Jump to content
Tuts 4 You

Error compiling loader in TASM32

mscofield

By mscofield
in Programming and Coding

Recommended Posts

mscofield

mscofield

Posted
Posted

hello friends , i want to compile the deroko example non-intrusive loader create in tasm32 for execryptor target, but ever that i compile show me the same message

this is a log

Microsoft Windows XP [Versión 5.1.2600]

© Copyright 1985-2001 Microsoft Corp.

C:\Tasm32\loader>makeloader

C:\Tasm32\loader>..\tasm32\tasm32 /ml /z /m9 /q loader

Turbo Assembler Version 5.3 Copyright © 1988, 2000 Inprise Corporation

Assembling file: loader.ASM

Error messages: None

Warning messages: None

Passes: 2

C:\Tasm32\loader>..\tasm32\tlink32 -x /Tpe /aa /c loader,,,..\importlib\import32.lib

Turbo Link Version 1.6.71.0 Copyright © 1993,1996 Borland International

Error: Unresolved external 'VirtualAllocEx' referenced from module loader.ASM

C:\Tasm32\loader>..\tasm32\pewrite debugger.exe

C:\Tasm32\loader>

and not resolve the call to VirtualAllocEx the exe is create but the call to VirtualAllocEx not resolved.

i try with other asm more easy and the exe is create fine until not use Call VirtualAllocEx.

In all asm that i use CAll VirtualAllocEx the obj is create fine, but tlink showme the same error,

Error: Unresolved external 'VirtualAllocEx' referenced from module ......

any idea to fix this..

regards and sorry for my bad english ;).

br

mscofield

human

human

Posted
Posted

well there is always problem with someone else code, so thing 1st to do is change paths in bat file

cant resolve or link due it doesnt see import32.lib, there are all api's tasm 5.3 can handle.

mscofield

mscofield

Posted
  • Author
Posted

@human, first to all thanks for your answer.

the path to import32.lib is fine. ..\importlib\import32.lib, iam using tasm 5.3.

The filename is loader_m.asm

my bat file is this:

make_loader.bat

-------------------

..\tasm32\tasm32 /ml /z /m9 /q loader_m

..\tasm32\tlink32 -x /Tpe /aa /c loader_m,,,..\importlib\import32.lib

..\tasm32\pewrite loader_m.exe

@echo off

del loader_m.obj

----------------------

and my importlib is selected ok, the path is ..\importlib\import32.lib, The problem is that the unique api of kernel32 cant not resolve the compiler is this., the program use VirtualProtect,LoadLibrary and others and work fine except VirtualAllocEx.

BR

sorry for my english

What can be the problem?

evlncrn8

evlncrn8

Posted
Posted

sigh.. its because tasm is OLD and DEAD and the import lib you're using doesn't

know the Ex functions (because they came later.. with hmm win2k?)...

so either move to masm (probably a good idea) or use getprocaddress to get the

'unknown' api's....

human

human

Posted
Posted

dont talk bull**** due my import32.lib has VirtualAllocEx pointing to kernel32.dll

evlncrn8

evlncrn8

Posted
Posted

sigh again.. yours might, his doesnt seem to..

so go ahead, be all high and mighty.. i really don't give a ****...

use out of date tools ,what do you really expect?..

BoB

BoB

Posted
Posted (edited)

There is updated TASM, try using that.

Turbo Assembler  Version 5.4  Copyright (c) 1988, 2009 CodeGear
Edited by BoB
human

human

Posted
Posted

well mine is also 5.3. seems no help needed anyway

  • 2 weeks later...
JMC31337

JMC31337

Posted
Posted (edited)

extern VirtualAllocEx:PROC

tasm32 /ml

tlink32 -x -c -aa FOR no console mode

or

tlink32 -x -c -ap

and dont forget your tasm.cfg file with -IC:\tasm\include

if your going old school

LPVOID WINAPI VirtualAllocEx(

__in HANDLE hProcess,

__in_opt LPVOID lpAddress,

__in SIZE_T dwSize,

__in DWORD flAllocationType,

__in DWORD flProtect

);

push flprotect

push flAlloc

push dwsize

push lpAdd

push hprocess

call VirtualAllocEx

or add a

Locals

jumps

.Model Flat ,StdCall

and use 1 liner

call VirtualAllocEx,hprocess,lpadd,dwsize,flAlloc,flprot

if im wrong someone can correct it....

g'luck

Edited by JMC31337
JMC31337

JMC31337

Posted
Posted (edited)

extern VirtualAllocEx:PROC

tasm32 /ml

tlink32 -x -c -aa FOR no console mode

or

tlink32 -x -c -ap

and dont forget your tasm.cfg file with -IC:\tasm\include

if your going old school

LPVOID WINAPI VirtualAllocEx(

__in HANDLE hProcess,

__in_opt LPVOID lpAddress,

__in SIZE_T dwSize,

__in DWORD flAllocationType,

__in DWORD flProtect

);

push flprotect

push flAlloc

push dwsize

push lpAdd

push hprocess

call VirtualAllocEx

or add a

Locals

jumps

.Model Flat ,StdCall

and use 1 liner

call VirtualAllocEx,hprocess,lpadd,dwsize,flAlloc,flprot

if im wrong someone can correct it....

g'luck

damn, even i was wrong about VirtualAlloc... i cant link it with tlink32 either.. lemme see if i cant call it directly thru kernel32.dll, i need a break from browser hijacking anyways...

Edited by JMC31337
JMC31337

JMC31337

Posted
Posted (edited)

hello friends , i want to compile the deroko example non-intrusive loader create in tasm32 for execryptor target, but ever that i compile show me the same message

this is a log

Microsoft Windows XP [Versión 5.1.2600]

© Copyright 1985-2001 Microsoft Corp.

C:\Tasm32\loader>makeloader

C:\Tasm32\loader>..\tasm32\tasm32 /ml /z /m9 /q loader

Turbo Assembler Version 5.3 Copyright © 1988, 2000 Inprise Corporation

Assembling file: loader.ASM

Error messages: None

Warning messages: None

Passes: 2

C:\Tasm32\loader>..\tasm32\tlink32 -x /Tpe /aa /c loader,,,..\importlib\import32.lib

Turbo Link Version 1.6.71.0 Copyright © 1993,1996 Borland International

Error: Unresolved external 'VirtualAllocEx' referenced from module loader.ASM

C:\Tasm32\loader>..\tasm32\pewrite debugger.exe

C:\Tasm32\loader>

and not resolve the call to VirtualAllocEx the exe is create but the call to VirtualAllocEx not resolved.

i try with other asm more easy and the exe is create fine until not use Call VirtualAllocEx.

In all asm that i use CAll VirtualAllocEx the obj is create fine, but tlink showme the same error,

Error: Unresolved external 'VirtualAllocEx' referenced from module ......

any idea to fix this..

regards and sorry for my bad english ;).

br

mscofield

post the source code you are trying to compile mscofield...

u can use the old trick from CodeBreakers in such a way that i did with Tasm32 WSASTARTUP over at VX Heavens or use GetProcAddress

we need to see your source....

but yu load VirtualAllocEx directly thru the Kernel32 with this....


;tams32 /ml getproc
;tlink32 -x -c -aa getproc,,,import32
;thnx to DiA[rRlf].386P
Locals
jumps
.Model Flat ,StdCallinclude windows.inc
extrn LoadLibraryA:PROC	
extrn GetProcAddress:PROC	
extrn ExitProcess:PROC	
.data
szDLL		db 'C:\Windows\System32\Kernel32.dll',0
szAPI		db 'VirtualAllocEx',0		
.code
start:push offset szDLL		
call LoadLibraryA		push offset szAPI	
push eax		
call GetProcAddress	push ??     //Whatever your variables are
push ??	
push ??	
push ??
push ??
call eax       //EAX=VirtualAllocEx  call ExitProcessend start
Edited by JMC31337
ghandi

ghandi

Posted
Posted

Just wondering, why can't you use the .lib files which come with BC++ Builder (as does TASM), they'd have to be more current than the files floating around atm would't they? I'm asking this in ignorance after reading an article somewhere, i don't use TASM myself or BC++ for that matter, i'm a MSVC and MASM guy. :D

HR,

Ghandi

Peter Ferrie

Peter Ferrie

Posted
Posted

TASM32 does not support VirtualAllocEx. You need to use GetModuleHandle("kernel32") and GetProcAddress("VirtualAllocEx") to use it.

Or pick a different assembler, like MASM32.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go to topic listing
×
×
  • Create New...