hello,
playing around with imports/exports i found this site: http://www.osix.net/modules/article/index.php?id=728
it says:
so you can build "own" kernel32 to have "easy" Hooks in Usermode (i want to use them on my other PC (Win 98)- so i have some additional "security module" for the Browser (K-Meleon) or for testing my other Applications).
It seems to be linkable with C
but when i try to assembly/link it with MASM it says:
YERNEL32.dll.def : error LNK2001: unresolved external symbol GetCommandLineA
YERNEL32.dll.def : error LNK2001: unresolved external symbol GetCommandLineW
why? ;). Is there an easy way to link this DLL?
My Code:
def:
I assembly and link whit RadASM and with:
PS: i can not post in MASM32 Child-Forum (there is no "New-Topic" button)
playing around with imports/exports i found this site: http://www.osix.net/modules/article/index.php?id=728
it says:
We must build a new .DEF file which will redirect all the exports, like this:
LIBRARY
EXPORTS
GetCommandLineA=kernel32.GetCommandLineA
GetVersion=kernel32.GetVersion
LIBRARY
EXPORTS
GetCommandLineA=kernel32.GetCommandLineA
GetVersion=kernel32.GetVersion
At this point we have two files that have been called VERNEL32.C (empty) and
VERNEL32.DEF. We can now build our simpe DLL with the command line
cl -W3 -LD vernel32.c vernel32.def
VERNEL32.DEF. We can now build our simpe DLL with the command line
cl -W3 -LD vernel32.c vernel32.def
so you can build "own" kernel32 to have "easy" Hooks in Usermode (i want to use them on my other PC (Win 98)- so i have some additional "security module" for the Browser (K-Meleon) or for testing my other Applications).
It seems to be linkable with C
but when i try to assembly/link it with MASM it says:
YERNEL32.dll.def : error LNK2001: unresolved external symbol GetCommandLineA
YERNEL32.dll.def : error LNK2001: unresolved external symbol GetCommandLineW
why? ;). Is there an easy way to link this DLL?
My Code:
LibMain proc hInstDLL:DWORD, arg:DWORD, reserviert:DWORD
.if arg == DLL_PROCESS_ATTACH
mov eax,1
ret
.elseif arg==DLL_PROCESS_DETACH
mov eax,1
ret
.endif
ret
LibMain Endp
End LibMaindef:
LIBRARY YERNEL32.DLL
EXPORTS
CreateFileW=kernel32.CreateFileW
GetProcAddress=kernel32.GetProcAddress
GetModuleHandleW=kernel32.GetModuleHandleW
CreateMutexW=kernel32.CreateMutexW
CreateFileA=kernel32.CreateFileA
and so on.
I assembly and link whit RadASM and with:
\masm32\bin\ml /w3 /c /coff yernel32.dll.asm
\masm32\bin\Link /SUBSYSTEM:WINDOWS /DLL /DEF:yernel32.dll.def yernel32.dll.obj
PS: i can not post in MASM32 Child-Forum (there is no "New-Topic" button)
PS: i can not post in MASM32 Child-Forum (there is no "New-Topic" button)
Becaus all questions related to MASM32 should be redirected to Hutch's forums as it clearly states in the child-forum description :)
Just guessing here, did you try includelib kernel32.lib?
Just guessing here, did you try includelib kernel32.lib?
yes (at first).
the "full" code:
.386
.model flat, stdcall
option casemap :none
; #########################################################################
include \masm32\include\windows.inc
include \masm32\include\user32.inc
include \masm32\include\kernel32.inc
include \masm32\include\masm32.inc
includelib \masm32\lib\masm32.lib
includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel.lib
; #########################################################################
.data?
.code
; ##########################################################################
LibMain proc hInstDLL:DWORD, arg:DWORD, reserviert:DWORD
.if arg == DLL_PROCESS_ATTACH
mov eax,1
ret
.elseif arg==DLL_PROCESS_DETACH
mov eax,1
ret
.endif
ret
LibMain Endp
End LibMain
CDW,
Why not try something like this as to not interfere with the naming conventions...
I'm not exactly sure if this is what the article was discussing exactly, from what I can see you trying to do I guess that it is. To build this create a definition file which exports each of your procedures, don't worry about trying to alias procedures to API's cause we handled that internally. The things you need to look out for though when doing this is that when you create your DLL, you MUST make sure you have an export for every API the program calls, otherwise the thing will crash. Generally I don't think this is really the best method (I would personally op for in-memory patching of the IAT) but I hope this helps you out.
Regards,
Bryant Keller
Why not try something like this as to not interfere with the naming conventions...
.386
.model flat,stdcall
option casemap:none
include windows.inc
includelib kernel32.lib
; we don't want to import any other stuff from kernel32.dll than we need just yet.
LoadLibraryA proto :DWORD
FreeLibrary proto :DWORD
GetProcAddress proto :DWORD, :DWORD
.data
szKernel32DLL db "Kernel32.DLL", 0
Kernel32Instance dd 0
szCreateFileW db "CreateFileW", 0
myCreateFileW dd 0
szGetModuleHandleW db "GetModuleHandleW", 0
myGetModuleHandleW dd 0
szCreateMutexW db "CreateMutexW", 0
myCreateMutexW dd 0
szCreateFileA db "CreateFileA", 0
myCreateFileA dd 0
.code
LibMain proc hInstDLL:DWORD, arg:DWORD, reserviert:DWORD
.if arg == DLL_PROCESS_ATTACH
; now we can import the true routines that we need with the name we want
; so they don't interfere with our calls (say if we want to call one of our own routines)
invoke LoadLibraryA, addr szKernel32DLL
mov Kernel32Instance, eax
invoke GetProcAddress, Kernel32Instance, addr szCreateFileW
mov myCreateFileW, eax
invoke GetProcAddress, Kernel32Instance, addr szGetModuleHandleW
mov myGetModuleHandleW, eax
invoke GetProcAddress, Kernel32Instance, addr szCreateMutexW
mov myCreateMutexW, eax
invoke GetProcAddress, Kernel32Instance, addr szCreateFileA
mov myCreateFileA, eax
mov eax,1
ret
.elseif arg==DLL_PROCESS_DETACH
invoke FreeLibrary, Kernel32Instance
mov eax,1
ret
.endif
ret
LibMain Endp
; Now just define each function that you will use.
CreateFileW PROC a:DWORD,b:DWORD,c:DWORD,d:DWORD,e:DWORD,f:DWORD,g:DWORD
invoke myCreateFileW, a, b, c, d, e, f, g
ret
CreateFileW ENDP
GetModuleHandleW PROC a:DWORD
invoke myGetModuleHandleW, a
ret
GetModuleHandleW ENDP
CreateMutexW PROC a:DWORD,b:DWORD,c:DWORD
invoke myCreateMutexW, a, b, c
ret
CreateMutexW ENDP
CreateFileA PROC a:DWORD,b:DWORD,c:DWORD,d:DWORD,e:DWORD,f:DWORD,g:DWORD
invoke myCreateFileA, a, b, c, d, e, f, g
ret
CreateFileA ENDP
I'm not exactly sure if this is what the article was discussing exactly, from what I can see you trying to do I guess that it is. To build this create a definition file which exports each of your procedures, don't worry about trying to alias procedures to API's cause we handled that internally. The things you need to look out for though when doing this is that when you create your DLL, you MUST make sure you have an export for every API the program calls, otherwise the thing will crash. Generally I don't think this is really the best method (I would personally op for in-memory patching of the IAT) but I hope this helps you out.
Regards,
Bryant Keller