An actual assembly programming question

[baltoro]

I'm wondering if there is a way to do this: in my program, I have called LoadLibrary, and GetProcAddress for a function that is exported from kernel32.dll only in Windows Vista and higher. Assuming the program is running on Windows Vista or higher, and GetProcAddress succeeds, is there any way that I can use the address with invoke?
In C++, typically you cast the return address into a function prototype (so that the compiler automatically checks the signature and parameters for correctness), and then call the function as if it were a normal dynamic DLL export. It's just for convenience, really. I was researching the question in Kip Irvine's: Assembly Language for Intel-Based Computers, and he says that you just use the address as an operand with the call instruction.

[drizz]

Of course you can and yes type checking will work too. http://www.masm32.com/board/index.php?topic=5299.msg39702#msg39702

[dedndave]

there is no need to use LoadLibrary for kernel32
it is already loaded   :bg
i use GetModuleHandle and GetProcAddress in a similar way to see if the OS supports multiple processors
if kernel32.dll contains SetProcessAffinityMask, then it does   :U

here is an example...

http://www.masm32.com/board/index.php?topic=14674.msg118929#msg118929

here is the lowdown, straight from the horses mouth   :P

http://www.masm32.com/board/index.php?topic=14674.msg118941#msg118941

[hutch--]

 :bg

Have a look at the "SPROTO MACRO func_addr:REQ,arglist:VARARG" docmented in the high level help file with masm32.

[dedndave]

again - kernel32 is already loaded
if you use LoadLibrary, you should FreeLibrary later on
that is an unnecessary step, as the library is already loaded - and stays loaded
just use GetModuleHandle

however...
for what you are doing, you might be better off to use GetVersion or GetVersionEx
then, test for a minimum value of the major OS version number

[dedndave]

relying on the existance of a module to determine the OS version is not 100% reliable
one thing that is possible - MS released a hotfix for XP that adds the function to the API
then, your code will be broken   :P

here is a simple program...

[hutch--]

 :bg

Every time I have seen people try shortcuts like that it comes back later and bites them on the ass. The overhead cost of a LoadLibrary() call is trivial and by doing this the published method it increments the module count up by one and on FreeLibrary() down by 1.

[dedndave]

kernel32.dll is always loaded - no matter what
and, it is always loaded first (per Edgar)
i am fairly certain it is the module that is responsible for loading and executing EXE's
i think that's part of the definition of a kernel

http://www.masm32.com/board/index.php?topic=14674.msg118988#msg118988

.data

.code
Start:
invoke user32.dll:MessageBoxA,0,"hello",0,0
ret

[dedndave]

Code Select Expand

        .DATA
szKernel32Module db 'kernel32.dll',0

        .CODE
Start:
        INVOKE  GetModuleHandle,offset szKernel32Module
        ret

        END     Start

you can assemble that as console or windows app
run it on any win OS that supports PE
and it will return a valid handle

[hutch--]

Hate to tell you this but later Windows versions handle the instance handle from the main process. GetModuleHandle() is mainly retained for compatibility reasons. Its fine under NT based OS versions to assume the the "Colonel" will be loaded first but we have seen change in the internal structures of Windows over the last 15 years and Vista/Win7 is not an NT based kernel any longer. Wait for a later OS version to jump up and bite you on the arse for making that assumption.

[japheth]

you can assemble that as console or windows app
run it on any win OS that supports PE
and it will return a valid handle

Of course, since "GetModuleHandle" is exported by kernel32.dll. But this code:

Code Select Expand


.386
.model flat,stdcall
.code
start:
ret
END start


is also a valid Win32 binary, and here it is NOT guaranteed that kernel32 is loaded. In WinXP it is loaded, but for future Windows versions it might be just ntdll.dll. So using LoadLibrary is - theoretically - safer than GetModuleHandle.

[jj2007]

Of course you can and yes type checking will work too. http://www.masm32.com/board/index.php?topic=5299.msg39702#msg39702

Interesting technique, although it assumes that the lib is available and included (which is the case for the OP). Another option is a macro à la MasmBasic; it counts the paras passed, too:

   Dll "msvcrt"
   Declare sprintf, C:?   ; C calling convention, variable # of args
   void sprintf(offset msgtext, "%016I64u", i64)      ; low & high dword of i64 managed by macro
   Print offset msgtext, 13, 10

Masm32 syntax for static link would be invoke crt_sprintf, offset msgtext, offset format, i64

[dedndave]

there is an excellent definition of the term "kernel" on wikipedia
but, i know Hutch will poo-poo on that - lol
so, i found a different source   :bg

http://www.webopedia.com/TERM/K/kernel.html

kernel

The central module of an operating system. It is the part of the operating system that loads first, and it remains in main memory. Because it stays in memory, it is important for the kernel to be as small as possible while still providing all the essential services required by other parts of the operating system and applications. Typically, the kernel is responsible for memory management, process and task management, and disk management.

i wonder what you guys think the kernel is - lol

[japheth]

i wonder what you guys think the kernel is - lol

NTOSKRNL.EXE perhaps?  :bg

[drizz]

i wonder what you guys think the kernel is - lol

Bytes above SYSTEM_INFO.lpMaximumApplicationAddress and below SYSTEM_INFO.lpMinimumApplicationAddress   :bg

What you want to know ....

usermode:
somedll -> ntdll -> sysenter(id) -> dispatcher defined by some MSR

kernel:
dispatcher calls SSDT(id)
SSDT with
win32 subsystem -> mapped to NTOSKRNL.EXE or NTKRNLPA.EXE
win32k syubsystem -> win32k.sys :: gdi stuff

bla bla bla  :boohoo: