#31
|
|||
|
|||
Quote:
Yes, just convert it uppercase letter to lower. In fact, we can set this whole function as library function instead of including the code of this function in the ASM code. I study it just want to learn more thing. By your opinion, with right definition of including kernel32.lib, setting below is not must, right? pr1 typedef PROTO : DWORD externdef _imp__GetModuleHandleA@4:PTR pr1 GetModuleHandleA equ <_imp__GetModuleHandleA@4> With this way, I have passed the LINK steps, but the results is not right, I'm still checking what's wrong. I'll try to build up a small test case, hope you can help me to have a check, many thanks. By the way, may I check with you whether you can run lib2inc22.exe succesfully? |
#32
|
|||
|
|||
Why use you not the apis crt__tolower or CharLower
|
#33
|
|||
|
|||
The code dump from IDA, just want to study the methodology to modify and compile the dumped code to boj, then call by VC.
|
#34
|
|||
|
|||
Hi ragdog,
Would you help check this small test case, Why failed when do LINK? ( I use the include based on your suggestion) 1. compile newtolower.asm to get newtolower.obj 2. run build.cmd to get newtest.exe(not succesful, can't find newtolower function) Thanks, bridgeic |
#35
|
|||
|
|||
Quote:
newtolower proc near ,argv1: DWORD |
#36
|
|||
|
|||
Quote:
again a problem of calling conventions... newtolower() must be CDECL since the stack is adjusted on return by the caller.. Please google for calling conventions... In first newtolower.asm you will obtain a decorated name _newtolower@0: that's not ok, it is a STDCALL decoration with 0 bytes as arguments In second newtolower.asm you will obtain a decorated name _newtolower@4: that's not ok, it is a STDCALL decoration with 4 bytes as arguments (it gots linked because the function declaration is coherent in both files, but the stack will be corrupted). So the correct ASM must be: Code:
newtolower proc near c Code:
extern int newtolower(int); Code:
call dword_57E704 Best regards, bilbo |
#37
|
|||
|
|||
Dear bilbo,
Thank you so much for your warm help, seems "call dword_57E704" will be a Gordian knot£¬do you have any suggestion how to solve this issue? |
#38
|
|||
|
|||
Hi Bilbo,
Trace with ollydbg, seems the value is assigned outside the newtolower function, I'm not sure whether it is this way, still studying. dword_57E704 dd 7C8097D0h ; kernel32.TlsGetValue |
#39
|
|||
|
|||
In fact, the trap in your EXE is no more related to that call...
To debug the trap: run it with your preferred debugger... It will break at Code:
004699E0 mov byte ptr [esi],dl If you look at program memory map (for example through Process Hacker), you will see that memory 514000-51D000 (presumably allocated by LMCRYPT, look at memory content in the debugger) is read-only! Hence the trap due to Access Violation. Best regards, bilbo |
#40
|
|||
|
|||
Quote:
I guess I may understand your means, test with ollydbg, if give parameters as "-i input.txt -o output.txt", then it won't run to 004699E0. Seems it will be bottleneck here. :-) |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Compile eror | rcer | General Discussion | 8 | 06-25-2013 18:21 |
Why this error report in RadASM? | bridgeic | General Discussion | 3 | 04-02-2013 17:36 |