I'm trying to export a completely clean function name, this is because I need to use it within GetProcAddress (2nd parameter). I know this is possible as if you test dumpbin against Kernel32 it will display clean function names.
I have looked around found numerous "solutions", and I have gotten my mangled name from jibberish to:
1 0 00001810 SomeFunction = _SomeFunction
However I need it to look like:
1 0 00001810 SomeFunction
This would allow me to call it from the GetProcAddress function, as I can't get it to work with a "Mangled" name.
Here is how I'm defining it:
extern "C" __declspec(dllexport) void SomeFunction(void * SomeArguments)
{
//Function Content
}
With a module definition file, it's useless... I get a totally mangled name.
Using this way, I can get it nearly there however the '_' is preventing GetProcAddress resolving my function name to a address.
Module Definition output:
1 0 00001810 SomeFunction = ?SomeFunction##YAXPAX#Z (void __cdecl SomeFunction(void *))
EDIT: (If you mean the function aboves content... it's simply a message box MessageBoxA()... there can't be anything wrong there.)
GetProcAddressLine:
LPVOID SomeFunctionAddr = (LPVOID)GetProcAddress(GetModuleHandleA("Pies.dll"), "SomeFunction");
Full "GetProcAddress":
LPVOID SomeFunctionAddr = (LPVOID)GetProcAddress(GetModuleHandleA("Pies.dll"), "SomeFunction");
if (!SomeFunctionAddr)
{
std::cout << "Failed to obtain SomeFunction Address!\n";
return 0;
}
Allocate = VirtualAllocEx(Handle, NULL, strlen(Path), MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
WriteProcessMemory(Handle, Allocate, Path, strlen(Path), NULL);
Thread = CreateRemoteThread(Handle, NULL, NULL, (LPTHREAD_START_ROUTINE)SomeFunctionAddr, Allocate, 0, NULL);
WaitForSingleObject(Thread, INFINITE);
VirtualFreeEx(Handle, Thread, strlen(Path), MEM_RELEASE);
Related
I am trying to get the image base of my process once it is loaded in memory. From my understanding, you can call GetModuleHandle to get the image base. My question is, does the handle returned essentially point to the IMAGE_DOS_HEADER struct such that you could do the following:
PIMAGE_DOS_HEADER DosHeader;
DosHeader = (PIMAGE_DOS_HEADER)GetModuleHandle(NULL);
If this is not correct, what other method could you use?
This is correct, though if you want the module handle of of a dll you need to specify its path. Otherwise you will get the handle to the process exe. You should also check the returned HMODULE first to see that its valid.
An example of how to get the virtual size of the module:
std::size_t GetModuleSize(const char* szModule)
{
HMODULE hModule = GetModuleHandle(szModule);
if(hModule == NULL) return 0;
IMAGE_DOS_HEADER* pDOSHeader = (IMAGE_DOS_HEADER*)hModule;
IMAGE_NT_HEADERS* pNTHeaders =(IMAGE_NT_HEADERS*)((BYTE*)pDOSHeader + pDOSHeader->e_lfanew);
return pNTHeaders->OptionalHeader.SizeOfImage;
}
you'll notice I use IMAGE_DOS_HEADER* and not PIMAGE_DOS_HEADER as I find that more readable and clear.
With Microsoft's compiler and linker, you can use
extern "C" IMAGE_DOS_HEADER __ImageBase;
I've got a simple piece of C++ code I'm exporting from a DLL.
DWORD WINAPI MessageBoxThread(LPVOID lpParam)
{
MessageBox(0, L"Test", L"Test", 0);
return 0;
}
Here's how I'm calling it
typedef DWORD(*MessageBoxThread)(LPVOID);
int StartMessageBoxThread() {
MessageBoxThread ShowMessageBox;
HMODULE testModule = LoadLibrary(L"C:\\Users\\david\\COMServer.dll");
ShowMessageBox = (MessageBoxThread)GetProcAddress(testModule, "MessageBoxThread");
ShowMessageBox(NULL);
FreeLibrary(testModule);
return 0;
}
I get an exception thrown in KernelBase.dll on the ShowMessageBox() line, involved an access violation when writing to a memory location.
I can't understand what I'm doing wrong. Both Visual Studio projects are set to Unicode, and I know using the L prefix denotes wide strings.
I can debug and step through into my DLL, I see the address of my function, so I can't see anything wrong with the code calling the function.
typedef DWORD(*MessageBoxThread)(LPVOID);
The prototype does not match the definition in dll. By default calling convention here is __cdecl whereas WINAPI is __stdcall
typedef DWORD(WINAPI *MessageBoxThread)(LPVOID);
Specifically, at the called end, since the convention is __stdcall(callee clears the stack), the function pops argument off the stack. At the caller end, it sees that the convention is __cdecl(caller clears the stack) and it also pops the argument from the stack, eventually corrupting the stack.
In your StartMessageBoxThread() code, MessageBoxThread is declared incorrectly. Specifically, it is missing a calling convention, so it uses the compiler's default convention, which is typically __cdecl rather than __stdcall (what WINAPI maps to). Calling convention mismatches are a common cause of crashes, call stack corruption, etc.
Also, the code has no error checking at all.
Try this instead:
typedef DWORD (WINAPI *MessageBoxThread)(LPVOID);
int StartMessageBoxThread()
{
HMODULE testModule = LoadLibrary(L"C:\\Users\\david\\COMServer.dll");
if (testModule)
{
MessageBoxThread ShowMessageBox = (MessageBoxThread) GetProcAddress(testModule, "MessageBoxThread");
if (ShowMessageBox)
ShowMessageBox(NULL);
FreeLibrary(testModule);
}
return 0;
}
Im modifiy my display drivers to get update notifcation sent from the USB port. So far so good, but i got stock on follow:
GPEFlat::GPEFlat()
{
PBOOT_ARGS args;
ULONG fbSize;
ULONG fbOffset;
ULONG offsetX;
ULONG offsetY;
BOOL bFoundArgs = FALSE;
BOOL m_MouseDisabled = TRUE;
HANDLE m_hAttachEvent = CreateEvent(NULL, FALSE, FALSE, L"MouseAttached");
HANDLE m_hDetachEvent = CreateEvent(NULL, FALSE, FALSE, L"MouseDetached");
HANDLE m_hCursorThread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)MouseEventThread, NULL, 0, NULL);
DWORD
GPEFlat::MouseEventThread(void)
{
DWORD rc = TRUE;
HANDLE handles[2];
handles[0] = m_hAttachEvent;
handles[1] = m_hDetachEvent;
The resulting error is:
Error 1 error C2440: 'type cast' : cannot convert from 'overloaded-function' to 'LPTHREAD_START_ROUTINE' drivers\display\vgaflat
So the line : HANDLE m_hCursorThread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)MouseEventThread, NULL, 0, NULL);
Dosnt work. Got some pointers that it may be to non static method.
How should i do this?
Greetings
The thing to understand is that functions (including static methods) and non-static methods are different things. CreateEvent expects a function. You must give it that, it will not work with GPEFlat::MouseEventThread because that's a method. What you can do though is give it a function which calls GPEFlat::MouseEventThread. Usually this is done like this
DWORD WINAPI thread_starter(LPVOID that)
{
return ((GPEFlat*)that)->MouseEventThread();
}
...
CreateThread(NULL, 0, thread_starter, this, 0, NULL);
Note that I pass this to CreateThread, that's very important. CreateThread passes it to the parameter that in thread_starter, which uses that to call the method you wanted to call all along.
The MouseEventThread have to be a static function, because a function pointer is not the same as a member function pointer. Static methods can be used as normal function pointers, but non-static member functions can not.
If you need to reference class members, then one very simple solution is to have a static wrapper functions, which takes the instance of the object (this in the constructor) and then calls the actual member function using that instance pointer.
Something like
class GPEFlat
{
// ...
private:
static DWORD MouseEventThreadWrapper(LPVOID instance)
{ return reinterpret_cast<GPEFlat*>(instance)->MouseEventThread(); }
// ...
};
Create the thread with this wrapper function instead, passing this as argument to it:
GPEFlat::GPEFlat()
{
// ...
HANDLE m_hCursorThread = CreateThread(
NULL, 0, (LPTHREAD_START_ROUTINE)MouseEventThreadWrapper, this, 0, NULL);
}
I get this error when trying to use this function
void WSPAPI GetLspGuid( LPGUID lpGuid )
{
memcpy( lpGuid, &gProviderGuid, sizeof( GUID ) );
}
the error
Run-Time Check Failure #0 - The value of ESP was not properly saved across a function call. This is usually a result of calling a function declared with one calling convention with a function pointer declared with a different calling convention.
the function is called by using
HMODULE hMod = NULL;
LPFN_GETLSPGUID fnGetLspGuid = NULL;
int retval = SOCKET_ERROR;
// Load teh library
hMod = LoadLibraryA( LspPath );
if ( NULL == hMod )
{
fprintf( stderr, "RetrieveLspGuid: LoadLibraryA failed: %d\n", GetLastError() );
goto cleanup;
}
// Get a pointer to the LSPs GetLspGuid function
fnGetLspGuid = (LPFN_GETLSPGUID) GetProcAddress( hMod, "GetLspGuid" );
if ( NULL == fnGetLspGuid )
{
fprintf( stderr, "RetrieveLspGuid: GetProcAddress failed: %d\n", GetLastError() );
goto cleanup;
}
// Retrieve the LSPs GUID
fnGetLspGuid( Guid );
This runtime check guards against a mismatch between the function declaration and the actual definition. Accidents that can happen when you compile code into a static library or a DLL. Common mismatches are the calling convention or the number or type of the arguments that are passed.
The shoe fits, you've got a macro named WSPAPI that declares the calling convention. It typically expands to either __cdecl or __stdcall, usually biased towards __stdcall. So very high odds that it this macro has the wrong value in your client code. Ask the library author for assistance if you can't figure out how to set this macro correctly.
After edit: with the additional failure mode that you are loading the wrong version of the DLL. And that your LPFN_GETLSPGUID function pointer declaration is wrong, missing the WSPAPI macro. I'll put my money on that one, especially since I can't see it.
After comment, the info is slowly trickling in:
it is defined as typedef void (*LPFN_GETLSPGUID) (GUID *lpGuid);
Which is wrong, it should be
typedef void (WSPAPI * LPFN_GETLSPGUID)(GUID *lpGuid);
If you don't have the macro available, unlikely, then substitute WSPAPI with __stdcall.
I am trying to get the image base of my process once it is loaded in memory. From my understanding, you can call GetModuleHandle to get the image base. My question is, does the handle returned essentially point to the IMAGE_DOS_HEADER struct such that you could do the following:
PIMAGE_DOS_HEADER DosHeader;
DosHeader = (PIMAGE_DOS_HEADER)GetModuleHandle(NULL);
If this is not correct, what other method could you use?
This is correct, though if you want the module handle of of a dll you need to specify its path. Otherwise you will get the handle to the process exe. You should also check the returned HMODULE first to see that its valid.
An example of how to get the virtual size of the module:
std::size_t GetModuleSize(const char* szModule)
{
HMODULE hModule = GetModuleHandle(szModule);
if(hModule == NULL) return 0;
IMAGE_DOS_HEADER* pDOSHeader = (IMAGE_DOS_HEADER*)hModule;
IMAGE_NT_HEADERS* pNTHeaders =(IMAGE_NT_HEADERS*)((BYTE*)pDOSHeader + pDOSHeader->e_lfanew);
return pNTHeaders->OptionalHeader.SizeOfImage;
}
you'll notice I use IMAGE_DOS_HEADER* and not PIMAGE_DOS_HEADER as I find that more readable and clear.
With Microsoft's compiler and linker, you can use
extern "C" IMAGE_DOS_HEADER __ImageBase;