Jump to content
Tuts 4 You

Archived

This topic is now archived and is closed to further replies.

Ufo-Pu55y

Bassmod as LIB

Recommended Posts

Ufo-Pu55y

lo,

anybody ever had 'luck' converting Bassmod.DLL into a .LIB ?

For static linking I mean... I guess lotsa ppl would love to have it.

I've tried the tool 'Dll To Lib' on it, but somehow it fails bigtime..

all generated symbols are crap.. useless. (and yes I've unpacked it before ofc ^^)

I don't know about any other tool.

Somebody out there having experience in this topic?

cheers

Share this post


Link to post
Share on other sites
ragdog

Hi

This bassmod package have a lib this use this dll after compile

The other way is ripp this dll with ida and make a standalone lib without dll

Think i must work:confused:

Then gives a way this use i load dll from memory.

withou extract this dll to disk

cheers,

Share this post


Link to post
Share on other sites
Ufo-Pu55y
This bassmod package have a lib this use this dll after compile
Yep, but there are 2 kinds of LIBs. One for dynamic linking and one for static.

The one that's shipped in the package is for the dynamic one.

I know the author has been asked 1000 times to release a damn static one,

but he simply doesn't wanna :\

Then gives a way this use i load dll from memory.
And I know that code very well, since I once converted it from C to C#.

It's just not a very stable approach.. trying to avoid it.

The other way is ripp this dll with ida and make a standalone lib without dll

I dunno about that one.. will have a look oO

EDIT/

Haven't seen anything useful in IDA (neither found a plugin) to do such a job.

Well, in spite of saving the whole stuff as *.asm... I guess you meant that :\

Share this post


Link to post
Share on other sites
Killboy

Here's an awesome idea (even better than ripping code from IDA and hand crafting a lib file :>):

Make sure the DLL is loaded at the exact same address as the beginning of the data section in your app (ok, this might get tricky)

Grab the whole DLL memory (including header section padding)

Copy that data into your app as a byte array

Make that array the first variable so it begins at the start of the data section

Make sure the data section protection has executable right

Find the IAT of the DLL and create code that fills it with the right API values with GetProcAddress etc.

Now, declare a pointer and assign the address of the APIs to it

Voila, call the pointer

Easy? Easy.

:sorc:

Share this post


Link to post
Share on other sites
ragdog
Well, in spite of saving the whole stuff as *.asm... I guess you meant that :\

Yes that mean i save it as asm remove this dllentry **** and compile it with masm or other asm compiler

to static lib

Many keygener do but there is no other:^

If bassmod better as ufmod for use xm sound?

@Killboy

Make sure the DLL is loaded at the exact same address as the beginning of the data section in your app (ok, this might get tricky)

Grab the whole DLL memory (including header section padding)

Copy that data into your app as a byte array

Make that array the first variable so it begins at the start of the data section

Make sure the data section protection has executable right

Find the IAT of the DLL and create code that fills it with the right API values with GetProcAddress etc.

Now, declare a pointer and assign the address of the APIs to it

Voila, call the pointer

Is this same like my methode?

Then gives a way this use i load dll from memory.

@Ufo-Pu55y

as example


xm_lib file 'ufmod.dmp' ; must be at 0x00401000 !!!
xm_play = xm_lib + 9158h
xm_stop = xm_lib + 0D8h
xm_handle = xm_lib + 1Ch
;--------------------------------------------------------------------
xm_file file 'glass.xm'
xm_size = $-xm_file
;--------------------------------------------------------------------
caption db '.:FASM:.',0
message db 'uFMOD ruleZ!',0
;--------------------------------------------------------------------
entry $
push xm_size xm_file [GetProcAddress][GetModuleHandle]
call xm_play
invoke MessageBox,0,message,caption,MB_ICONQUESTION
push dword [xm_handle]
call xm_stop
invoke ExitProcess,0

Greets

Share this post


Link to post
Share on other sites
Ufo-Pu55y
Easy? Easy.
You mean doing the 'load-dll-from-memory'-thingy without having to care about relocations n stuff? oO
If bassmod better as ufmod for use xm sound?
Actually it's even better for playing XM. But that's not the reason.

I've been asked to make uPPP support other chiptune formats like MOD for example.

And I don't like the idea of saving it to disk first, before loading it into memory.

You know.. UAC and friends.. dunno.


xm_lib file 'ufmod.dmp' ; must be at 0x00401000 !!!
xm_play = xm_lib + 9158h
xm_stop = xm_lib + 0D8h

You forgot about the import stuff. I saw you mentioned 'SimplePack' which uses this approach

when using aPLib. Well, aPLib doesn't import anything.. that's why it's ok to use it like that.

Chiptune libs import lots of stuff. So this approach would work on your machine, while it crashes

on others at once.

Share this post


Link to post
Share on other sites
ragdog

Yes SimplePack use this sam methode only with this aplib.dll

Download simplepack you can see it works

Share this post


Link to post
Share on other sites
ghandi

Although i never completed it, i was working on an application which takes an executable and merges it with a dll file, relocating the dll to its new base address. It does work, but the concept i was following was for a protector stub embedding, so i didn't work on the import table or resources. Thats where i thought i'd find trouble with this idea, that anything calling GetModuleHandle and then trying to access stuff such as the resource directory would fail.

Hooking these functions, maybe you could spoof the base address and make it work, but its still hit and miss. What is unstable about the memory PE approach? If the dll is mapped correctly and gets entered into the linked list so that calls to GetModuleHandle and such succeed, where is the difference between that and the Windows loader?

HR,

Ghandi

Share this post


Link to post
Share on other sites
ghandi

Okay after some rooting around i think i may have made something... Don't shoot me if it isnt 100%, i haven't tested it thoroughly, but here is a static library version of bass.dll.

What i did:

1. Unpacked file, restored imports.

2. Unpacked 2nd copy at different base address.

3. Rebuilt relocations using ReloX because the reloc table seemed corrupted.

4. Loaded unpacked file and header from package into Lib2Dll.

5. Removed linker settings about libc.lib and oldnames.lib

6. Converted file to static library.

Once i made that, i then took the example code from the MASM part of the bass.dll package and added a call to the dll entrypoint for DLL_PROCESS_ATTACH and DLL_PROCESS_DETACH and the player works without bass.dll. Once again though, i haven't tested this thoroughly so there may still be bugs from the conversion. Any feedback is appreciated.

HR,

Ghandi

BASS static lib - MASM player example.rar

Share this post


Link to post
Share on other sites
Ufo-Pu55y

Haha!?!? I only got until your step 4.

Awesome, ghandi.. I will check it out asap when I'm home.

Thx for the effort !

Share this post


Link to post
Share on other sites
Killboy

I guess I got carried away a little with the geek humor. Never mind my previous post unless it makes you laugh :^

EDIT: Maybe I should have spilled more smilies :geek::lol::nuke::turned:

:help

Share this post


Link to post
Share on other sites
Ufo-Pu55y

Hip hip hurray! Here's my new try looking at the one from Ghandi:

BASSMOD.STATIC.LIB.7z (also with demo project)

It's 30kb or less when nicely packed. So it's not much bigger than ufMod !

Therefor you can load MOD, IT.. ah **** it.. I won't tell about it.

Chiptune loverz will know about the sound diff :teehee:

@ghandi:

4. Loaded unpacked file and header from package into Lib2Dll.
How did you add the header?

DllToLib v2.0 over here.. maybe I should d/l a newer version.

Anyway, the only thing I changed right now is, that I added the bassmod.lib from the package into DllToLib.

But maybe you meant that. Then it 'magically' worked here, too.. thx again ;P

Tho I'm still wondering why your lib is 4 times bigger oO

But simply calling it's DllMain wouldn't have come to my mind.. great!

Tho it even plays OK without calling DllMain, I'm sure it should be done.

But I'm also not sure if there a bugs in it, since I didn't fully test it.

@kill:

You know I'm a serious gal. Next time do beta !11 -_-

Share this post


Link to post
Share on other sites
Zool@nder

His lib is bigger because he works on bass and not bassmod, the bass version supports match more audio stuff (inc MP3, MP2, MP1, OGG)

I have also a converted one, but crashes some times.

may be the relocs problem, have to test ghandi method

any way, thanks for the subject and for the static lib ;)

Share this post


Link to post
Share on other sites
ghandi

Sorry man, i made a mistake. I meant to type 'lib' file but somewhere between the brain and the fingers the message got screwed up. I don't have Dll2Lib 2.0 , i only have 1.42. I got it ages ago and haven't looked for a (full) newer version, is there any improvement over 1.42? Aside from the nag messagebox, v3.0 claims to create fully functional lib files and the messagebox is easily patched out of the lib file, but i've not used it really.

HR,

Ghandi

Share this post


Link to post
Share on other sites
Ufo-Pu55y
His lib is bigger because he works on bass and not bassmod
Makes sense now.. should have known better since it's called 'bass' not 'bassmod' :kick:

@ghandi:

Version 3.00
==================================
+ Full support to Windows Vista.
+ Support attribute certificate table.
+ Support delayed-load import table.
+ Support HTML help and PDF help documents.
!! Fix the problem in processing the import table.
!! Fix some minor errors.Version 2.00
==================================
+ Completely rewrite the conversion engine.
+ Support to find unresolved symbols automatically.
+ Support to add prefix to the generated symbols.
+ Improve the compatibility.
!! Fix the problem in processing the base relocation table.
!! Fix some minor errors.

But I got no idea if these fixes are worth the download.. prolly not really

Share this post


Link to post
Share on other sites
ghandi

I guess its more than just the messagebox which is different between the full version and the 'trial' version...

Calls to functions are replaced with:


0046062A E8 01080000 CALL 00460E3000460E30 E8 23020000 CALL 00461058
00460E35 - 0F85 12D3FBFF JNZ 0041E14D
00460E3B C3 RET

Which in turn calls:


00461058 50 PUSH EAX
00461059 51 PUSH ECX
0046105A 52 PUSH EDX
0046105B 53 PUSH EBX
0046105C 54 PUSH ESP
0046105D 55 PUSH EBP
0046105E 56 PUSH ESI
0046105F 57 PUSH EDI
00461060 33C0 XOR EAX,EAX
00461062 BF 00304600 MOV EDI,00463000 ; ASCII TAB,TAB,TAB...
00461067 8107 4B5F606A ADD DWORD PTR [EDI],6A605F4B
0046106D 8187 04000000 175D6C65 ADD DWORD PTR [EDI+4],656C5D17
00461077 8187 08000000 5A6B6066 ADD DWORD PTR [EDI+8],66606B5A
00461081 8187 0C000000 6517606A ADD DWORD PTR [EDI+C],6A601765
0046108B 8187 10000000 175E5C65 ADD DWORD PTR [EDI+10],655C5E17
00461095 8187 14000000 5C69586B ADD DWORD PTR [EDI+14],6B58695C
0046109F 8187 18000000 5C5B1759 ADD DWORD PTR [EDI+18],59175B5C
004610A9 8187 1C000000 70175865 ADD DWORD PTR [EDI+1C],65581770
004610B3 8187 20000000 176C6569 ADD DWORD PTR [EDI+20],69656C17
004610BD 8187 24000000 5C5E606A ADD DWORD PTR [EDI+24],6A605E5C
004610C7 8187 28000000 6B5C695C ADD DWORD PTR [EDI+28],5C695C6B
004610D1 8187 2C000000 5B176D5C ADD DWORD PTR [EDI+2C],5C6D175B
004610DB 8187 30000000 696A6066 ADD DWORD PTR [EDI+30],66606A69
004610E5 8187 34000000 6517665D ADD DWORD PTR [EDI+34],5D661765
004610EF 8187 38000000 173B4343 ADD DWORD PTR [EDI+38],43433B17
004610F9 8187 3C000000 176B6617 ADD DWORD PTR [EDI+3C],17666B17
00461103 8187 40000000 43605918 ADD DWORD PTR [EDI+40],18596043
0046110D 8187 44000000 04010401 ADD DWORD PTR [EDI+44],1040104
00461117 8187 48000000 4B661769 ADD DWORD PTR [EDI+48],6917664B
00461121 8187 4C000000 5C5E606A ADD DWORD PTR [EDI+4C],6A605E5C
0046112B 8187 50000000 6B5C6917 ADD DWORD PTR [EDI+50],17695C6B
00461135 8187 54000000 70666C69 ADD DWORD PTR [EDI+54],696C6670
0046113F 8187 58000000 175A6667 ADD DWORD PTR [EDI+58],67665A17
00461149 8187 5C000000 7017665D ADD DWORD PTR [EDI+5C],5D661770
00461153 8187 60000000 173B4343 ADD DWORD PTR [EDI+60],43433B17
0046115D 8187 64000000 176B6617 ADD DWORD PTR [EDI+64],17666B17
00461167 8187 68000000 43605923 ADD DWORD PTR [EDI+68],23596043
00461171 8187 6C000000 1767635C ADD DWORD PTR [EDI+6C],5C636717
0046117B 8187 70000000 586A5C17 ADD DWORD PTR [EDI+70],175C6A58
00461185 8187 74000000 6D606A60 ADD DWORD PTR [EDI+74],606A606D
0046118F 8187 78000000 6B310401 ADD DWORD PTR [EDI+78],104316B
00461199 8187 7C000000 006E6E6E ADD DWORD PTR [EDI+7C],6E6E6E00
004611A3 8187 80000000 25596065 ADD DWORD PTR [EDI+80],65605925
004611AD 8187 84000000 58697024 ADD DWORD PTR [EDI+84],24706958
004611B7 8187 88000000 6A665D6B ADD DWORD PTR [EDI+88],6B5D666A
004611C1 8187 8C000000 255A6664 ADD DWORD PTR [EDI+8C],64665A25
004611CB 8187 90000000 2666695B ADD DWORD PTR [EDI+90],5B696626
004611D5 8187 94000000 5C69255F ADD DWORD PTR [EDI+94],5F25695C
004611DF 8187 98000000 6B640401 ADD DWORD PTR [EDI+98],104646B
004611E9 8187 9C000000 6669175A ADD DWORD PTR [EDI+9C],5A176966
004611F3 8187 A0000000 66656B58 ADD DWORD PTR [EDI+A0],586B6566
004611FD 8187 A4000000 5A6B3104 ADD DWORD PTR [EDI+A4],4316B5A
00461207 8187 A8000000 01006A58 ADD DWORD PTR [EDI+A8],586A0001
00461211 8187 AC000000 635C6A37 ADD DWORD PTR [EDI+AC],376A5C63
0046121B 8187 B0000000 59606558 ADD DWORD PTR [EDI+B0],58656059
00461225 8187 B4000000 6970246A ADD DWORD PTR [EDI+B4],6A247069
0046122F 8187 B8000000 665D6B25 ADD DWORD PTR [EDI+B8],256B5D66
00461239 66:8187 BC000000 5A66 ADD WORD PTR [EDI+BC],665A
00461242 8087 BE000000 64 ADD BYTE PTR [EDI+BE],64
00461249 80BF C0000000 00 CMP BYTE PTR [EDI+C0],00
00461250 74 07 JE SHORT 00461259
00461252 B8 01000000 MOV EAX,1
00461257 EB 19 JMP SHORT 00461272
00461259 C687 C0000000 01 MOV BYTE PTR [EDI+C0],1
00461260 57 PUSH EDI
00461261 68 30200000 PUSH 2030
00461266 6A 00 PUSH 0
00461268 57 PUSH EDI
00461269 6A 00 PUSH 0
0046126B FF15 C0214600 CALL DWORD PTR [<&user32.MessageBoxA>] ; user32.MessageBoxA
00461271 5F POP EDI
00461272 83E0 01 AND EAX,1
00461275 B9 BF000000 MOV ECX,0BF
0046127A B0 09 MOV AL,9
0046127C FC CLD
0046127D F3:AA REP STOS BYTE PTR ES:[EDI]
0046127F 5F POP EDI
00461280 5E POP ESI
00461281 5D POP EBP
00461282 5C POP ESP
00461283 5B POP EBX
00461284 5A POP EDX
00461285 59 POP ECX
00461286 58 POP EAX
00461287 C3 RET

The above code simply morphs the tabs in the buffer to the nag string:

"This function is generated by an unregistered version of DLL to Lib!....To register your copy of DLL to Lib, please visit:...www.binary-soft.com/order.htm..or contact:...sales@binary-soft.com"

After the messagebox has executed it will then return to the callee which will jump to the intended function. Patching the messagebox away is simple, but what sort of overhead is introduced when all calls to functions are routed through this crap?

From reversing the app a little it actually builds individual obj files for each member of the library file, then it assembles them together to make the final archive. It appears to me that it has the nag code as a separate obj file because when it is used in a project the code for the nag is separate and below the jump table for the converted code. When it was converted, Dll2Lib made a handler for each call and pointed each function call to its respective label. Then the linker does the rest when its used in a project, actually linking the separate object files into the executable.

HR,

Ghandi

Share this post


Link to post
Share on other sites
accede

wow great work Ufo-Pu55y and ghandi.

one question @Ufo-Pu55y what you us to rip the chiptune.inc file?

can you please give me are download link for the tool you used.

Share this post


Link to post
Share on other sites
Ufo-Pu55y

I guess you already got one.. C:\masm32\bintodb.exe

I've seen several other GUI based ones in the past.. forgot their names.

The one I'm using is coded by myself, but you don't wanna use it,

cuz it has no GUI.. anyway here it is: Bin2Inc.7z

Share this post


Link to post
Share on other sites
accede

I will use it and it has no graphical user special surface is not bad.

I've already found out after two seconds as it is served.

Or is there some wrong Bin2inc Tiffi.xm tiffi.inc chiptune dd 8 8

I ask only because I see it here in the inc file db 000h, 000h, 000h

Share this post


Link to post
Share on other sites
Ufo-Pu55y

wtf.. could u send me the XM? your commandline looks ok to me!

Share this post


Link to post
Share on other sites
accede

ok her is it.

After i del the db 000h, 000h, 000h it works

Tiffi.rar

Share this post


Link to post
Share on other sites
Ufo-Pu55y
I ask only because I see it here in the inc file db 000h, 000h, 000h

Ahhhh... I didn't get it first. I thought you got 3 times 000h and nothing else at all!

Your XM comes with an odd length.. that's the reason why it doesn't end with

a 'clean' DWORD in the .inc.

It was the main reason why I coded my own converter. In the past I saw that

other tools didn't correctly handle odd file sizes (maybe intentionally of course).

After i del the db 000h, 000h, 000h it works

No need to delete anything! It works like it is.. I've just tried it to be sure.

It probably won't crash when you delete these zeroes, cuz in memory it gets

refilled with zeroes again (due to section alignment or whatnot)..

but in theory it might since the song structure gets damaged.

cheers

Share this post


Link to post
Share on other sites
accede

I test it wight another xm file, i get the same db 000h, 000h, 000h.

I delete the db 000h, 000h, 000h and the sound works wight out crashing.

Next time i dont delete anything.

It works and your lib play all modules how bassmod.dll supports.

Share this post


Link to post
Share on other sites
Ufo-Pu55y
Can i us you tool on orther fasttracker modules(mod,it) usw.

erm... to get the drop on it, it works on pr00n vids and everything ^^

did you get it, that the *.inc output is just a source code conversion of

the input binary and nothing else :?

Share this post


Link to post
Share on other sites
wunder

Okay after some rooting around i think i may have made something... Don't shoot me if it isnt 100%, i haven't tested it thoroughly, but here is a static library version of bass.dll.

What i did:

1. Unpacked file, restored imports.

2. Unpacked 2nd copy at different base address.

3. Rebuilt relocations using ReloX because the reloc table seemed corrupted.

4. Loaded unpacked file and header from package into Lib2Dll.

5. Removed linker settings about libc.lib and oldnames.lib

6. Converted file to static library.

Once i made that, i then took the example code from the MASM part of the bass.dll package and added a call to the dll entrypoint for DLL_PROCESS_ATTACH and DLL_PROCESS_DETACH and the player works without bass.dll. Once again though, i haven't tested this thoroughly so there may still be bugs from the conversion. Any feedback is appreciated.

HR,

Ghandi

Hi I was wondering how did you use Lib2Dll?

I got my copy here:

http://www-soft.uni-...t/pd/RSXNT/BIN/

although the whole RSXNT compiler can be downloaded here:

http://willus.com/rsxnt.shtml

download:

http://willus.com/ar...xnt_install.exe

This is what I get for the Lib2Dll use:

http://www-soft.uni-...ML/RSXN1J3G.HTM

I attached my poor attempt ... If you have time ... Can uou please let me know how to use it...??

Thank you :)

my poor attempt.zip

Share this post


Link to post
Share on other sites

×