Translating Invoke With GetProcAddress

[DeadlyVermilion]

Hey there people, I'm trying to learn how to call API's Dynamically to reduce the amount I have declared.
So I am having problems trying to push an addr

This is the info of what I am trying to push.

LOCAL sinfo: STARTUPINFO

invoke GetProcAddress, xKernel32, addr lpszZeroMemory
mov xZeroMemory, eax
push sizeof STARTUPINFO
lea eax, sinfo
push eax
Call xZeroMemory


Can somebody please tell me why this crashes? I have tried debugging in OllyDebug and I know that it is due to this call on xZeroMemory, I also know it has something to do with my pushing sinfo.

Any help to resolve this problem will be warmly thanked.

[ragdog]

I cannot get with your source by Getprocadress no return value
Now have i look in the kernel32.dll and this have no ZeroMemory

[DeadlyVermilion]

Sorry, I don't understand what your trying to say. Please tell me more?

[ragdog]

I have look in the kernel32.dll and cannot find the zeromemory api
This can you see in my screenshot

And your code by getprocadress  is the return value  NULL

You can check it

invoke LoadLibrary,CTEXT ("kernel32.dll")
mov xKernel32,eax
invoke GetProcAddress, eax, CTEXT ("ZeroMemory")
.if eax
   mov xZeromemory,eax

.else
        invoke MessageBox,0,CTEXT ("Cannot get procedur adress from zeromemory"),0,MB_OK
.endif

Use RtlZeroMemory

I hope now have you this understanding

[Yuri]

Actually the function is named RtlZeroMemory.

[DeadlyVermilion]

I am using RtlZeroMemory, Sorry I forgot to put that down. Can someone please tell me what is wrong with my code though?

[dedndave]

ZeroMemory and RtlZeroMemory are macros, i believe
getting a proc address to a macro may not work so well   :P
you can check for an error condition after the GetProcAddress call, then use GetLastError, to debug it

can you attach code that is a bit more complete so that we can see xKernel32 and lpszZeroMemory?
i can assume that xZeroMemory is defined as a dword

[ragdog]

I think this works

Code Select Expand


LOCAL sinfo: STARTUPINFO

.data?
xKernel32 dd ?
xZeroMemory dd ?

.code
invoke LoadLibrary,CTEXT ("kernel32.dll")
.if eax
      mov xKernel32,eax
   invoke GetProcAddress, eax, CTEXT ("RtlZeroMemory")
      .if eax
           mov [xZeroMemory], eax

          push sizeof STARTUPINFO
           lea eax,sinfo
          push  eax
          Call [xZeroMemory]
        .else
             invoke MessageBox,0,CTEXT("Cannot Get procedur adress from RTLZeroMem"),0,MB_OK
      .endif
      invoke FreeLibrary,xKernel32
  .else
     invoke MessageBox,0,CTEXT("Cannot Load dll."),0,MB_OK
.endif


@dedndave

RTLZeroMemory if a macro? :eek

[dedndave]

well - according to msdn
but, i just made an exe - it looks like a proc, to me   :P

Deadly - ignore my previous post - lol

http://msdn.microsoft.com/en-us/library/aa366920%28VS.85%29.aspx

This macro is defined as the RtlZeroMemory macro. For more information, see Winbase.h and Winnt.h.

the sentance, alone, makes no sense   :lol

[Twister]

Code Select Expand

include \masm32\include\masm32rt.inc

Main proto

.data

    strMsvcrt DB "msvcrt.dll",0
    strMemset DB "memset",0

.code

Main proc
    LOCAL sinfo:STARTUPINFO
    LOCAL ptr_memset:DWORD

    .if FUNC(GetProcAddress, FUNC(LoadLibrary, offset strMsvcrt), offset strMemset)
        mov ptr_memset, eax
       
        push sizeof sinfo
        push 0
        lea eax, sinfo
        push eax
        call ptr_memset    ; memset ( void * ptr, int value, size_t num )
       
    .endif

    invoke ExitProcess, 0
Main endp
   
end Main

[dedndave]

i think i would use GetModuleHandle instead of LoadLibrary, no ?

Code Select Expand

        INCLUDE \masm32\include\masm32rt.inc

        .DATA

szKernel32  db 'kernel32.dll',0
szRtlZeroM  db 'RtlZeroMemory',0

        .CODE

_main   PROC

        LOCAL   sinfo:STARTUPINFO

        INVOKE  GetModuleHandle,offset szKernel32
        INVOKE  GetProcAddress,eax,offset szRtlZeroM
        push    sizeof sinfo
        lea     edx,sinfo
        push    edx
        call    eax

        INVOKE  ExitProcess,0

_main   ENDP

        END     _main

[Twister]

I used LoadLibrary because you need to load the library into your program. It returns the Library Base address after it has been located and loaded successfully.

You are using GetModuleHandle incorrectly. :wink

Code Select Expand

GetModuleHandle Function - Retrieves a module handle for the specified module. The module must have been loaded by the calling process.

Opps, didn't notice you were using kernel32. thought you were using msvcrt :lol

[dedndave]

it's kernel32 - already loaded   :bg

[Twister]

I used the CRT function memset from msvcrt.dll.  I find it quicker. :P

[hutch--]

Vermilion,

The usual process when dynamically calling a function from a DLL is to call LoadLibrary(), check the return value to ensure it loaded corectly then call GetProcAddress() and test its return value. If the value is OK you can then call the function you are after as long as you know the correct argumnets to pass to it.

When you are finished with the function, use FreeLibrary() to release it and recover memory.