It's a program that inputs an ASM-file and outputs the API-imports. You'll need the "special includes pack" found here:
http://www.asmcommunity.net/board/index.php?topic=7468
Example:
input:
Outout:
It will only work with APIs called using invoke.
I don't know if this is useful to anyone, but anyway, here is the file.
http://www.asmcommunity.net/board/index.php?topic=7468
Example:
input:
; Win32 program template
format PE GUI 4.0
entry start
include 'include\kernel.inc'
include 'include\user.inc'
include 'include\macro\stdcall.inc'
include 'include\macro\import.inc'
section '.data' data readable writeable
mainhwnd dd 0 ; handle of window
hinstance dd 0 ; handle of module
msg MSG
wc WNDCLASS
_title db 'Win32 program template',0
_class db 'FASMWIN32',0
section '.code' code readable executable
start:
invoke GetModuleHandle,0
mov [hinstance],eax
invoke LoadIcon,0,IDI_APPLICATION
mov [wc.hIcon],eax
invoke LoadCursor,0,IDC_ARROW
mov [wc.hCursor],eax
mov [wc.style],0
mov [wc.lpfnWndProc],WindowProc
mov [wc.cbClsExtra],0
mov [wc.cbWndExtra],0
mov eax,[hinstance]
mov [wc.hInstance],eax
mov [wc.hbrBackground],COLOR_BTNFACE+1
mov [wc.lpszMenuName],0
mov [wc.lpszClassName],_class
invoke RegisterClass,wc
invoke CreateWindowEx,0,_class,_title,WS_VISIBLE+WS_DLGFRAME+WS_SYSMENU,128,128,192,192,NULL,NULL,[hinstance],NULL
mov [mainhwnd],eax
msg_loop:
invoke GetMessage,msg,NULL,0,0
or eax,eax
jz end_loop
invoke TranslateMessage,msg
invoke DispatchMessage,msg
jmp msg_loop
end_loop:
invoke ExitProcess,[msg.wParam]
proc WindowProc, hwnd,wmsg,wparam,lparam
enter
push ebx esi edi
cmp [wmsg],WM_DESTROY
je wmdestroy
defwndproc:
invoke DefWindowProc,[hwnd],[wmsg],[wparam],[lparam]
jmp finish
wmdestroy:
invoke PostQuitMessage,0
xor eax,eax
finish:
pop edi esi ebx
return
Outout:
library kernel32,'KERNEL32.DLL',\
user32,'USER32.DLL'
kernel32:
import ExitProcess,'ExitProcess',\
GetModuleHandle,'GetModuleHandleA'
user32:
import CreateWindowEx,'CreateWindowExA',\
DefWindowProc,'DefWindowProcA',\
DispatchMessage,'DispatchMessageA',\
GetMessage,'GetMessageA',\
LoadCursor,'LoadCursorA',\
LoadIcon,'LoadIconA',\
PostQuitMessage,'PostQuitMessage',\
RegisterClass,'RegisterClassA',\
TranslateMessage,'TranslateMessage'
It will only work with APIs called using invoke.
I don't know if this is useful to anyone, but anyway, here is the file.
Wow! I just saw that 39 people has downloaded the file so I'm a little curious about if someone is actually using it. Any comments appreciated! :)
Sure someone is using it... (me: one of them)
Nice work, would it be possibble to add support for APIs called via the "call"-instruction too; since I'm not using the invoke macro in FASM (actually, I almost never use macros in FASM; thats what MASM is for ;) )
(en lite svensk version vore kul... :) )
Nice work, would it be possibble to add support for APIs called via the "call"-instruction too; since I'm not using the invoke macro in FASM (actually, I almost never use macros in FASM; thats what MASM is for ;) )
(en lite svensk version vore kul... :) )
What does a meesge box saying "110" (after search for "call" is done) mean (or "20" after "invoke") ?
The "C:\FASM\INCLUDE\APIA" is missing initially. In the "old" verion when it was written youn knew what path to print there, you could exclude the "C:". The "No .inc found"-message could be rewritten to something like: "Please specify path to the INCLUDE\APIA folder.")
The "C:\FASM\INCLUDE\APIA" is missing initially. In the "old" verion when it was written youn knew what path to print there, you could exclude the "C:". The "No .inc found"-message could be rewritten to something like: "Please specify path to the INCLUDE\APIA folder.")
Ooops, it looks like I uploaded my debug version. The messagebox showed the time in milliseconds to complete the task. Here is a new version that uses a default path if no other path is set.
Please try it
Please try it
Ok, it works smooth now. One more detail, what about adding a button that re-searches the opended file (when using both call and invoke opening the file twice feels a bit slow).
I think this app should be included in a FASM package, it would make things easier for some useres.
It would be nice if there was an static show the time spent 'extracting' the idata.
I think this app should be included in a FASM package, it would make things easier for some useres.
It would be nice if there was an static show the time spent 'extracting' the idata.
I have changed the gui a little and added the things you wanted Scientica. Here is the new version. Now you don't have to press a button to extract the imports, it can also be done using the enter key inside the 'Search for'-box
Works great, looks great, is great :)
(one funny thing though, I tried to search for "mov", and then "xor"; mov gave "No APIs called!" while xor gave: "
library gdi32,'GDI32.DLL',\
gdi32:
import GdiPlayJournal,'GdiPlayJournal'
". Is it the easster egg in the app? ;) )
(one funny thing though, I tried to search for "mov", and then "xor"; mov gave "No APIs called!" while xor gave: "
library gdi32,'GDI32.DLL',\
gdi32:
import GdiPlayJournal,'GdiPlayJournal'
". Is it the easster egg in the app? ;) )
I managed to get some strange results too when searching for "mov" and similar. You said "Easter egg" and I think that sounds much better than "bug" to me :grin:
From now I will always think of bugs as easter eggs:tongue:
From now I will always think of bugs as easter eggs:tongue:
Delight,
I find it very useful.
I like it better than using the whole %include%/win32as.inc macros.
I prefer your first verion, though.
The only thing is I wish it was fasm code (is it delphi, java?)
But delightful anyway.
I find it very useful.
I like it better than using the whole %include%/win32as.inc macros.
I prefer your first verion, though.
The only thing is I wish it was fasm code (is it delphi, java?)
But delightful anyway.
Sloppy,
it's written in Delphi but I'm planning an asm version for learning purposes (fasm or masm, hasn't really decided yet). I didn't like the %include%-thing either and that was the reason I coded this utility. The first thing I did was to write a program that replaced all %include% with 'c:\fasm\include' but that felt a little dirty. Then I came up with the idea of creating a program that automaticly creates the imports.
it's written in Delphi but I'm planning an asm version for learning purposes (fasm or masm, hasn't really decided yet). I didn't like the %include%-thing either and that was the reason I coded this utility. The first thing I did was to write a program that replaced all %include% with 'c:\fasm\include' but that felt a little dirty. Then I came up with the idea of creating a program that automaticly creates the imports.
It's sort of a great idea,
and if you start to the fasm version, it would be fantastic then to add it to asmwork to automatize the operation.
I'm sure Privalov will like it too.
I can?t get access to Internet until next monday, but I'm also going to give it a look, and next monday afternoon, we can discuss it a little, OK?
(or if you are faster than me, go on and post it.)
It delightful. :)
and if you start to the fasm version, it would be fantastic then to add it to asmwork to automatize the operation.
I'm sure Privalov will like it too.
I can?t get access to Internet until next monday, but I'm also going to give it a look, and next monday afternoon, we can discuss it a little, OK?
(or if you are faster than me, go on and post it.)
It delightful. :)
Hi Delight,
as promised, here it is the fasm version to include in asmwork:
This is just a skeleton.
I have inserted it in the Options menu, below Appearance.
I hope you like it :)
Now the difficult part is the routine that searches through the asm file for 'invokes', and then outputs the list of APIs.
I'm still thinking about it:
1) Find 'invoke' in target file, similar to Search/Find;
2)compare each found with the list in IncludePath;
3)output the result to the dialogscreen;
4)repeat until EOF
as promised, here it is the fasm version to include in asmwork:
IDR_DELIGHT_DIALOG =307
IDM_DELIGHT =502
IDD_PATH =306 ;DelightDialog with SetDlgItemText
IDD_COPY =402
IDD_OPEN =403
IDD_EDIT = 306
IncludePath db "C:\FASM\INCLUDE\APIA",0
.
.
.
wmcommand:
cmp ebx,IDM_DELIGHT
je delight
.
.
.
delight:
invoke DialogBoxParam,[hInstance], IDR_DELIGHT_DIALOG, [hwnd], DelightDialog, 0
jmp finish
.
.
.
proc DelightDialog,hwnddlg,msg,wparam,lparam
enter
push ebx esi edi
cmp [msg],WM_INITDIALOG
je .initdialog
cmp [msg],WM_COMMAND
je .command
cmp [msg],WM_CLOSE
je .close
xor eax,eax
jmp .finish
.initdialog:
invoke SetDlgItemText,[hwnddlg],IDD_PATH, IncludePath
jmp .processed
.command:
cmp [wparam],IDD_OPEN
je .open
cmp [wparam],IDD_COPY ;This will take it directly into the copy buffer, same routine
jne .processed
.copy:
;Same routine as Edit/Copy
.open:
;Similar as File/Open
;Now the routine that searches through the asm file for 'invokes', and then outputs the list of APIs
.close:
invoke EndDialog,[hwnddlg],0
.processed:
mov eax,1
.finish:
pop edi esi ebx
return
.
.
.
resource IDR_DELIGHT_DIALOG,LANG_ENGLISH+SUBLANG_DEFAULT,delight_dialog,\
.
menuitem '&Options',0,MFR_POPUP
menuitem '&Appearance...',IDM_APPEARANCE,MFR_END
menuitem '&Delight...',IDM_DELIGHT,MFR_END
.
dialog delight_dialog,5,'Delight',50,50,220,320,WS_CAPTION+WS_POPUP+WS_SYSMENU+DS_MODALFRAME
dialogitem 'STATIC','Fasm includes path:',-1,18,8,128,40,WS_VISIBLE+SS_CENTER
dialogitem 'EDIT','',IDD_PATH,20,20,180,10,WS_VISIBLE+WS_BORDER+WS_TABSTOP+ES_NUMBER
dialogitem 'EDIT','',IDD_EDIT,20,40,180,250,WS_VISIBLE+WS_BORDER+WS_HSCROLL+WS_VSCROLL
dialogitem 'BUTTON','&Copy',IDD_COPY,30,300,42,14,WS_VISIBLE+WS_TABSTOP+BS_DEFPUSHBUTTON
dialogitem 'BUTTON','&Open...',IDD_CANCEL,130,300,42,14,WS_VISIBLE+WS_TABSTOP+BS_PUSHBUTTON
This is just a skeleton.
I have inserted it in the Options menu, below Appearance.
I hope you like it :)
Now the difficult part is the routine that searches through the asm file for 'invokes', and then outputs the list of APIs.
I'm still thinking about it:
1) Find 'invoke' in target file, similar to Search/Find;
2)compare each found with the list in IncludePath;
3)output the result to the dialogscreen;
4)repeat until EOF
Sloppy, it looks great :)
In my delphi version I did it like this:
1) Extract all invoked functions and add them to a list (think of it as a multiline edit control).
2) Open the first .INC-file in ..\API\
3) Search for all invoked functions in the .INC-file one by one, and if found, delete it from the list of used APIs, then copy the line where it was found to a separate list (the output).
4) Open next .INC and go to 3). Repeat this until the list of used APIs are empty or no more .inc-files are found.
I don't know if this technique is best suited for the asm version but it works good in delphi.
I will take a deeper look at it in a couple of hours when I get back from my training.
In my delphi version I did it like this:
1) Extract all invoked functions and add them to a list (think of it as a multiline edit control).
2) Open the first .INC-file in ..\API\
3) Search for all invoked functions in the .INC-file one by one, and if found, delete it from the list of used APIs, then copy the line where it was found to a separate list (the output).
4) Open next .INC and go to 3). Repeat this until the list of used APIs are empty or no more .inc-files are found.
I don't know if this technique is best suited for the asm version but it works good in delphi.
I will take a deeper look at it in a couple of hours when I get back from my training.
It looks good to me :alright:
But yes, we'll have to get working.
1) AllocMem or AllocHeap for the list of invokes, then
2) Load the APIs and compare,and output
I'm attaching a picture.
See if you like how is the skeleton right now.
We have the original delphi to the right, and the fasm dialog to the left.
This is what you get from the above code, plus there's also the message C:\FASM\INCLUDE\APIA.
But yes, we'll have to get working.
1) AllocMem or AllocHeap for the list of invokes, then
2) Load the APIs and compare,and output
I'm attaching a picture.
See if you like how is the skeleton right now.
We have the original delphi to the right, and the fasm dialog to the left.
This is what you get from the above code, plus there's also the message C:\FASM\INCLUDE\APIA.
I got it to work too :)
The first thing we have to solve is how to extract all the invoked functions. I haven't done much string handling in asm, but perhaps we can use the BoyerMore search algorithm by hutch.
1) Search for 'invoke'.
2) Go forward 7 bytes (length of 'invoke ') and copy the following bytes until current byte is space or tab or 10h (new line=no parameters) or a comma. Add the copied part somewhere (a delphi-list replacement).
3) go to 2) until EOF
I was thinking about the delphi list replacement. We can use two buffers, one with the stringlength of the APIs and one with the used API-strings:
UsedAPIS db 'MessageBeep', 0, 'MessageBox', 0, 'GetDlgItemInt', 0,'AnotherInvokedApi',0,'OneMore'
and
ApiLengths db 11,10,13,17,7
Then we can access each string by UsedAPIS+ApiLengths
The first thing we have to solve is how to extract all the invoked functions. I haven't done much string handling in asm, but perhaps we can use the BoyerMore search algorithm by hutch.
1) Search for 'invoke'.
2) Go forward 7 bytes (length of 'invoke ') and copy the following bytes until current byte is space or tab or 10h (new line=no parameters) or a comma. Add the copied part somewhere (a delphi-list replacement).
3) go to 2) until EOF
I was thinking about the delphi list replacement. We can use two buffers, one with the stringlength of the APIs and one with the used API-strings:
UsedAPIS db 'MessageBeep', 0, 'MessageBox', 0, 'GetDlgItemInt', 0,'AnotherInvokedApi',0,'OneMore'
and
ApiLengths db 11,10,13,17,7
Then we can access each string by UsedAPIS+ApiLengths
What do you think about it?
Just tested it quickly under Wine (on RedHat 7.3) (just ran it fast), it ran ok. :)
Just tested it quickly under Wine (on RedHat 7.3) (just ran it fast), it ran ok. :)
You switched completly to Linux ?
No, not yet. There are a few details left, like learning Wine... (yet I only know that I start .exe by doubble clicking). I hope I some day can switch totaly. :)
Btw, where can I find out how to interface with a Windows Network (NT-based) from linux?
Btw, where can I find out how to interface with a Windows Network (NT-based) from linux?
Check out www.tldp.org ... "samba" is your solution.