Author Topic: Help with NASMX and direct API call  (Read 28018 times)

Offline Arq

  • Jr. Member
  • *
  • Posts: 9
Help with NASMX and direct API call
« on: June 17, 2012, 04:01:57 PM »
Hi, im new to NASM and trying to use it with NASMX. My problem is related to the invoke macro.
With NASM I use:

Code: [Select]
extern __imp__MessageBoxA@16

Then simply using
Code: [Select]
call [__imp__MessageBoxA@16]
Code: [Select]
00401025  |. FF15 5C204000  CALL DWORD PTR DS:[<&USER32.MessageBoxA>>; \MessageBoxA
 I able to call the api function directly through the IAT without a jump table, but how I do this with the invoke macro?
I tried this without much success:

Code: [Select]
invoke   __imp__MessageBoxA@16, NULL, mytitle, mytext, MB_OK
Code: [Select]
00401039  |. E8 1E100000    CALL <&USER32.MessageBoxA>
But the IAT its called not a call through the pointer in the IAT.
Maybe it's a question more related to NASMX than NASM...
Thanks in advance

Offline Bryant Keller

  • Forum Moderator
  • Full Member
  • *****
  • Posts: 360
  • Country: us
    • About Bryant Keller
Re: Help with NASMX and direct API call
« Reply #1 on: June 17, 2012, 06:15:54 PM »
I haven't tried this, but try doing something like:

Code: [Select]
proto STDCALL, __imp__MessageBoxA@16, dword, dword, dword, dword
Code: [Select]
invoke [__imp__MessageBoxA@16], NULL, mytitle, mytext, MB_OK
Hopefully Robb will chime in on this, there might be some conflicts with decoration, but I do see he provides a method to override calling convention defaults.

Hope this helps.

Bryant Keller

About Bryant Keller
bkeller@about.me

Offline Arq

  • Jr. Member
  • *
  • Posts: 9
Re: Help with NASMX and direct API call
« Reply #2 on: June 17, 2012, 08:39:07 PM »
thanks, unfortunately didn't work.
maybe it's the decoration name as you said.

Code: [Select]
%include 'D:\NASM\inc\nasmx.inc'
%include 'D:\NASM\inc\win32\windows.inc'
%include 'D:\NASM\inc\win32\kernel32.inc'
%include 'D:\NASM\inc\win32\user32.inc'

proto STDCALL, __imp__MessageBoxA@16, dword, dword, dword, dword
;proto STDCALL, __imp_ExitProcess@4, dword

entry start

extern __imp_ExitProcess@4
extern __imp__MessageBoxA@16

[section .text]

mytitle:  db 'Hello', 0
mytext: db 'World!', 0

proc start
locals none
invoke   [__imp__MessageBoxA@16], NULL, mytitle, mytext, MB_OK
;invoke   [__imp_ExitProcess@4], NULL
endproc


Code: [Select]
D:\NASM\src\test\test.asm:34: error: (INVOKE:22) `%ifdef' expects macro identifiers
D:\NASM\src\test\test.asm:34: error: (INVOKE:24) symbol `__nxsig@@' not defined before use
D:\NASM\src\test\test.asm:34: error: (INVOKE:26) `%ifndef' expects macro identifiers
D:\NASM\src\test\test.asm:34: error: (INVOKE:27) `%ifndef' expects macro identifiers
D:\NASM\src\test\test.asm:34: error: identifier expected after EXTERN
D:\NASM\src\test\test.asm:34: error: (INVOKE:45) expression syntax error
D:\NASM\src\test\test.asm:34: error: (INVOKE:46) symbol `..@6450.__nx_argrotate' not defined before use
D:\NASM\src\test\test.asm:34: error: (INVOKE:51) expression syntax error
D:\NASM\src\test\test.asm:34: error: (INVOKE:52) expression syntax error
D:\NASM\src\test\test.asm:34: error: (INVOKE:54) symbol `..@6450.__cc_enum' not defined before use
D:\NASM\src\test\test.asm:34: error: (INVOKE:369) expression syntax error

Checking redefining without decoration

Code: [Select]
proto STDCALL, MessageBoxA, dword, dword, dword, dword
And output:

Code: [Select]
D:\NASM\src\test\test.asm:6: fatal: (PROTO:51) global symbol _MessageBoxA@16 already defined
Regards.
« Last Edit: June 17, 2012, 09:03:50 PM by Arq »

Offline Rob Neff

  • Forum Moderator
  • Full Member
  • *****
  • Posts: 429
  • Country: us
Re: Help with NASMX and direct API call
« Reply #3 on: June 19, 2012, 12:01:23 AM »
No need to "pre-decorate" function names.
Many Windows functions, including MessageBox, are already pre-defined for you.
When you %include the header you will get the appropriate definition.
Thus, in your source code you simply:
Code: [Select]
    invoke MessageBox, dwArg1, dwArg2, dwArg3, dwArg4
You can look at the demos subdirectory to see how easy NASMX wraps up calling convention minutia for you.
The nasmx/demos/win32/demo1 subdirectory specifically shows the basic framework in action and includes the call to MessageBox.  I've put in a ton of comments to attempt to make usage clear.  Make use of those demos.  They are not complex and there really is a TON of information there.

You only need to PROTO methods that you create that will be visible outside of the source file it resides in or that will be called by compiled code that expects a certain convention.  This will properly decorate the function according to the default OS calling convention (or will allow you to make it more specific ) and make that function global when Nasm encounters the actual code for that method when you use PROC.

NASMX is a very powerful tool.  There are many things it does for you under the covers and provides an easy way to get the most from it.  It's not perfect but IMHO it's the best macro package available for Nasm. :)

Offline Arq

  • Jr. Member
  • *
  • Posts: 9
Re: Help with NASMX and direct API call
« Reply #4 on: June 19, 2012, 03:11:03 AM »
Yep, playing with the examples right now, are very clean and everything works like a charm but my doubt persist about "import".
As I understand reading "windemos.inc" and "nasmx.inc" (lots of comments with more info here!) saddly my macro skills are non-existent (I should read nasm manuals too) this macro decorate the function and make it extern according the calling convention passed and the number of params. Now i can "invoke" the function regardless decoration and everything is encapsulated.

But here is my problem windows api libs have 2 external symbols per function one decorated _name@size and the other __imp__name@size (right?), everything go it's all alright using

Code: [Select]
IMPORT STDCALL, MessageBoxA, ptrdiff_t hWnd, ptrdiff_t lpText, ptrdiff_t lpCaption, uint32_t uType
but the export name is decorated "_MessageBoxA@16", my question is how i override this to use __imp__ instead?
Tried using NAKED and decorating the function myself but doesn't look correct.

Maybe I don't understand due language barriers (my english is awful) and the answer it's right in front of me.

Thx for the help and for NASMX it's great!
Regards

Offline Rob Neff

  • Forum Moderator
  • Full Member
  • *****
  • Posts: 429
  • Country: us
Re: Help with NASMX and direct API call
« Reply #5 on: June 19, 2012, 03:43:17 PM »
It sounds like what you're trying to do is bypass the framework and make the direct call ( providing the decorations yourself ).  You can do this of course by simply using your knowledge of calling conventions and make the call.  No need to use the framework macros or include files in this case.

For example:
Code: [Select]
    push eax            ; <-- use the 4 params as per your source...
    push eax     
    push eax
    push eax
    call __imp_MessageBoxA@16    ; <-- simply use the call opcode

Is this what you mean?

Offline Arq

  • Jr. Member
  • *
  • Posts: 9
Re: Help with NASMX and direct API call
« Reply #6 on: June 19, 2012, 03:59:06 PM »
exactly, so I guess that can't use Invoke macro to wrap this.

Regards.

Offline Keith Kanios

  • Full Member
  • **
  • Posts: 383
  • Country: us
    • Personal Homepage
Re: Help with NASMX and direct API call
« Reply #7 on: June 19, 2012, 04:35:31 PM »
exactly, so I guess that can't use Invoke macro to wrap this.

No, but you can write your own macros if you want it handled differently.

Offline Arq

  • Jr. Member
  • *
  • Posts: 9
Re: Help with NASMX and direct API call
« Reply #8 on: June 20, 2012, 01:49:03 AM »
No, but you can write your own macros if you want it handled differently.

That's what I did, and worked great now i am able to direct call from inside nasmx procs without a problem. Nasm manuals are full of examples and nasmx src and demos are very illustrating too.

Thanks for the help!

Code: [Select]
%macro direct 1-*
%define func __imp_%1
extern func
%rep %0-1
%rotate -1
push %1
%endrep
%rotate -1
call DWORD [func]
%endmacro