Library Function Addresses

[JPlayer]

Hello all. This is my first post in AGES. I haven't really programmed much in assembly language lately because i'm more interested in opcodes recently. Basically, I have just started playing with making functions using only opcodes but I have run into a small little problem. First, here is some code I created recently and i'll explain what I don't like about it and how I want to change it (btw, this is in C):

Code Select Expand

#include <stdio.h>

int main()
{
int a = 1332;
unsigned char func[] = {0x81, 0x85, 0xF4, 0xFF, 0xFF, 0xFF, 0x05, 0x00, 0x00, 0x00, 0xC3};
((void(*)(void))func)();

printf("%d", a);

return 0;
}

First off, let me explain what func does:

Code Select Expand

add [ebp-12], 5
ret

I have forgotten assembly syntax so just assume that "[ebp-12]" means "go to that address" so that the add code adds 5 to the contents stored at [ebp-12].

This code works exactly the way I want it to but my first complaint is that "func" assumes that 'a' will be located at [ebp-12] but that's not necessarily true. I think depending on the compiler and depending on how you tell it to align the code, the location of 'a' can change. Is there anyway to make the code less dependent on the location of 'a'?

My second complaint (and the more important one in my opinion...hence the title of this post) is that I had to call printf in C. How am I able to determine the location of printf and other functions when I am hand-coding a function (this question applies to the WIN32 API functions also)? As far as I can tell, the library containing printf and other functions is dynamic in the sense that it can be placed anywhere in memory. So basically what I am asking is: how do assemblers/compilers/linkers/whatever take something like "call printf" and figure out where printf is located? It seems like it would be a decent amount of code to figure out the location of printf and other functions but in the end result, the code for "call printf" is simply just the appropriate opcode for 'call' and the address of 'printf'. Would figuring out the addresses of printf and other functions be too hard to do manually?

You are probably wondering why on earth I would want to play with opcodes in C and the reasons are simple: I find it very challenging, fun, and educational to get at a level even lower than assembly. Thanks in advance for any replies. Bye.

[comrade]

Is there anyway to make the code less dependent on the location of 'a'?

Yes, use regular C or inline assembly. Using inline assembly will be technically equivalent to your opcodes solution, but much more flexible, and REASONABLE.

How am I able to determine the location of printf and other functions when I am hand-coding a function (this question applies to the WIN32 API functions also)?

The location of addresses of functions in DLLs are retrieved from the DLLs export table at runtime by the Windows executable loader. Static functions, such as statically compiled CRT, are "linked" to the main stream of code at link-time. There was a very good, in-depth explanation of DLL address resolving at run-time at some site, and I will look-it up for you once I get home.

You are probably wondering why on earth I would want to play with opcodes in C and the reasons are simple: I find it very challenging, fun, and educational to get at a level even lower than assembly. Thanks in advance for any replies. Bye.

You are insane.

[comrade]

For start you can check this example which resolves the MessageBox() API at runtime:
http://comrade.ownz.com/sources/noimport.zip

Also do a search for "no imports" or "DLL address" on this board and http://board.win32asmcommunity.net/

[Farabi]

What library? Is what you mean the function on the source code?

[ToutEnMasm]

Hello,
The Executable use two way to call API.
The static method use libraries .lib to connect The API functions in dll.
The dynamic method load the dll in memory and search for the address functions in the dll.
Searching the address in the dll can be made using The PE file format or by the API GetProcAddress.
The sample below uses the dynamic method and search the adresses, first, with the PE file format and then by GetProcAddress.
The source uses the defined structures of the PE file and can be understanded without too much headache.
                                        ToutEnMasm


[attachment deleted by admin]

[AeroASM]

There are a couple of ways to get the address of a dll function:

1. Use GetProcAddress. This is the safest, but highest level.
2. Use the method in the above link noimport.zip. This is OK but boring because it does exactly the same as GetProcAddress.
3. Look up the address of the dll in memory and look up the offset of the function within the dll, and add them together. Hard-code this address into your program.
This is fun and neat, but very dangerous because the dll could theoretically be located anywhere and the function offset might change in future versions.

[QvasiModo]

This code works exactly the way I want it to but my first complaint is that "func" assumes that 'a' will be located at [ebp-12] but that's not necessarily true. I think depending on the compiler and depending on how you tell it to align the code, the location of 'a' can change. Is there anyway to make the code less dependent on the location of 'a'?

Since you're calling the asm code as a function, you should be passing data to it as parameters and get the return value. Accessing local variables from the scope of another procedure is a bad idea always...

Now, the exact way to pass parameters and return values will somewhat depend on the compiler, and greatly of the target platform. This document will teach you everything you need to know about function calling conventions, from the assembly language perspective:

http://www.agner.org/assem/calling_conventions.pdf

Also I'd recommend you to write the asm code with FASM or a similar assembler that can output raw binary opcodes, then copy & paste the results into your C program. Otherwise you're in for a long, slow work! :bg