There is a ready DLL; how can I add a few instructions to it with creation, checking for existence, renaming files, but at the same time there are no such functions in the import campaign. Through Ollie, I put the transition to the entry point at the end of the code (where I placed my code among the empty bytes), creates a file through _lcreat , and how to check the existence of the file, if there is no import GetFileAttribytes , MoveFile also not imported, or I’m looking for them . Thanks in advance.
Nicolas Chabanovsky ♦
38.2k 54 222 438
Vladislav Vladislav
eleven five
- one1. Add a few machine commands to the dll? Is that exactly what you want? What dll place do you want to insert them in? 2. Who is Ollie? Wikipedia says this is a skateboard trick. What does dll have to do with it? 3. Further generally untranslatable. I suspect that this question is not for me, but for sure I would like to get some explanations. - alexlz
- Olly - Olly Debbuger - debugger disassembler. I write my commands to the end of the file using section alignment (which gives quite a few empty bytes) at the beginning, ie, at the address from which the download takes place, I put the transfer of control on my code, everything is fine, my code worked to transfer control back, and dll was initialized. But if in the import of DLLs there is no function as it can be used. Found in import LoadLibraryA (LoadLibraryW) and GetProcAddress. But don `t know how to use them. I need to either load the library into the Dll and add a function, or expand the import - Vladislaw
- Having not seen the last message from cy6erGn0m, it was very hard, there really is NULL and not the address of the function, GetFileAttributesA was found easily. Strange but when using LoadLibraryA and GetProcAddress there was a function, but the library didn’t go further, the application didn’t use it, and gave an error, but the file attributes influenced the choice of the text of the file that I used to check, if the file existed then wrote, if not, wrote does not exist, then GetFileAttributesA performed its function, only with what the subsequent departure of the library can be connected - Vladislava
- Just deleted an entry in the PUSH file opengl32.5F2C4FED CALL kernel32._lcreat so everything is fine, but it is unknown whether it found it or not. maybe it's because of _lcreat - Vladislaw
|
1 answer
"Found importing LoadLibraryA (LoadLibraryW) and GetProcAddress. But I don’t know how to use them." - this is what will help you. With LoadLibraryA, load the library, and with GetProcAddress you get a pointer to the function that you need. For example, GetFileAttributes is in kernel32.dll. Well, and specify it in LoadLibraryA and get the HANDLE library. And knowing the module HANDLE and the name "GetFileAttributes" find the address of the function GetFileAttributes. And then you make a call there by filling out the stack with the necessary parameters.
UPD
Examples even on asm fully ( Here, for example ), not to mention examples on C / C ++.
cy6erGn0m cy6erGn0m
18.8k 24 33
- That's exactly the implementation I did not understand, I would like an example, I would be very grateful. I tried to load the library, I returned the LoadLibraryA value to GetProcAddress along with the name of the function I was looking for, but the value I got from it gave an error when I called the stack, I filled the data with the stack first. - Vladislaw
- So the stack is incorrectly filled .. if only GetProcAddress! = NULL - cy6erGn0m
- And you can sample code for clarity. - Vladislaw
- but GetProcAddress = NULL I think only if the function is not found, but the name of the function as well as the libraries are transferred correctly, then what could be the reason - Vladislaw
- oneAnd I suspect that not GetFileAttributes is exported there, but GetFileAttributesA and GetFileAttributesW. View the library export list or documentation ~ - Alexey Sonkin
|