Recent Posts

11

Using NASM / Re: How do I define a function alias for an imported function?

« Last post by ben321 on August 04, 2019, 12:14:30 AM »

I figured out a way to do it. You need set NASM to output to a "win32" format object file, and then use a program I wrote separately to edit the object file output by NASM. In NASM, use EXTERN with the function name you want to hook (such as SetPixel). Then create a new function with an altered version of that function name (such as HOOK_SetPixel). Then run NASM to assemble this into an object file. Then use the program, and tell it to search in the object file for the string with the altered function name (in this case "HOOK_SetPixel") and rename it to the string name of the function you are trying to hook (in this case "SetPixel"). After the object file has been edited, you use GoLink to link it, which in my example would be:
"golink.exe /entry dllstart /dll myobjectfile.obj gdi32.dll"

After that, just rename your DLL to gdi32.dll and put it in the folder of the program that you expect to call that function in gdi32.dll and it will instead call your hacked version of the function, which will then do something you want it to do with the data passed to it. After your function does what it is supposed to do, your function then will call the real SetPixel function in the real gdi32.dll in the Windows\System32 folder so the program produces the expected result, but at the same time your function can send data to a different program or log it to a file. Of course this may not work on actual system DLLs like gdi32.dll (Windows always makes sure programs use the official DLLs, not alternate versions of the DLLs), but it will work on non-system DLLs (even some graphics DLLs that are often included with Windows like the DirectX DLLs).

This has the potential to let you actually do things like hack games, making it easier to see enemy targets (if you hook DirectX graphics functions and hack them to make enemies always appear bright red).

Not ideal, but until NASM allows you to use EXTERN to reference an external function of a particular name, while calling it a different name in the assembly code itself (an alias), this hacking the object file that is created by NASM is the ONLY way to do it.

12

Using NASM / Re: How do I define a function alias for an imported function?

« Last post by debs3759 on August 01, 2019, 08:33:39 PM »

Does nobody here know how to use the DLL forwarder capabilities of a DLL file?

Somebody might, but this is not a very active forum, and we don't claim to be experts in any operating system, only to processor specific code. If you are patient, someone may be able to help.

13

Using NASM / Re: How do I define a function alias for an imported function?

« Last post by ben321 on August 01, 2019, 07:00:42 PM »

Does nobody here know how to use the DLL forwarder capabilities of a DLL file?

14

Using NASM / Re: How do I define a function alias for an imported function?

« Last post by ben321 on August 01, 2019, 07:40:45 AM »

Hi ben321,

Code: [Select]

%define abcd abcd1234
extern abcd1234

section .text
call abcd
...

Does  this not work?

Best,
Frank

I want to create a proxy DLL for game hacking/cheating (imagine having unlimited rocket ammo in GTA5). The game calls certain functions in a DLL file, and I want to trick it to using my DLL instead of the one supplied with the game, so my DLL must have the same name as the original DLL (and of course the original DLL will be renamed), and the names of the functions must also be the same as the names of the functions that the game is expecting.

My plan is to make the functions I want to hook, directly in my program, but the remaining functions must be forwarded to the correct DLL (a renamed copy of the original DLL).

So for example, I need to be able to do this:

Code: [Select]

%define abcd abcd1234
extern abcd1234

section .text
export abcd1234
abcd1234:
     jmp abcd

You see the problem with that? NASM will see the function name abcd1234 being external, in the top of the code, but see the function name abcd1234 lower in the code as an internal function with the same name. The will create an error.

I need to tell the assembler, "I want you to reference an external function called abcd1234, but within this .asm file it shall be called abcd, and NOT be called abcd1234". Is there a way to do that in nasm?

And you know what would be even better than that? Using the official DLL Forwarding functionality that Windows recognizes. This functionality allows a DLL file to contain an Exported function from a different DLL. That is, there is an entry in the DLL's export table, which actually points to a function in a different DLL. Is NASM capable of creating an object file which uses contains this functionality, such that when the object file is processed by a linker that it will actually create the correct forwarding entry in the export table?

15

Using NASM / Re: How do I define a function alias for an imported function?

« Last post by Frank Kotler on August 01, 2019, 04:06:46 AM »

Hi ben321,

Code: [Select]

%define abcd abcd1234
extern abcd1234

section .text
call abcd
...

Does  this not work?

Best,
Frank

16

Using NASM / How do I define a function alias for an imported function?

« Last post by ben321 on August 01, 2019, 02:24:18 AM »

If a function is defined in a DLL file under the name abcd1234, and I want it defined in my program under the name abcd, how do I do that?

I tried this in the EXTERN line, like this:

Code: [Select]

EXTERN abcd "abcd1234"
But that didn't work. Is there a way to accomplish this?

17

Using NASM / Re: NASM on Raspberry Pi

« Last post by debs3759 on July 31, 2019, 11:49:31 AM »

To run nasm, you don't click an icon. You run it from the command line. I am surprised your tutor didn't tell you how to do it before telling you to do it. Let us know what you have managed, and we should be able to help.

18

Using NASM / no directiv.h

« Last post by whitequill on July 31, 2019, 02:56:25 AM »

I just pulled the source to NASM and I can't find directiv.h.
I am getting the following fatal error:

Code: [Select]

In file included from ../nasm/asm/nasm.c:41:0:
../nasm/include/nasm.h:50:10: fatal error: directiv.h: No such file or directory
 #include "directiv.h"   /* For enum directive */
          ^~~~~~~~~~~~
compilation terminated.
make: *** [Makefile:80: asm/nasm.o] Error 1

19

Programming with NASM / Re: Trying to convert 32-bit code into 64-bit: Line feed ignored

« Last post by fredericopissarra on July 28, 2019, 10:42:07 PM »

OBS: When you change an E?? register, the upper 32 bits of R?? register is zeroed, autmatically.

Is that documented behaviour? I know in 32-bit code, the upper 16 bits are not changed if you write to a 16-bit general purpose register.

Yes, it is.... You can get this from Intel and AMD documentation. This happens only when you change the lower 32 bits of Rxx registers... Like:

Code: [Select]

xor eax,eax ; Will zero the entire RAX
mov r8d,1 ; Will initialize R8 with 1 (upper 32 bits zeroed as wellThe reason is simple: You don't need to use REX prefix for 'xor eax,eax', but it is needed for 'xor rax,rax'.

Notice if you do:

Code: [Select]

xor ax,axOnly the first 16 bits are zeroed, leaving the rest untouched.

Another advantage of x86-64.... There is a DIL, SIL, BPL and SPL aliases for the lower 8 bits of RDI, RSI, RBP and RSP (not available on i386 mode).

20

Programming with NASM / Re: Trying to convert 32-bit code into 64-bit: Line feed ignored

« Last post by debs3759 on July 28, 2019, 07:29:05 PM »

OBS: When you change an E?? register, the upper 32 bits of R?? register is zeroed, autmatically.

Is that documented behaviour? I know in 32-bit code, the upper 16 bits are not changed if you write to a 16-bit general purpose register.