News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

DLL Base

Started by FlySky, August 05, 2009, 04:15:14 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

FlySky

August 05, 2009, 04:15:14 PM
Hey guys, this is a very sweet DLL example. What I am looking for is a way to compile a DLL with an static imagebase. In masm I could use the folowing switch to give the DLL an imagebase:

/BASE 0x45000000 it would than compile the DLL with an imagebase of 45000000 how would I go on with this in Goasm? as when using base it does not give me an error with the switch, it does not build the dll with an imagebase of 45000000.

jorgon

#1
August 05, 2009, 05:31:06 PM
Hi FlySky

It's the linker which actually sets the base, so you need to use the /base switch in GoLink.

The GoLink help file describes how to do this.

PS. I moved this to a new topic, which seemed more appropriate!
Author of the "Go" tools (GoAsm, GoLink, GoRC, GoBug)

FlySky

#2
August 05, 2009, 05:45:39 PM
Ahh darn I am reading the wrong help file, I went through the goASM help file as it describes about DLL's etc.. I will go through the golink help file aswell.

The golink help file talks about switches yeah, basicly I set the following switches:

\GoAsm\bin\GoLink /dll /base 45000000 /entry DllEntry /fo test.dll Dll.obj

so it would give my dll a base of 45000000 right. When running the dll in IDA Pro, it's still loaded at 10000000.

donkey

#3
August 05, 2009, 06:49:37 PM
Hi FlySky,

IDAPro may have an effect on where the DLL is loaded or the PELoader itself. Setting the image base of a DLL does not guarantee that it will be loaded there, it merely instructs the PELoader that that is the preferred address, if there is already a DLL resident at that address or the memory has been reserved using VirtualAlloc or some other memory allocation scheme then it will be relocated. Vista is notorious for ignoring the preferred image base and essentially doing whatever it feels like. Here is one of the better articles on image rebasing:

http://msdn.microsoft.com/en-us/library/ms810432.aspx
"Ahhh, what an awful dream. Ones and zeroes everywhere...[shudder] and I thought I saw a two." -- Bender
"It was just a dream, Bender. There's no such thing as two". -- Fry
-- Futurama

Donkey's Stable

FlySky

#4
August 06, 2009, 11:16:13 AM
I understand, but when creating the dll it would have to give me the imagebase of 45000000 right? So when I than load it in IDA, and not having the DLL inside a proces, IDA should be able to read the static imagebase, although it still loads it at 45000000 the compiled DLL in MASM does get read by IDA with an imagebase of 45000000, so mostlikely I am doing something wrong with goasm just don't know what.

*EDIT*
Just got it working, I removed the dll.obj file and recompiled. IDA Reads the DLL with the right imagebase now.

rags

#5
August 07, 2009, 01:29:40 AM
What would be the benifit or purpose of having a dll load at a specific address? I am only asking because I really don't know.
TIA
God made Man, but the monkey applied the glue -DEVO

ecube

#6
August 07, 2009, 05:49:14 AM
Quote from: rags on August 07, 2009, 01:29:40 AM
What would be the benifit or purpose of having a dll load at a specific address? I am only asking because I really don't know.
TIA

i'm sure they're quite a few, I know it benefited me when I wrote a masm exe export example here http://www.masm32.com/board/index.php?topic=6331.0, because by default the exe with exports and the caller exe both loaded at the same base address, so when I attempted to pass a buffer to an exported function, it seemed to point to a local address of the caller exe. When I changed the base address for the export exe, it worked ok.
Print
Go Up Pages1
User actions