 0x10 ; FileAlignment dw 0x06 ; MajorOperatingSystemVersion dw 0 ; MinorOperatingSystemVersion dw 0 ; MajorImageVersion dw 0 ; MinorImageVersion dw 0x06 ; MajorSubsystemVersion dw 0 ; MinorSubsystemVersion dd 0 ; Reserved1 dd file_size ; SizeOfImage dd hdr_size ; SizeOfHeaders dd 0 ; CheckSum dw 0x02 ; Subsystem (Windows GUI) dw 0x8160 ; DllCharacteristics dq 0x100000 ; SizeOfStackReserve dq 0x1000 ; SizeOfStackCommit dq 0x100000 ; SizeOfHeapReserve dq 0x1000 ; SizeOfHeapCommit dd 0 ; LoaderFlags dd 0x02 ; NumberOfRvaAndSizes ; Optional Header, Data Directories dd 0 ; Export, RVA dd 0 ; Export, Size dd itbl ; Import, RVA dd itbl_size ; Import, Size opt_hdr_size equ $-opt_hdr ; Section Table section_name db '.' ; Name times 8-($-section_name) db 0 dd sect_size ; VirtualSize dd iatbl ; VirtualAddress dd code_size ; SizeOfRawData dd iatbl ; PointerToRawData dd 0 ; PointerToRelocations dd 0 ; PointerToLinenumbers dw 0 ; NumberOfRelocations dw 0 ; NumberOfLinenumbers dd 0x60000020 ; Characteristics hdr_size equ $-$$ code: ; Import Address Directory iatbl: dq symbol_1 dq symbol_2 dq 0 iatbl_size equ $-iatbl ; Strings title: db "Hallo Welt !!!", 0 content: db "ABCDEFGHIJKL", 0 ; Entry entry: mov r9d, 0x00240040 ; uType lea r8, [rel title] ; lpCaption lea rdx, [rel content] ; lpText xor ecx, ecx ; hWnd mov rax, [rel iatbl + 8] ; MessageBoxN call rax times align($-$$,16)-($-$$) db 0xcc ; Import Directory 1 itbl: dq intbl_1 ; OriginalFirstThunk dd 0 ; TimeDateStamp dd dll_name_1 ; ForwarderChain dd iatbl ; Name dq 0 ; FirstThunk ; Import Directory 2 itbl_2: dq intbl_2 ; OriginalFirstThunk dd 0 ; TimeDateStamp dd dll_name_2 ; ForwarderChain dd iatbl + 8 ; Name dq 0 ; FirstThunk itbl_size equ $-itbl ; Import Name Table 1 intbl_1: dq symbol_1 dq 0 ; Import Name Table 2 intbl_2: dq symbol_2 dq 0 ; Symbol 1 symbol_1: dw 0 ; [UNUSED] Function Order db 'MessageBoxA', 0 ; Function Name ; Symbol 2 symbol_2: dw 0 db 'kalli', 0 dll_name_2: db 'kalle32.dll', 0 dll_name_1: db 'USER32.dll' , 0 sect_size equ $-code times align($-$$,16)-($-$$) db 0 code_size equ $-code file_size equ $-$$ Because, when I use the Lines:
Code:
The Application run fine on my Windows Station.
mov r9d, 0x00240040 ; uType
lea r8, [rel title] ; lpCaption lea rdx, [rel content] ; lpText xor ecx, ecx ; hWnd mov rax, [rel iatbl] ; MessageBoxN call rax |
AW: NASM - Erstellung eines Win64-Bit Images für die Verwendung mit mehr als 2 Funcca
I am really sorry, something went very wrong with translation and my brain understanding what is the question is.
I answered different thing as the translation gave me that you are building an DLL with NASM :oops: Anyway, i looked and it seems you are putting the import directory iatbl in code section, this will be a problem as code section should be with execute memory protection and the import usually will only be read and write with no execution, that one also the size of the import table and thunk looks off, in fact the two sizes should be recalculated, for both code section and the extra '.' section, as for the import the indexes are off too. Using one section is considered malicious and will not be allowed to run by any AntiVirus or security software, so when say you want flat image i understand it as you want one section with the PE header, i would suggest to to make sure there is two distinctive section that not overlapping like your code above, and make sure they are aligned (padded is not essential as the RVA size id right), only then you can build the import right. You said it is working and showing a message with the alternative code, there is a chance that Windows resolved only one and filled it then stopped because the section is marked as execute allowed not read/wite. Another thing: without ExitProcess explicitly called, that EXE will be raising exception on exit. |
AW: NASM - Erstellung eines Win64-Bit Images für die Verwendung mit mehr als 2 Funcca
during the waiting Time of your Response, I asked ChatGPT, and formed the following Code.
But it can not execute - I get Windows Error 0x0c - not a valid win32 application. I dont know why - Did you can see my mistake ? Thanks for helping.
Code:
BITS 64
; DOS Header dw 'MZ' ; e_magic dw 0 ; [UNUSED] e_cblp dw 0 ; [UNUSED] c_cp dw 0 ; [UNUSED] e_crlc dw 0 ; [UNUSED] e_cparhdr dw 0 ; [UNUSED] e_minalloc dw 0 ; [UNUSED] e_maxalloc dw 0 ; [UNUSED] e_ss dw 0 ; [UNUSED] e_sp dw 0 ; [UNUSED] e_csum dw 0 ; [UNUSED] e_ip dw 0 ; [UNUSED] e_cs dw 0 ; [UNUSED] e_lfarlc dw 0 ; [UNUSED] e_ovno times 4 dw 0 ; [UNUSED] e_res dw 0 ; [UNUSED] e_oemid dw 0 ; [UNUSED] e_oeminfo times 10 dw 0 ; [UNUSED] e_res2 dd pe_hdr ; e_lfanew ; PE Header pe_hdr: dw 'PE', 0 ; Signature ; Image File Header dw 0x8664 ; Machine dw 0x01 ; NumberOfSections dd 0 ; [UNUSED] TimeDateStamp dd 0 ; PointerToSymbolTable dd 0 ; NumberOfSymbols dw opt_hdr_size ; SizeOfOptionalHeader dw 0x22 ; Characteristics ; Optional Header, COFF Standard Fields opt_hdr: dw 0x020b ; Magic (PE32+) db 0x0e ; MajorLinkerVersion db 0x16 ; MinorLinkerVersion dd code_size ; SizeOfCode dd 0 ; SizeOfInitializedData dd 0 ; SizeOfUninitializedData dd entry ; AddressOfEntryPoint dd file_size ; BaseOfCode ; Optional Header, NT Additional Fields dq 0x000140000000 ; ImageBase dd 0x10 ; SectionAlignment dd 0x10 ; FileAlignment dw 0x06 ; MajorOperatingSystemVersion dw 0 ; MinorOperatingSystemVersion dw 0 ; MajorImageVersion dw 0 ; MinorImageVersion dw 0x06 ; MajorSubsystemVersion dw 0 ; MinorSubsystemVersion dd 0 ; Reserved1 dd file_size ; SizeOfImage dd hdr_size ; SizeOfHeaders dd 0 ; CheckSum dw 0x02 ; Subsystem (Windows GUI) dw 0x8160 ; DllCharacteristics dq 0x100000 ; SizeOfStackReserve dq 0x1000 ; SizeOfStackCommit dq 0x100000 ; SizeOfHeapReserve dq 0x1000 ; SizeOfHeapCommit dd 0 ; LoaderFlags dd 0x02 ; NumberOfRvaAndSizes ; Optional Header, Data Directories dd 0 ; Export, RVA dd 0 ; Export, Size dd import_descriptor ; Import, RVA dd import_descriptor_size ; Import, Size dd 0 ; Resources, RVA dd 0 ; Resources, Size opt_hdr_size equ $-opt_hdr ; Section Table section_name db '.text', 0, 0,0 ; Name times 8-($-section_name) db 0 dd sect_size ; VirtualSize dd virtual_address_text ; VirtualAddress dd code_size ; SizeOfRawData dd ptr_to_raw_data_text ; PointerToRawData dd 0 ; PointerToRelocations dd 0 ; PointerToLinenumbers dw 0 ; NumberOfRelocations dw 0 ; NumberOfLinenumbers dd 0x60000020 ; Characteristics sect_size equ $-$$ hdr_size equ $-$$ code_src: section .idata ; Import Directory Entry for "user32.dll" import_descriptor: dq 0 ; OriginalFirstThunk dq 0 ; TimeDateStamp dd 0 ; ForwarderChain dq import_address_table ; RVA to imported functions dq dll_name_1 ; Name of import dll dq import_name_table ; RVA for inport name table dq 0 ; Reserved import_descriptor_size equ $-import_descriptor ; Import Name Table for imported functions import_name_table: dq function_1_hint dq function_1_name dq 0 ; null-terminator ; Import Address Table (IAT) import_address_table: dq 0 dq 0 function_1_name db 'MessageBoxA', 0 function_1_hint dw 283 dll_name_1: db 'user32.dll', 0 section .text ; Entry entry: ret mov r9d, 0x00240040 ; uType lea r8, [rel title] ; lpCaption lea rdx, [rel content] ; lpText xor ecx, ecx ; hWnd ; ;mov rax, [rel iatbl] ; MessageBoxN call rax code_size equ $ - code_src section .data title: db "Hallo Welt !!!", 0 content: db "ABCDEFGHIJKL", 0 image_base dq 0x00400000 virtual_address_text dd $ - $$ + image_base ptr_to_raw_data_text dd $ - $$ file_size equ $-$$ |
AW: NASM - Erstellung eines Win64-Bit Images für die Verwendung mit mehr als 2 Funcca
Lade Dir die fpc sourcen und schaue da wie es gemacht wird. Zu glauben das chatgpt dir ne funktionierende Antwort gibt hat schon was von esoterisch 😀
|
AW: NASM - Erstellung eines Win64-Bit Images für die Verwendung mit mehr als 2 Funcca
naja. ich hatte gedacht, das ich mit Posting #3 nahe dran liege.
Es wird ja kommischerweise mit diesen #3 Codes ausgeführt. Allerdings sollte das jetzt mit weiteren Funktionen und DLL Dateien funktionieren. Entweder die .DLL ist futsch, oder da steckt noch wo anders ein Fehler. |
AW: NASM - Erstellung eines Win64-Bit Images für die Verwendung mit mehr als 2 Funcca
Well I am sorry i can't find time to rebuild it for you now, i have guests :-D
But there is very visible problem with Image Base addresses
Code:
; Optional Header, NT Additional Fields
dq 0x000140000000 ; ImageBase
Code:
Such miss addressing will render the PE unrecognizable for Windows.
image_base dq 0x00400000
virtual_address_text dd $ - $$ + image_base |
AW: NASM - Erstellung eines Win64-Bit Images für die Verwendung mit mehr als 2 Funcca
this does the same as before, when I use:
; Optional Header, NT Additional Fields dq image_base ; ImageBase image_base dq 0x00400000 |
AW: NASM - Erstellung eines Win64-Bit Images für die Verwendung mit mehr als 2 Funcca
Will try today or may till tomorrow and will build a working code for you, my interest started to grow in this for x64.
|
| Alle Zeitangaben in WEZ +1. Es ist jetzt 21:58 Uhr. |
Powered by vBulletin® Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO © 2011, Crawlability, Inc.
Delphi-PRAXiS (c) 2002 - 2023 by Daniel R. Wolf, 2024 by Thomas Breitkreuz