i found an aplication in TASM that gets the list
of all exported functions in a DLL .

i?m traing to translate it to NASM syntax and then
to make some alteration a make the list of function came on a edit box and add some stuff like this list:
..
import MapVirtualKey user32.dll MapVirtualKeyA
import MapVirtualKeyEx user32.dll MapVirtualKeyExA
import MapWindowPoints user32.dll
import MenuItemFromPoint user32.dll
import MessageBeep user32.dll
import MessageBox user32.dll MessageBoxA
..

but for know i just want to translate the TASM example that gives the list of the function on a
listbox.


like this:
..
MapVirtualKey
MapVirtualKeyExA
MapWindowPoints
MenuItemFromPoint
MessageBeep
MessageBoxA
..

in order to make this more clear i will post the TASM down
Posted on 2003-02-07 18:46:40 by ZobySound
.386
locals
jumps
.model flat,STDCALL
include win32.inc ; Some 32-bit constants and structures (Borlands)
include MyWin32.inc ; Additional Win32 defines
include ImageHlp_Imports.inc ; Imported Win32 functions




;-- ---------------------------------
; Consts
;

L equ <LARGE>

ID_BTN_LOAD equ 101
ID_LBOX_EXPORTS equ 102



;===========================================================================
; Data
;===========================================================================
.data


hInst dd 0 ;Application instance
wndDlg dd 0 ;Main dialog window
szAppName db 'Res Info (Asm)', 0 ;Application name
wndLBox dd 0
LoadedImage LOADED_IMAGE <0>
ofn_szFile db 300 dup( ? ) ;Currently open file
ofn OPENFILENAME <0> ;OpenFile struct, global so that settings are not lost



;===========================================================================





;===========================================================================
; Code
;===========================================================================

.code
;-----------------------------------------------------------------------------
;
; This is where control is received from the loader.
;
start:

push L 0
call GetModuleHandle ; get hmod (in eax)
mov , eax ; hInstance = HMODULE


call InitCommonControls ;Going to be using common control


push L 0
push offset DlgProc ;Dialog proc
push 0
push L 101
push
call DialogBoxParamA ;Start the main dialog


end_loop:
push 0
call ExitProcess

; we never get to here


;-----------------------------------------------------------------------------
DlgProc proc uses ebx edi esi, hDlg:DWORD, wMsg:DWORD, wParam:DWORD, lParam:DWORD
;
; WARNING: Win32 requires that EBX, EDI, and ESI be preserved! We comply
; with this by listing those regs after the 'uses' statement in the 'proc'
; line. This allows the Assembler to save them for us.
;

mov eax,
mov , eax
mov eax, 0

cmp , WM_DESTROY
je wmdestroy
cmp , WM_CLOSE
je wmclose
cmp , WM_COMMAND
je wmcommand
cmp , WM_INITDIALOG
je wminitdialog
jmp finish


wminitdialog:
push lParam
push wParam
push wMsg
push hDlg
call OnWMInitDialog
jmp finish


wmclose:
push lParam
push wParam
push wMsg
push hDlg
call OnWMClose
jmp finish

wmdestroy:
mov eax, 1
jmp finish

wmcommand:
push lParam
push wParam
push wMsg
push hDlg
call OnWMCommand
jmp finish


finish:
ret
DlgProc endp



;---------------------------------------------------------------------------------
OnWMInitDialog proc hDlg:DWORD, wMsg:DWORD, wParam:DWORD, lParam:DWORD


;Get the listbox window handle
push ID_LBOX_EXPORTS
push wndDlg
call GetDlgItem
mov , eax

OnDlgInit_exit:

mov eax, 0
ret
OnWMInitDialog endp


;---------------------------------------------------------------------------------
OnWMClose proc hDlg:DWORD, wMsg:DWORD, wParam:DWORD, lParam:DWORD

push 0
push
call EndDialog
mov eax, 0

ret
OnWMClose endp


;---------------------------------------------------------------------------------
OnWMCommand proc hDlg:DWORD, wMsg:DWORD, wParam:DWORD, lParam:DWORD


mov eax,

cmp ax, IDOK
je Cmd_Ok

cmp ax, ID_BTN_LOAD
je Cmd_Load


jmp OnWMCommand_end


Cmd_Ok:
push lParam
push wParam
push wMsg
push hDlg
call OnWMClose
jmp OnWMCommand_end

Cmd_Load:
push lParam
push wParam
push wMsg
push hDlg
call OnCmdLoad
jmp OnWMCommand_end


OnWMCommand_end:
ret
OnWMCommand endp



;---------------------------------------------------------------------------------
OnCmdLoad proc hDlg:DWORD, wMsg:DWORD, wParam:DWORD, lParam:DWORD


push 0
push 0
push LB_RESETCONTENT
push wndLBox
call SendMessage

call DoOpenFileDialog

cmp eax, 0
je CmdLoad_Exit


call DoGetExports


CmdLoad_Exit:

ret
OnCmdLoad endp



;---------------------------------------------------------------------------------
DoGetExports proc

LOCAL iSize:DWORD
LOCAL iNumNames:DWORD
LOCAL iNameLoop:DWORD
LOCAL pNtHeaders:DWORD
LOCAL pFunctionNames:DWORD
LOCAL pExportDir:DWORD = LocalSize

push ebp
mov ebp, esp
sub esp, LocalSize


jmp DoExports_OverData

szError db 'MapAndLoad failed',0


DoExports_OverData:

push true
push true
push offset LoadedImage
push 0
push offset ofn_szFile
call MapAndLoad

cmp eax, 0
je DoExports_ErrorMapAndLoad



lea eax, iSize
push eax
push IMAGE_DIRECTORY_ENTRY_EXPORT
push false
push LoadedImage.li_MappedAddress
call ImageDirectoryEntryToData
mov , eax


;Get num of named functions
mov eax,
add eax, ied_NumberOfNames
mov eax,
mov iNumNames, eax


;Get the address of the names
mov eax,
add eax, ied_AddressOfNames
mov ebx,

;Get the IMAGE_NT_HEADER
push LoadedImage.li_MappedAddress
call ImageNtHeader
mov , eax



;Get the VA of the function names
push 0
push ebx
push LoadedImage.li_MappedAddress
push
call ImageRvaToVa
mov , eax


xor eax, eax
mov , eax

DoExports_top:
;Get offset into AddressOfNames array = (sizeof( DWORD ) * iNameLoop)
mov eax, 4
mov ebx,
mul bx
mov edx, eax


;Get the VA of this name
push 0
mov eax,
add eax, edx
mov eax,
push eax
push LoadedImage.li_MappedAddress
push
call ImageRvaToVa

;Add the name to the list box
push eax
call AddStringToLBox


;If there is another item goto top
add , 1
mov eax,
cmp eax, iNumNames
jb DoExports_top


;UnMapAndLoad frees mem allocated by MapAndLoad
push offset LoadedImage
call UnMapAndLoad


jmp DoExports_exit



DoExports_ErrorMapAndLoad:
;There was an error while trying to load the file
push MB_OK
push offset szAppName
push offset szError
push wndDlg
call MessageBox
jmp DoExports_exit


DoExports_exit:

mov esp, ebp
pop ebp
ret
DoGetExports endp



;---------------------------------------------------------------------------------
AddStringToLBox proc szStr:DWORD

push szStr
push 0
push LB_ADDSTRING
push wndLBox
call SendMessage

ret
AddStringToLBox endp



;---------------------------------------------------------------------------------
DoOpenFileDialog proc

jmp Ofd_OverData

Ofd_szFilter db 'DLLs (*.dll)', 0, '*.dll', 0, 0

Ofd_OverData:

mov , size OPENFILENAME
mov eax,
mov , eax
mov eax,
mov , eax
mov , offset Ofd_szFilter
mov , 0
mov , 0
mov , 0
mov , offset ofn_szFile
mov , 299
mov , 0
mov , 0
mov , 0
mov , 0
mov , OFN_EXPLORER or OFN_FILEMUSTEXIST or OFN_LONGNAMES
mov , 0
mov , 0
mov , 0
mov , 0
mov , 0
mov , 0

push offset ofn
call GetOpenFileName


ret
DoOpenFileDialog endp



public DlgProc

ends
end start
Posted on 2003-02-07 18:47:55 by ZobySound
%include '\lab\vasm\inc\nagoa.inc'




;--- here some dll functions that this aplication use from imagehlp.dll that is not in nagoa.obj
import ImageNtHeader imagehlp.dll
import ImageRvaToVa imagehlp.dll
import MapAndLoad imagehlp.dll
import UnMapAndLoad imagehlp.dll
import ImageDirectoryEntryToData imagehlp.dll


STRUC LOADED_IMAGE
.ModuleName resd 1
.hFile resd 1
.MappedAddress resd 1
.FileHeader resd 1
.LastRvaSection resd 1
.NumberOfSections resd 1
.Sections resd 1
.Characteristics resd 1
.fSystemImage resw 1
.fDOSImage resw 1
.Links resd 1
.SizeOfImage resd 1
ENDSTRUC
;------------------------------------------------------------





..start:

call GetModuleHandle,0
CONST hInst, dd 0
mov , eax


call InitCommonControls ;Going to be using common control



call DialogBoxParamA,,101,0,DlgProc,0 ;Start the main dialog


end_loop:

call ExitProcess,0


;--------- DlgProc
proc DlgProc,hDlg,wMsg,wParam,lParam

cmp dword , WM_DESTROY
je wmdestroy
cmp dword , WM_CLOSE
je wmclose
cmp dword , WM_COMMAND
je wmcommand
cmp dword , WM_INITDIALOG
je wminitdialog
jmp finish

finish:
endproc
;-------- DlgProc end


; initial data of our aplication is here

wminitdialog:

;-- Getting the listbox window handle
CONST ID_LBOX_EXPORTS , equ 102
push ID_LBOX_EXPORTS
push dword
call GetDlgItem
CONST wndLBox , dd 0
mov , eax
jmp finish


wmclose:
push byte 0
push dword
call EndDialog
mov eax, 0
jmp finish

wmdestroy:
mov eax, 1
jmp finish


;-------------------------------------------------------
wmcommand:

mov eax, dword
CONST ID_BTN_LOAD , equ 101
cmp ax, ID_BTN_LOAD
je Cmd_Load
jmp finish

;--------------------------------
Cmd_Load:

push 0
push 0
push LB_RESETCONTENT
push dword
call SendMessage

; DoOpenFileDialog
CONST ofn , resb OPENFILENAME_size
mov dword ,OPENFILENAME_size
mov eax,
mov dword , eax
mov eax,
mov dword , eax
CONST Ofd_szFilter, db 'DLLs (*.dll)', 0, '*.dll', 0, 0
mov dword , Ofd_szFilter
CONST ofn_szFile , times 300 db 0
mov dword , ofn_szFile
mov dword , 299
mov dword ,OFN_EXPLORER | OFN_FILEMUSTEXIST | OFN_LONGNAMES
call GetOpenFileName,ofn
;---------------------

cmp eax, 0
je CmdLoad_Exit
CALL DoGetExports
CmdLoad_Exit:
jmp finish

;--------------------------------

;--------------------------------
DoGetExports:

call MapAndLoad,ofn_szFile,0,LoadedImage,1,1
cmp eax, 0
je near DoExports_ErrorMapAndLoad

CONST LoadedImage, resb LOADED_IMAGE_size
CONST iSize, DD 0
push iSize
push IMAGE_DIRECTORY_ENTRY_EXPORT
push byte 0
push dword
call ImageDirectoryEntryToData
CONST pExportDir, dd 0
mov , eax



;Get num of named functions
mov eax, dword
add eax, ;18h
mov eax,
CONST iNumNames, DD 0
mov ,eax


;Get the address of the names
mov eax, dword
add eax,
mov ebx,

;Get the IMAGE_NT_HEADER
push dword
call ImageNtHeader
CONST pNtHeaders, DD 0
mov , eax



;Get the VA of the function names
push byte 0
push ebx
push dword
push dword
call ImageRvaToVa
CONST pFunctionNames, DD 0
mov , eax
xor eax, eax
CONST iNameLoop, DD 0
mov , eax

DoExports_top:
;Get offset into AddressOfNames array = (sizeof( DWORD ) * iNameLoop)
mov eax, 4
mov ebx,
mul bx
mov edx, eax


;Get the VA of this name
push 0
mov eax,
add eax, edx
mov eax,
push eax
push dword
push dword
call ImageRvaToVa

;Add the name to the list box


;---AddStringToLBox

call SendMessage,,LB_ADDSTRING,0,eax



;If there is another item goto top
add , byte 1
mov eax,
cmp eax,
jb DoExports_top


;UnMapAndLoad frees mem allocated by MapAndLoad


call UnMapAndLoad, LoadedImage


jmp DoExports_exit



DoExports_ErrorMapAndLoad:
;There was an error while trying to load the file
push MB_OK
CONST szAppName , db 'Res Info (Asm)', 0
push szAppName
CONST szError, db 'MapAndLoad failed',0
push szError
push dword
call MessageBox
jmp DoExports_exit


DoExports_exit: jmp finish

; ------- DoGetExports end
Posted on 2003-02-07 18:49:34 by ZobySound
It might be easier and more beneficial for you to read Iczelion's PE tutorials... specifically tutorial number 7 that does just what you're asking.
Posted on 2003-02-07 23:18:07 by BubbaFate
greetings!
Posted on 2003-02-10 21:22:10 by n u M I T_o r
Hi nuMIT_or thats hard code ! i like it

did not work in windows me :(
Posted on 2003-02-11 20:35:16 by Nguga
> did not work in windows me

umm! is strange. I don't have me.
can you say what is the error?
Does occur the error when the program intends load a DLL or when
reads the export directory info?
Posted on 2003-02-11 22:30:59 by n u M I T_o r
nuMIT_or , i tried some dll in windows system some dll work well ,

others say "Fail Load the module"

and others like fmod.dll does not say any error and no exports are shown ...


any way thanks for all that macros :))
Posted on 2003-02-12 09:52:46 by Nguga
Right!

There was some bugs in my code. I don't understand how could to run!

But the problem is not WinME. Is there a bug in win32n.inc. In the line
9932:

TRUC IMAGE_OPTIONAL_HEADER
...
...
.DataDirectory RESQ 1
ENDSTRUC

That size is not correct. The Data Directory has 16 entries; each entry
has two DWORD members:

STRUC IMAGE_DATA_DIRECTORY
.VirtualAddress RESD 1
.isize RESD 1
ENDSTRUC

So, the best is delete that member or change it to:

.DataDirectory resd IMAGE_DATA_DIRECTORY_size*16

In my code I assume that IMAGE_OPTIONAL_HEADER does not include
the Data Directory.

I have corrected some errors in my code. But yet there are some DLLs
that the programm won't load. That is a interesting problem! Of course,
the programm only load PE files.

greetings
Posted on 2003-02-12 21:09:37 by n u M I T_o r
hi i changed the

STRUC IMAGE_OPTIONAL_HEADER
.
.
.

.DataDirectory RESQ 1
ENDSTRUC


to



STRUC IMAGE_OPTIONAL_HEADER
.
.
.
.DataDirectory RESD IMAGE_DATA_DIRECTORY
ENDSTRUC



made the NaGoA version that it is more litle only 5,27 KB

and your 5,77 KB


i added some macros of your to nagoa.inc



this ones:

;========= new macros added by nuMIT_or ======================
; =====================================================
; = MACROS =
; =====================================================

%MACRO LOCALS 1-*
%REP %0
sub esp, %1_size
%ENDREP
%ENDMACRO

%MACRO pushd 1
push DWORD %1
%ENDMACRO

%MACRO popd 1
pop DWORD %1
%ENDMACRO

%MACRO movd 2
mov DWORD %1, %2
%ENDMACRO




; ------- PE Macros -------------------------------------

%MACRO NTSIGNATURE 1
mov eax, %1
movzx ebx, word ; eax = offset de la signatura
add eax,ebx
movzx eax, word
%ENDMACRO

%MACRO PEFHDROFFSET 1
mov eax, %1
add eax, dword ; eax = offset de la signatura
add eax, 4 ; eax = offset del inicio del encabezado PE
%ENDMACRO

%MACRO OPTHDROFFSET 1
PEFHDROFFSET %1 ; devuelve eax = offset del inicio del encabezado PE
add eax, IMAGE_FILE_HEADER_size
%ENDMACRO

%MACRO SECHDROFFSET 1
OPTHDROFFSET %1 ; devuelve eax = offset del inicio del encabezado op.
add eax, IMAGE_OPTIONAL_HEADER_size
%ENDMACRO

; ==== nuMIT_or end of macros========================
Posted on 2003-02-13 16:13:56 by Nguga
this version has the same size of the hard coded of nuMIT_or

just this in NAGOA.INC is win32n.inc and much more .

"CALL" is real CALL in assembly

"call" is a macro in and is the same of "stdcall" calling via IAT

"invoke" is used for calling internal rotins with variavels


here is the code using some of NAGOA macros:

****************************************************************



%include '\lab\vasm\inc\nagoa.inc'



IDD_MAINDLG equ 110
IDC_EDIT equ 1000
IDM_OPEN equ 40001
IDM_EXIT equ 40003
PAGE_READONLY equ 2
LV_ITEM_SIZE equ 9*4
LV_COLUMN_SIZE equ 6*4
space equ 20h
CR equ 0Dh
LF equ 0Ah
TAB equ 7

Col30 db 'RVA', 0
Col20 db 'Ord.', 0
Col10 db 'Name', 0

CapStr db "Export functions viewer", 0
NoExportTable db "There is not export functions", 0
NoPe db "The loaded file has not PE format", 0
Msg100 db "The file can not be opened", 0
Msg101 db "Fail to load the module.", 10, 13
db "It will intend to map it.", 0
Msg102 db "Fail to intend open and map the file.", 0

Filter db "Executable files (*.exe, *.dll, *.ocx)", 0
db "*.exe; *.dll; *.ocx", 0
db "All the files (*.*)", 0, "*.*", 0, 0

template1 db "%u", 0
template2 db "%lX", 0
template3 db "Export functions viewer - %s", 0

import_str db "import", 9, 0
OutFile db "import.txt", 0

hMod resd 1
_pFl resd 1
_maped resd 1
buffer resb 256
FileName resb 256
ModuleName resb 64
FunctionName resb 64
ofn resb OPENFILENAME_size









..start:

xor ebx, ebx
push ebx
stdcall GetModuleHandleA
mov , eax

push ebx
pushd ExportDlgProc
push ebx
pushd IDD_MAINDLG
push eax
stdcall DialogBoxParamA

push ebx
stdcall ExitProcess
stdcall InitCommonControls

; :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

proc ExportDlgProc,hDlg,uMsg,wParam,lParam



mov eax,
cmp eax, WM_INITDIALOG
jne near .close
; ----------------------------------
; To fill OPENFILENAME struct
; ----------------------------------

stdcall RtlZeroMemory,ofn,OPENFILENAME_size
movd , OPENFILENAME_size
pushd
popd
pushd
popd
movd , OFN_EXPLORER + OFN_LONGNAMES + OFN_HIDEREADONLY
movd , 0
movd , 256
movd , FileName
movd , Filter
stdcall GetOpenFileNameA,ofn
or eax, eax
je near .exit

movd [_maped], 0
stdcall LoadLibraryA,FileName
or eax, eax
jne .loaded
invoke warning,,Msg102
inc DWORD [_maped]
invoke OpenAndMapFile,FileName
or eax, eax
jne .loaded
invoke warning,,Msg102
jmp .if_maped

.loaded:
mov [_pFl], eax
push eax

CALL RefreshListview
cmp eax, -1
jne .f

pushd Msg102
pushd
CALL warning
jmp .if_maped

.f
pushd 104
pushd
CALL ShowTheFunctionsName
cmp eax, -1
jne .return_true

pushd Msg102
pushd
CALL warning
jmp .if_maped

.close:
cmp eax, WM_CLOSE
jne .command
.if_maped:
cmp DWORD [_maped], 0
jne .else_quit
pushd [_pFl]
stdcall FreeLibrary
.else_quit:
pushd [_pFl]
stdcall UnmapViewOfFile

.exit:
stdcall EndDialog, DWORD , BYTE 0

.command:
cmp eax, WM_COMMAND
jne .return_false
mov eax,
cmp eax, IDM_EXIT
jne .return_true
jmp .if_maped

.return_false:
xor eax, eax
jmp .return

.return_true:
xor eax, eax
inc eax
.return :
endproc


; :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

RefreshListview:

CONST lvc, dd 0

mov edi,
xor ebx, ebx
; -----------------------------
; Clean the list view control
; -----------------------------
push ebx
push ebx
pushd LVM_DELETEALLITEMS
pushd 103
push edi
stdcall SendDlgItemMessageA
; --------------------------------
; Get the ListView control handle
; --------------------------------
pushd 104
push edi
stdcall GetDlgItem

movd , LVCF_FMT+LVCF_SUBITEM+LVCF_TEXT+LVCF_WIDTH
movd , LVCFMT_CENTER

lea edx,
mov ebx, LVM_INSERTCOLUMN
mov esi, 2
mov ecx, 3

.b:
push edx
push esi
push ebx
push eax
dec esi
dec ecx
jne .b

movd , 128
movd , Col10
stdcall SendMessageA
cmp eax, -1
je .exit

movd , 80
movd , Col20
stdcall SendMessageA
cmp eax, -1
je .exit

movd , 100
movd , Col30
stdcall SendMessageA

.exit
ret

; :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::


ShowTheFunctionsName:

enter 0,0
push ebx
push esi
push edi

CONST pF , DD 0
CONST lvi, DD 0
CONST hFile , DD 0
CONST hListV , DD 0
CONST Base , DD 0
CONST NumberOfNames , dd 0
CONST TempBuffer, dd 0

; ------------------------

pushd
popd

; ------------------------
; Create a file to output
; ------------------------
mov edi, OutFile
cdq
push edx
pushd FILE_ATTRIBUTE_NORMAL
pushd CREATE_ALWAYS
push edx
pushd FILE_SHARE_WRITE+FILE_SHARE_READ
pushd GENERIC_WRITE+GENERIC_READ
push edi
stdcall CreateFileA
mov , eax
; ------------------------
; Get the listview handle
; ------------------------
.gethListv
pushd
pushd
stdcall GetDlgItem
mov , eax
; --------------
; Is a PE file?
; --------------

mov eax,
add eax,
cmp , word "EP"
jne .is_pe
pushd MB_OK+MB_ICONERROR
pushd CapStr
pushd NoPe
pushd
stdcall MessageBoxA
xor eax, eax
jmp .exit

.is_pe
; ----------------------------
; Get RVA of Export Directory
; ----------------------------
mov edi,
or edi, edi ; RVA of Export Info in EDI
jne .if_maped
pushd MB_OK+MB_ICONERROR
pushd CapStr
pushd NoExportTable
pushd
stdcall MessageBoxA
xor eax, eax
jmp .exit

.if_maped
cmp DWORD [_maped], 1
jne .f
push edi
pushd
CALL RVA2Offset
or eax, eax
jne .@1

.ShowMsg
pushd MB_OK+MB_ICONERROR
pushd CapStr
pushd Msg102
pushd
stdcall MessageBoxA
xor eax, eax
dec eax
jmp .exit
.@1
mov edi, eax
.f
add edi, ; Linear Address of Export Directory in EDI
; ------------------
; Get export values
; ------------------
mov eax,
or eax, eax
je .use_pathname
; --------------------------------------
; Use module name from export directory
; --------------------------------------
add eax,
push eax
lea esi,
pushd 256
push esi
stdcall RtlZeroMemory
push esi
stdcall lstrcpy
jmp .formate
; -----------------
; Use path name
; -----------------
.use_pathname
push edi
mov edi, FileName
CALL GetPathLastName
mov esi, eax
pop edi
; --------------------
; Formate module name
; --------------------
.formate
pushd 256
pushd buffer
stdcall RtlZeroMemory
push esi
pushd template3
pushd buffer
stdcall wsprintfA
add esp, 12
pushd buffer
pushd
stdcall SetWindowTextA
; ------------------------
; Copy name to ModuleName
; ------------------------
pushd 64
pushd ModuleName
stdcall RtlZeroMemory
push esi
pushd ModuleName
stdcall lstrcpy
pushd ModuleName
stdcall lstrlen
add eax, DWORD ModuleName
mov , BYTE 20h
; ---------------------------------------------------------------------
; NumberOfNames: number of functions/symbols that are exported by name
; ---------------------------------------------------------------------
pushd
popd
; ----------------------------------------------------------------------
; Base: number to bias against the ordinals to get the indexes into the
; address-of-function array
; ----------------------------------------------------------------------
pushd
popd
; -------------------------------------------------------------------------------
; AddressOfNames: RVA of an array of RVAs of the functions/symbols in the module
; -------------------------------------------------------------------------------
mov esi, ; AddressOfNames RVA

cmp DWORD [_maped], 1
jne .ff
push esi
pushd
CALL RVA2Offset
or eax, eax
jne .@2
jmp .ShowMsg
.@2:
mov esi, eax
.ff

add esi, ; AddressOfNames Linear Address
; -----------------------------------------------------------------------------------
; AddressOfNameOrdinals: RVA of a 16-bit array that contains the ordinals associated
; with the function names in the AddressOfNames array.
; -----------------------------------------------------------------------------------
mov ebx, ; NameOrdinals RVA

cmp DWORD [_maped], 1
jne .fx
push ebx
pushd
CALL RVA2Offset
or eax, eax
jne .@3
jmp .ShowMsg
.@3
mov ebx, eax
.fx
add ebx, ; AddressOfNameOrdinals Linear Address
; -----------------------------------------------------------------------------------
; AddressOfFunctions: RVA of an array of RVAs of the functions/symbols in the module
; -----------------------------------------------------------------------------------
mov edi,
cmp DWORD [_maped], 1
jne .fxx
push edi
pushd
CALL RVA2Offset
or eax, eax
jne .@4
jmp .ShowMsg
.@4
mov edi, eax
.fxx
add edi, ; AddressOfFunctions Linear Address

movd , LVIF_TEXT
movd , 0
; -----------------------------
; Add items to listview control
; -----------------------------
.while1
cmp DWORD , 0
je near .endw1
; --------------------------
; Write "import" to OutFile
; --------------------------
push byte 0
lea eax,
push eax
pushd 7
pushd import_str
pushd
stdcall WriteFile
; ---------------------------------
; Add the function name
; ---------------------------------
movd , 0
; ----------------------
; Get a pointer to name
; ----------------------
mov eax, ; Name RVA
cmp DWORD [_maped], 1
jne .@5
push eax
pushd
CALL RVA2Offset
or eax, eax
jne .@5
jmp .ShowMsg
.@5
add eax,
mov , eax ; Name Linear Address

push esi
push edi
push eax
; --------------------------------
; Get the size of the name string
; --------------------------------
push eax
stdcall lstrlen
inc eax
mov , eax
; ---------------------------------------
; Copy the function name to FunctionName
; ---------------------------------------
pop esi
mov edi, FunctionName
push eax

pushd 64
push edi
stdcall RtlZeroMemory

pop ecx
push ecx

rep movsb
mov , byte space
; ----------------------------------
; Copy the function name to OutFile
; ----------------------------------
pop eax
push eax

push byte 0
lea edx,
push edx
push eax
pushd FunctionName
pushd
stdcall WriteFile
; ----------------------------------
; Copy the module name to OutFile
; ----------------------------------
pushd ModuleName
stdcall lstrlen
push byte 0
lea edx,
push edx
push eax
pushd ModuleName
pushd
stdcall WriteFile
; ----------------------------------
; Copy the function name to OutFile
; ----------------------------------
pop eax
push eax

add eax, FunctionName
mov , WORD 0A0Dh

pop eax

inc eax
inc eax
push byte 0
lea edx,
push edx
push eax
pushd FunctionName
pushd
stdcall WriteFile
; -----------------------------
; Display the name of function
; -----------------------------
pop edi
pop esi

lea eax,
push eax
push byte 0
pushd LVM_INSERTITEM
pushd
stdcall SendMessageA
cmp eax, -1
je near .exit
; ---------------------------------------------
; Add the ordinal of the functions to listview
; ---------------------------------------------
cdq
mov dx, ; AddressOfOrdinals
mov ecx, edx
add ecx, DWORD
shl edx, 2
add edx, edi ; AddressOfFunctions Linear Address

mov eax, ; AddressOfOrdinals
push eax

;Here we push the parameters for the wsprintfA call
push ecx
pushd template1
lea eax,
push eax
;Here we clean the TempBuffer
mov , eax
movd , 2
inc DWORD
pushd 256
push eax
stdcall RtlZeroMemory
;Now we call to wsprintfA
stdcall wsprintfA
add esp, 12

lea eax,
push eax
push byte 0
pushd LVM_SETITEM
pushd
stdcall SendMessageA
pop ecx
cmp eax, -1
je near .exit

;Here we push the parameters for the wsprintfA call
push ecx
pushd template2
lea eax,
push eax
mov , eax
movd , 9
inc DWORD
;Here we clean the TempBuffer
pushd 256
push eax
stdcall RtlZeroMemory
;Now we call to wsprintfA
stdcall wsprintfA
add esp, 12

lea eax,
push eax
push byte 0
pushd LVM_SETITEM
pushd
stdcall SendMessageA
cmp eax, -1
je .exit

dec DWORD
add esi, 4
add ebx, 2
inc DWORD
jmp .while1
.endw1
xor eax, eax
inc eax
.exit

pop edi
pop esi
pop ebx
leave
ret 12

; ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

; ------------------------------------------------------------------
; GetPathLastName procedure
;
; ? Get a pointer to last name in a path name string
;
; edi = pointer to path string
; edi = puntero a la cadena del camino
; ------------------------------------------------------------------

GetPathLastName:
push esi
mov esi, edi
lodsb
cmp al, '\'
je @p1_
lodsb
cmp al, ':'
je @p0_
pop esi
mov eax, edi
ret
@p0_: dec esi
@p1_: dec esi
push esi
stdcall lstrlen
add esi, eax
std
@p2_: lodsb
cmp al, '\'
jne @p2_
inc esi
@p3_: inc esi
mov eax, esi
cld
pop esi
ret

; :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

OpenAndMapFile:
mov eax,
CALL OpenFileToRead
inc eax
je OpenAndMapFile_00
dec eax
push byte 0
push eax
CALL MapFile
OpenAndMapFile_00:
ret 4

; ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

OpenFileToReadWrite:
mov edx, GENERIC_READ + GENERIC_WRITE
jmp Create
OpenFileToRead:
mov edx, GENERIC_READ
jmp Create
OpenFileToWrite:
mov edx, GENERIC_WRITE
Create
xor ecx, ecx
push ecx
pushd FILE_ATTRIBUTE_NORMAL
pushd OPEN_EXISTING
push ecx
push ecx
push edx
push eax
stdcall CreateFileA
ret

; :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

MapFile:
push esi
mov esi,
push ebx
xor ebx, ebx
push edi
mov edi,
@MapFile_00:
push ebx
push edi
push ebx
push PAGE_READONLY
push ebx
push esi
stdcall CreateFileMappingA
or eax, eax
je @MapFile_01

push eax
push eax

push esi
stdcall CloseHandle

pop eax

push edi
push ebx
push ebx
push DWORD FILE_MAP_READ
push eax
stdcall MapViewOfFile
mov esi, eax

stdcall CloseHandle
mov eax, esi
@MapFile_01: pop edi
pop ebx
pop esi
ret 8

; ======================================================================
; RVA2Offset procedure
; ======================================================================

RVA2Offset: push ebp
mov ebp, esp

push esi
; ---------------------------
; Get the number of sections
; ---------------------------
PEFHDROFFSET ; pFile
movzx ecx, WORD
; --------------------------------
; Get a pointer to sections header
; --------------------------------
SECHDROFFSET
mov esi, eax
m00:
; --------------------------------
; Is the address in this section?
; --------------------------------
mov eax, ; rva
cmp , eax
jl m02
add eax, DWORD ; section_rva + sec_size
cmp , eax
jg m01 ; not: jump
; -----------------------------
; Get the correspondient offset
; -----------------------------
mov eax, ; rva
sub eax, dword ; rva - section_rva = .offset
add eax, dword ; .offset + raw_offset = offset
jmp m03
; ------------------------
; Revise the next section
; ------------------------
m01: add esi, 028h
loop m00
; ----------------------------------------
; This address does not exist in this file
; ----------------------------------------
m02: xor eax, eax
m03: pop esi
leave
ret 8

; :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

warning:
pushd MB_ICONWARNING
pushd CapStr
pushd
pushd
stdcall MessageBoxA
ret 8

; ==========================================================================
Posted on 2003-02-13 21:35:04 by Nguga
Hi Nguga

Sorry but I've got wrong again!

I suggested change:

.DataDirectory RESQ 1
ENDSTRUC

by

.DataDirectory resd IMAGE_DATA_DIRECTORY_size*16
ENDSTRUC


That is not correct. It would be:

.DataDirectory resq 16
ENDSTRUC

If you does not do that change, then the SECHDROFFSET macro
will fail, because will return the IMAGE_IMPORT_DESCRIPTOR
RVA :(

The Data Directory has 16 IMAGE_DATA_DIRECTORY entries!
Each IMAGE_DATA_DIRECTORY has a lenght of 8bytes, or
2 DWORDS, or 1 qword.

The problem is that if you want to get the RVA of the
IMAGE_IMPORT_DESCRIPTOR, you can do (using the pe macros
of Randy Katz) something as:

OPTHDROFFSET
lea eax,
mov eax,

To get the IMAGE_RESOURCE_DIRECTORY:

OPTHDROFFSET
lea eax,
mov eax,

Now we have other macros:

%MACRO DATADIROFFSET 1
OPTHDROFFSET %1
lea eax,
%ENDMACRO

%MACRO DATAENTRYRVA 2
DATADIROFFSET %1
lea eax,
%ENDMACRO

The parameter %1 of DATADIROFFSET and DATAENTRYRVA is and
the parameter %2 of DATAENTRYRVA is one of these:

IMAGE_DIRECTORY_ENTRY_EXPORT EQU 0
IMAGE_DIRECTORY_ENTRY_IMPORT EQU 1
IMAGE_DIRECTORY_ENTRY_RESOURCE EQU 2
IMAGE_DIRECTORY_ENTRY_EXCEPTION EQU 3
IMAGE_DIRECTORY_ENTRY_SECURITY EQU 4
IMAGE_DIRECTORY_ENTRY_BASERELOC EQU 5
IMAGE_DIRECTORY_ENTRY_DEBUG EQU 6
IMAGE_DIRECTORY_ENTRY_COPYRIGHT EQU 7
IMAGE_DIRECTORY_ENTRY_GLOBALPTR EQU 8
IMAGE_DIRECTORY_ENTRY_TLS EQU 9
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG EQU 10

So, you can get the IMAGE_IMPORT_DESCRIPTOR RVA so:

DATAENTRYRVA, , IMAGE_DIRECTORY_ENTRY_IMPORT
mov eax,

or get the IMAGE_EXPORT_DIRECTORY RVA:

DATAENTRYRVA, , IMAGE_DIRECTORY_ENTRY_IMPORT
mov eax,

hehe, my inconscient does not like to program! sorry.
I found other bug...
Posted on 2003-02-13 22:16:56 by n u M I T_o r
Nguga,

Posting source if fine.. just zip it up and attach it if its going to be 12 pages long...

NaN
Posted on 2003-02-13 22:35:04 by NaN
here is the working version for ZobySound

and the last nagoa.inc added Imagehlp.h STRUCTURES and equates and some
PE nuMIT_or macros.

( nagoa.inc is win32n.inc improved )


so every one using nasm for win32Nasm can download it
Posted on 2003-02-14 09:33:30 by Nguga
ola !

I just read your post , i will see it later , becouse i have no time know...

but please download de file i post with nagoa.inc and make the changes and post
it here please , i will be back a night 2:00 in morning i go work :(
Posted on 2003-02-14 09:41:41 by Nguga
hi Nguga:

Your code has a important bug in the message dispatcher, lines 26-37.
If you not return FALSE (or zero) when your code does not handle a
Windows message, then your Window will not receive focus and will
be transparent in win2k. So , only add a line:




proc DlgProc,hDlg,wMsg,wParam,lParam

cmp dword [wMsg], WM_DESTROY
je wmdestroy
cmp dword [wMsg], WM_CLOSE
je wmclose
cmp dword [wMsg], WM_COMMAND
je wmcommand
cmp dword [wMsg], WM_INITDIALOG
je wminitdialog
xor eax, eax ; <--- new line *
jmp finish

finish:
endproc



hehe, you use the imagehelp.dll to handle the PE file. Good! I've never used it :tongue: .

greetings
Posted on 2003-02-15 00:46:57 by n u M I T_o r
hi nuMit_or


i change the


.DataDirectory resd IMAGE_DATA_DIRECTORY_size*16
ENDSTRUC



to


.DataDirectory RESB IMAGE_DATA_DIRECTORY_size *16


resb not resd !!!!



see this new link i just made and see if there is some bug ... :)

How to convert Masm struct to NASM and use them by Nguga
http://194.65.3.199/win32asm/MASMstruct2NASM.html


GET THE LAST NAGOA.INC ver 17 fev 2003
http://194.65.3.199/win32asm/nagoa.inc.zip


i added your macros.
Posted on 2003-02-15 20:39:38 by Nguga
that is exactly what I advise you before!

There are 16 entries in the Data Directory. I know MASM, NASM and TASM!

greetings
Posted on 2003-02-16 03:46:18 by n u M I T_o r
Yes you know i learned a lot with you !

Remember
drum sonic 42 :)
Posted on 2003-02-16 07:13:31 by Nguga