Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Error compiling loader in TASM32

mscofield
mscofield
in Programming and Coding

Featured Replies

Posted

hello friends , i want to compile the deroko example non-intrusive loader create in tasm32 for execryptor target, but ever that i compile show me the same message

this is a log

Microsoft Windows XP [Versión 5.1.2600]

© Copyright 1985-2001 Microsoft Corp.

C:\Tasm32\loader>makeloader

C:\Tasm32\loader>..\tasm32\tasm32 /ml /z /m9 /q loader

Turbo Assembler Version 5.3 Copyright © 1988, 2000 Inprise Corporation

Assembling file: loader.ASM

Error messages: None

Warning messages: None

Passes: 2

C:\Tasm32\loader>..\tasm32\tlink32 -x /Tpe /aa /c loader,,,..\importlib\import32.lib

Turbo Link Version 1.6.71.0 Copyright © 1993,1996 Borland International

Error: Unresolved external 'VirtualAllocEx' referenced from module loader.ASM

C:\Tasm32\loader>..\tasm32\pewrite debugger.exe

C:\Tasm32\loader>

and not resolve the call to VirtualAllocEx the exe is create but the call to VirtualAllocEx not resolved.

i try with other asm more easy and the exe is create fine until not use Call VirtualAllocEx.

In all asm that i use CAll VirtualAllocEx the obj is create fine, but tlink showme the same error,

Error: Unresolved external 'VirtualAllocEx' referenced from module ......

any idea to fix this..

regards and sorry for my bad english ;).

br

mscofield

well there is always problem with someone else code, so thing 1st to do is change paths in bat file

cant resolve or link due it doesnt see import32.lib, there are all api's tasm 5.3 can handle.

  • Author

@human, first to all thanks for your answer.

the path to import32.lib is fine. ..\importlib\import32.lib, iam using tasm 5.3.

The filename is loader_m.asm

my bat file is this:

make_loader.bat

-------------------

..\tasm32\tasm32 /ml /z /m9 /q loader_m

..\tasm32\tlink32 -x /Tpe /aa /c loader_m,,,..\importlib\import32.lib

..\tasm32\pewrite loader_m.exe

@echo off

del loader_m.obj

----------------------

and my importlib is selected ok, the path is ..\importlib\import32.lib, The problem is that the unique api of kernel32 cant not resolve the compiler is this., the program use VirtualProtect,LoadLibrary and others and work fine except VirtualAllocEx.

BR

sorry for my english

What can be the problem?

put source on mediafire

sigh.. its because tasm is OLD and DEAD and the import lib you're using doesn't

know the Ex functions (because they came later.. with hmm win2k?)...

so either move to masm (probably a good idea) or use getprocaddress to get the

'unknown' api's....

dont talk bull**** due my import32.lib has VirtualAllocEx pointing to kernel32.dll

sigh again.. yours might, his doesnt seem to..

so go ahead, be all high and mighty.. i really don't give a ****...

use out of date tools ,what do you really expect?..

There is updated TASM, try using that.

Turbo Assembler  Version 5.4  Copyright (c) 1988, 2009 CodeGear

Edited by BoB

well mine is also 5.3. seems no help needed anyway

  • 2 weeks later...

extern VirtualAllocEx:PROC

tasm32 /ml

tlink32 -x -c -aa FOR no console mode

or

tlink32 -x -c -ap

and dont forget your tasm.cfg file with -IC:\tasm\include

if your going old school

LPVOID WINAPI VirtualAllocEx(

__in HANDLE hProcess,

__in_opt LPVOID lpAddress,

__in SIZE_T dwSize,

__in DWORD flAllocationType,

__in DWORD flProtect

);

push flprotect

push flAlloc

push dwsize

push lpAdd

push hprocess

call VirtualAllocEx

or add a

Locals

jumps

.Model Flat ,StdCall

and use 1 liner

call VirtualAllocEx,hprocess,lpadd,dwsize,flAlloc,flprot

if im wrong someone can correct it....

g'luck

Edited by JMC31337

extern VirtualAllocEx:PROC

tasm32 /ml

tlink32 -x -c -aa FOR no console mode

or

tlink32 -x -c -ap

and dont forget your tasm.cfg file with -IC:\tasm\include

if your going old school

LPVOID WINAPI VirtualAllocEx(

__in HANDLE hProcess,

__in_opt LPVOID lpAddress,

__in SIZE_T dwSize,

__in DWORD flAllocationType,

__in DWORD flProtect

);

push flprotect

push flAlloc

push dwsize

push lpAdd

push hprocess

call VirtualAllocEx

or add a

Locals

jumps

.Model Flat ,StdCall

and use 1 liner

call VirtualAllocEx,hprocess,lpadd,dwsize,flAlloc,flprot

if im wrong someone can correct it....

g'luck

damn, even i was wrong about VirtualAlloc... i cant link it with tlink32 either.. lemme see if i cant call it directly thru kernel32.dll, i need a break from browser hijacking anyways...

Edited by JMC31337

hello friends , i want to compile the deroko example non-intrusive loader create in tasm32 for execryptor target, but ever that i compile show me the same message

this is a log

Microsoft Windows XP [Versión 5.1.2600]

© Copyright 1985-2001 Microsoft Corp.

C:\Tasm32\loader>makeloader

C:\Tasm32\loader>..\tasm32\tasm32 /ml /z /m9 /q loader

Turbo Assembler Version 5.3 Copyright © 1988, 2000 Inprise Corporation

Assembling file: loader.ASM

Error messages: None

Warning messages: None

Passes: 2

C:\Tasm32\loader>..\tasm32\tlink32 -x /Tpe /aa /c loader,,,..\importlib\import32.lib

Turbo Link Version 1.6.71.0 Copyright © 1993,1996 Borland International

Error: Unresolved external 'VirtualAllocEx' referenced from module loader.ASM

C:\Tasm32\loader>..\tasm32\pewrite debugger.exe

C:\Tasm32\loader>

and not resolve the call to VirtualAllocEx the exe is create but the call to VirtualAllocEx not resolved.

i try with other asm more easy and the exe is create fine until not use Call VirtualAllocEx.

In all asm that i use CAll VirtualAllocEx the obj is create fine, but tlink showme the same error,

Error: Unresolved external 'VirtualAllocEx' referenced from module ......

any idea to fix this..

regards and sorry for my bad english ;).

br

mscofield

post the source code you are trying to compile mscofield...

u can use the old trick from CodeBreakers in such a way that i did with Tasm32 WSASTARTUP over at VX Heavens or use GetProcAddress

we need to see your source....

but yu load VirtualAllocEx directly thru the Kernel32 with this....


;tams32 /ml getproc
;tlink32 -x -c -aa getproc,,,import32
;thnx to DiA[rRlf].386P
Locals
jumps
.Model Flat ,StdCallinclude windows.inc
extrn LoadLibraryA:PROC	
extrn GetProcAddress:PROC	
extrn ExitProcess:PROC	
.data
szDLL		db 'C:\Windows\System32\Kernel32.dll',0
szAPI		db 'VirtualAllocEx',0		
.code
start:push offset szDLL		
call LoadLibraryA		push offset szAPI	
push eax		
call GetProcAddress	push ??     //Whatever your variables are
push ??	
push ??	
push ??
push ??
call eax       //EAX=VirtualAllocEx  call ExitProcessend start

Edited by JMC31337

Just wondering, why can't you use the .lib files which come with BC++ Builder (as does TASM), they'd have to be more current than the files floating around atm would't they? I'm asking this in ignorance after reading an article somewhere, i don't use TASM myself or BC++ for that matter, i'm a MSVC and MASM guy. :D

HR,

Ghandi

TASM32 does not support VirtualAllocEx. You need to use GetModuleHandle("kernel32") and GetProcAddress("VirtualAllocEx") to use it.

Or pick a different assembler, like MASM32.

Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.