News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

MASM executables wih minimal import section

Started by Vortex, July 08, 2005, 09:30:22 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

Vortex

July 08, 2005, 09:30:22 AM
Hi friends,

My tool scan.exe searches for API functions in the source codes and creates a listing of these functions. I created some macros to handlle this listing so that all the API functions can be called with the LoadLibrary & GetProcAddress methode.

Scan looks for API functions and puts them in an include file :
Code Select

.data
impfuncs dd hkernel32
         db "GetModuleHandleA",0
         db 0
         dd huser32
         db "DialogBoxIndirectParamA",0
         db "EndDialog",0
         db "LoadIconA",0
         db "LoadMenuIndirectA",0
         db "MessageBoxA",0
         db "SendMessageA",0
         db "SetMenu",0
         db 0
         dd hgdi32
         db "CreateSolidBrush",0
         db "DeleteObject",0
         db 0
         dd 0

loadDLL db "user32.dll",0
           db "gdi32.dll",0
           db 0

.data?
ProcAddr EQU GetModuleHandle
         GetModuleHandle dd ?
         DialogBoxIndirectParam dd ?
         EndDialog dd ?
         LoadIcon dd ?
         LoadMenuIndirect dd ?
         MessageBox dd ?
         SendMessage dd ?
         SetMenu dd ?
         CreateSolidBrush dd ?
         DeleteObject dd ?

hModules EQU huser32
         huser32 dd ?
         hgdi32 dd ?
         hkernel32 dd ?

NumbOfModules EQU 2


The source code looks like this :
Code Select

.
.
.code
start:
LOAD_LIBS
invoke2 GetModuleHandle, NULL
invoke2 DialogBoxIndirectParam,eax,ADDR Resource,NULL,ADDR DlgProc,NULL
FREE_LIBS
Invoke ExitProcess,eax
.
.


The macro LOAD_LIBS :
- gets the handle of kernel32.dll , only one function ExitProcess is imported from kernel32.lib
  because executables without import section may not function on every version of Windows.
- looks for the adress of GetProcAddress
- finds the addresses of LoadLibrary & FreeLibrary
- loads the required DLLs ( except kernel32.dll )
- finds the adresses of API functions

Finally, FREE_LIBS unloads the DLLs except kernel32.dll

Notice that ExitProcess should be called with Invoke instead of invoke so that scan would not put ExitProcess to the list of API functions. ( scan is case-sensitive ) Only one API function prototype should exist to create a minimal import section :

Code Select

ExitProcess PROTO :DWORD


The couple invoke2 / Invoke2 doesn't do parameter checking. There is also the cinvoke macro for C run-time functions.
If you want scan to by-pass a function, call it with Invoke or Invoke2 macro

To create the listing file :
Code Select

scan sourcefile.asm -m3


...and you get sourcefile.imp

To get more informationa about my tool scan, have a look at :

http://vortex.masmcode.com



[attachment deleted by admin]
Print
Go Up Pages1
User actions