Text only | Text with Images

The MASM Forum Archive 2004 to 2012

Specialised Projects => Pelle's Macro Assembler Development => Topic started by: petrik on September 07, 2010, 07:59:59 PM

Title: Accessing IMAGE_NT_HEADERS with POASM
Post by: petrik on September 07, 2010, 07:59:59 PM
I am trying to get the following proc (partly courtesy of Iczelion's tutorials) to assemble with poasm:

GetImportTable  PROC    USES ESI
    mov esi,NTHeaderOffset ;pointer to IMAGE_NT_HEADERS structure
    mov eax,[esi+IMAGE_NT_HEADERS.OptionalHeader.DataDirectory[SIZEOF IMAGE_DATA_DIRECTORY].VirtualAddress] ;(Import Symbols)
    mov ImportTableRVA,eax
    invoke RVAToOffset,eax
    add eax,pFileOffset
    mov ImportSection,eax
    ret
GetImportTable  ENDP

Poasm keeps throwing up 3 errors:    1. Expected ']'    2. Invalid use of 'VirtualAddress'    3. Invalid use of ']'
I have tried using:

assume esi: ptr IMAGE_NT_HEADERS
mov eax,[esi].OptionalHeader.DataDirectory[SIZEOF IMAGE_DATA_DIRECTORY].VirtualAddress

but poasm throws up another error:    'Invalid use of assume'.
What am I doing wrong?
I would be most grateful for any help. Thank you.
Title: Re: Accessing IMAGE_NT_HEADERS with POASM
Post by: Vortex on September 08, 2010, 10:13:16 AM
Hi petrik,

Poasm does not support the ASSUME statement.

Here is how I code :

Code Select
mov     edx,IMAGE_NT_HEADERS.OptionalHeader.DataDirectory.VirtualAddress[1*8][esi] ; get the RVA of the import section
mov     impsec,edx
mov     edx,IMAGE_NT_HEADERS.OptionalHeader.DataDirectory.VirtualAddress[5*8][esi] ; get the RVA of the relocation section

Try this one :

Code Select
mov     eax,IMAGE_NT_HEADERS.OptionalHeader.DataDirectory.VirtualAddress[SIZEOF IMAGE_DATA_DIRECTORY][esi] ;(Import Symbols)
Title: Re: Accessing IMAGE_NT_HEADERS with POASM
Post by: petrik on September 08, 2010, 07:05:37 PM
Thank you Vortex for your advice.
I have tried the coding method as you have written but poasm still gives me the same 2 errors about expected ']' and invalid use of ']'; no VirtualAddress error though.
I have tried various further coding combinations without success.
mov edx,[esi+IMAGE_NT_HEADERS.OptionalHeader.DataDirectory.VirtualAddress] assembles ok.
mov edx,[esi].IMAGE_NT_HEADERS.OptionalHeader.DataDirectory.VirtualAddress assembles ok.
It would appear that poasm doesn't like the [5*8] or [1*8] or [sizeof IMAGE_DATA_DIRECTORY].
Any more thoughts?
Title: Re: Accessing IMAGE_NT_HEADERS with POASM
Post by: Vortex on September 09, 2010, 09:47:36 AM
Hi petrik,

First of all, please accept my apologies. I posted a Masm code portion above. Here is the solution I propose :

Code Select

; Code assembled with Pelles Macro Assembler, Version 6.00.4

.386
.model flat,stdcall
option casemap:none

include     AccessStruct.inc

ExitProcess PROTO :DWORD

includelib  \PellesC\lib\win\kernel32.lib

.data?

testStruct  IMAGE_NT_HEADERS <?>

.code

start:

    call    main

    invoke  ExitProcess,0

main PROC USES esi

    mov     esi,OFFSET testStruct

    mov     eax,[esi+IMAGE_NT_HEADERS.OptionalHeader.DataDirectory.VirtualAddress+SIZEOF IMAGE_DATA_DIRECTORY]

            ; = MOV EAX,DWORD PTR DS:[ESI+80] : Output of OllyDbg
    ret

main ENDP

END start


It looks like that Poasm cannot handle some structure notations like Masm. Would you please try the syntax above?

Once again, my apologies.

Vortex
Title: Re: Accessing IMAGE_NT_HEADERS with POASM
Post by: petrik on September 09, 2010, 06:56:46 PM
Thank you Vortex.
With that simple change from ...VirtualAddress[5*8] to ...VirtualAddress+(5*8) poasm assembles ok.
With gratitude.  :bg

petrik

PS Absolutely no apologies necessary.
Text only | Text with Images