News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

Demo for calling addresses with invoke in a virtual table

Started by hutch--, December 27, 2004, 07:41:14 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

hutch--

December 27, 2004, 07:41:14 AM
I did the DDPROTO macro some time ago and this is what its used for. The attached demo shows how to build a virtual table in a DLL and also has an EXE file that shows how to set up and call procedures in the DLL that have their addresses stored in a virtual table.

In the EXE file the DDPROTO macro is used to prototype the addresses returned in the virtual tabel and the procedures are called using the normal invoke syntax in MASM.

[attachment deleted by admin]
Download site for MASM32      New MASM Forum
https://masm32.com          https://masm32.com/board/index.php

James Ladd

#1
December 27, 2004, 11:42:49 PM
hutch -
Very insteresting example and I can see a few places I could use this right away. Thanks.
On another note though, the declaration of item1 ... item4 and the prototyping of those functions in the code
seems to make the level of indirection higher, from the point of view of understanding the code.
I know you can just use the table returned from the vtquery function directly so why not do that ?
Is it because that would not show the masm facilities of prototyping a pointer to a function or is there something
else im missing ?
In short, the indirection makes the code a little harder to comprehend. Until you used to the macros I guess.

hutch--

#2
December 28, 2004, 01:10:22 AM
James,

I did this demo as low level as possible so that it was not hidden by macros. As you would expect, the construction of the virtual table in the DLL is a list of addresses resolved by the assembler and passed as a single address with the query back to the caller so the level of indirection is necessary if you get all of the addresses from one return value.

Its a very simple piece of code to auto loop through the return addresses and feed values to them and it actually works fine but as a demo, I have tried to avoid that so it was easier to understand.

Its no big deal to make a second query that tells you how many functions are in the DLL as you only need the length of the vtable array divided by 4 and you could set DLL versions with another call. There is a lot of flexibility in how this method can be used. It makes fishing out the EXPORTS a ton of fun for cracking but the main win is its faster with the direct call if I remember rightly.
Download site for MASM32      New MASM Forum
https://masm32.com          https://masm32.com/board/index.php

hutch--

#3
December 28, 2004, 01:28:03 PM
Here is a variant of the same test piece but this one uses LoadLibrary(), GetProcAddress() and FreeLibrary() to handle the DLL and demonstrates the technique of using DDPROTO to prototype the addresses of the procedures in the DLL and call them using invoke.

[attachment deleted by admin]
Download site for MASM32      New MASM Forum
https://masm32.com          https://masm32.com/board/index.php

James Ladd

#4
December 28, 2004, 11:01:05 PM
hutch -
Thanks for the reply and the dynamic example. I personally prefer to make my code use the dynamic approach.
I dont think I made myself clear in the first reply. I was just wondering why you didnt just call the functions via
the vtable rather than pull them out into other variables. Either way would work.
Anyways, thanks for taking the time to do these little snippets. Ill incorporate them into the socket stuff.
- striker.
Print
Go Up Pages1
User actions