Jump to content

BinaryCall UDF - Write Subroutines In C, Call In AutoIt


Ward
 Share

Recommended Posts

def_api_ (with the extra _) is only for msvcrt.dll. I added this because the same C standard function will be exported as different name in x84 or x64 environment (with or without extra _).

def_adr is for static variable in DLL, for example, the _iob struct in msvcrt.dll.

def_label is for generating alias to any label.

新版 _ArrayAdd 的白痴作者,不管是誰,去死一死好了

 

Link to comment
Share on other sites

 

  1. Try to use "gcc", not "g++" to compile the source code. (.uleb128 pseudo-op not yet support).
  2. You should use "def_api", not "def_adr". They are different.
  3. You use "ws2_32.dll", so the line "def_api wsock32.dll" may need be deleted (or add ";" to set as comment)

 

 

I made all modifications and I tried to compile with gcc and with g++ also but in both cases the source use uleb128 pseudo-op so I get the same error. Can I do something different or should I try other implementation?

When the words fail... music speaks.

Link to comment
Share on other sites

Can you tell me your GCC/MinGW version and your compile options?

Ps. On my test, only use 32-bit MinGW/g++ without -O/-O2/-Os will generate .uleb128 pseudo-op.

Maybe you can add -Os option to get rid of this problem.

 

Here is my result:

MinGW 32-bit gcc (GCC) 4.8.1

gcc -S -Os -masm=intel TCPConnect.c

.file   "TCPConnect.c"
    .intel_syntax noprefix
    .text
    .globl  _TCPConnect
    .def    _TCPConnect;    .scl    2;  .type   32; .endef
_TCPConnect:
LFB16:
    .cfi_startproc
    push    ebp
    .cfi_def_cfa_offset 8
    .cfi_offset 5, -8
    xor eax, eax
    mov ebp, esp
    .cfi_def_cfa_register 5
    mov ecx, 8
    push    edi
    push    esi
    lea edx, [ebp-56]
    push    ebx
    .cfi_offset 7, -12
    .cfi_offset 6, -16
    .cfi_offset 3, -20
    mov edi, edx
    sub esp, 76
    rep stosd
    lea eax, [ebp-64]
    mov DWORD PTR [esp+12], eax
    mov eax, DWORD PTR [ebp+12]
    mov DWORD PTR [esp+8], edx
    mov DWORD PTR [ebp-64], 0
    mov DWORD PTR [ebp-52], 2
    mov DWORD PTR [esp+4], eax
    mov eax, DWORD PTR [ebp+8]
    mov DWORD PTR [ebp-48], 1
    mov DWORD PTR [ebp-44], 6
    mov DWORD PTR [esp], eax
    call    _getaddrinfo@16
    sub esp, 16
    test    eax, eax
    mov ebx, eax
    je  L2
L6:
    xor ebx, ebx
    jmp L3
L2:
    mov eax, DWORD PTR [ebp-64]
    mov edx, DWORD PTR [eax+12]
    mov DWORD PTR [esp+8], edx
    mov edx, DWORD PTR [eax+8]
    mov DWORD PTR [esp+4], edx
    mov eax, DWORD PTR [eax+4]
    mov DWORD PTR [esp], eax
    call    _socket@12
    sub esp, 12
    cmp eax, -1
    mov esi, eax
    mov eax, DWORD PTR [ebp-64]
    jne L4
    mov DWORD PTR [esp], eax
    jmp L8
L4:
    mov edx, DWORD PTR [eax+16]
    mov DWORD PTR [esp+8], edx
    mov eax, DWORD PTR [eax+24]
    mov DWORD PTR [esp], esi
    mov DWORD PTR [esp+4], eax
    call    _connect@12
    sub esp, 12
    test    eax, eax
    mov eax, DWORD PTR [ebp-64]
    mov DWORD PTR [esp], eax
    je  L5
L8:
    call    _freeaddrinfo@4
    push    edx
    jmp L3
L5:
    call    _freeaddrinfo@4
    mov DWORD PTR [ebp-60], 1
    push    eax
    lea eax, [ebp-60]
    mov DWORD PTR [esp+8], eax
    mov DWORD PTR [esp+4], -2147195266
    mov DWORD PTR [esp], esi
    call    _ioctlsocket@12
    sub esp, 12
    test    eax, eax
    jne L6
    mov ebx, esi
L3:
    lea esp, [ebp-12]
    mov eax, ebx
    pop ebx
    .cfi_restore 3
    pop esi
    .cfi_restore 6
    pop edi
    .cfi_restore 7
    pop ebp
    .cfi_restore 5
    .cfi_def_cfa 4, 4
    ret
    .cfi_endproc
LFE16:
    .ident  "GCC: (GNU) 4.8.1"
    .def    _getaddrinfo@16;    .scl    2;  .type   32; .endef
    .def    _socket@12; .scl    2;  .type   32; .endef
    .def    _connect@12;    .scl    2;  .type   32; .endef
    .def    _freeaddrinfo@4;    .scl    2;  .type   32; .endef
    .def    _ioctlsocket@12;    .scl    2;  .type   32; .endef
 

MinGW-w64 64-bit gcc (GCC) 4.9.1

gcc -S -Os -m32 -masm=intel TCPConnect.c

.file   "TCPConnect.c"
    .intel_syntax noprefix
    .section    .text.unlikely,"x"
LCOLDB0:
    .text
LHOTB0:
    .globl  _TCPConnect
    .def    _TCPConnect;    .scl    2;  .type   32; .endef
_TCPConnect:
    push    ebp
    xor eax, eax
    mov ecx, 8
    mov ebp, esp
    push    edi
    push    esi
    lea edx, [ebp-56]
    push    ebx
    mov edi, edx
    sub esp, 76
    mov DWORD PTR [ebp-64], 0
    rep stosd
    lea eax, [ebp-64]
    mov DWORD PTR [ebp-52], 2
    mov DWORD PTR [ebp-48], 1
    mov DWORD PTR [ebp-44], 6
    mov DWORD PTR [esp+8], edx
    mov DWORD PTR [esp+12], eax
    mov eax, DWORD PTR [ebp+12]
    mov DWORD PTR [esp+4], eax
    mov eax, DWORD PTR [ebp+8]
    mov DWORD PTR [esp], eax
    call    [DWORD PTR __imp__getaddrinfo@16]
    sub esp, 16
    test    eax, eax
    mov ebx, eax
    je  L2
L6:
    xor ebx, ebx
    jmp L3
L2:
    mov eax, DWORD PTR [ebp-64]
    mov edx, DWORD PTR [eax+12]
    mov DWORD PTR [esp+8], edx
    mov edx, DWORD PTR [eax+8]
    mov DWORD PTR [esp+4], edx
    mov eax, DWORD PTR [eax+4]
    mov DWORD PTR [esp], eax
    call    [DWORD PTR __imp__socket@12]
    sub esp, 12
    cmp eax, -1
    mov esi, eax
    mov edi, DWORD PTR __imp__freeaddrinfo@4
    mov eax, DWORD PTR [ebp-64]
    jne L4
    mov DWORD PTR [esp], eax
    jmp L8
L4:
    mov edx, DWORD PTR [eax+16]
    mov DWORD PTR [esp+8], edx
    mov eax, DWORD PTR [eax+24]
    mov DWORD PTR [esp], esi
    mov DWORD PTR [esp+4], eax
    call    [DWORD PTR __imp__connect@12]
    sub esp, 12
    test    eax, eax
    mov eax, DWORD PTR [ebp-64]
    mov DWORD PTR [esp], eax
    je  L5
L8:
    call    edi
    push    edx
    jmp L3
L5:
    call    edi
    push    eax
    lea eax, [ebp-60]
    mov DWORD PTR [ebp-60], 1
    mov DWORD PTR [esp+8], eax
    mov DWORD PTR [esp+4], -2147195266
    mov DWORD PTR [esp], esi
    call    [DWORD PTR __imp__ioctlsocket@12]
    sub esp, 12
    test    eax, eax
    jne L6
    mov ebx, esi
L3:
    lea esp, [ebp-12]
    mov eax, ebx
    pop ebx
    pop esi
    pop edi
    pop ebp
    ret
    .section    .text.unlikely,"x"
LCOLDE0:
    .text
LHOTE0:
    .ident  "GCC: (GNU) 4.9.1 20140624 (prerelease)"
Edited by Ward

新版 _ArrayAdd 的白痴作者,不管是誰,去死一死好了

 

Link to comment
Share on other sites

  • 2 months later...

Hi Ward,

Thanks for all your work, i am not a C person, but I am learning slowly, so I was trying a simple function that return a string (char array)

c code:

const char * getString()
{
 const char *x = "abcstring";
 return x;
}

autoit:

#include "BinaryCall.au3"
ConsoleWrite(test() & @CRLF)
Func test()
    If Not @AutoItX64 Then
        Local $Code = 'AwAAAAQnAAAAAAAAAAAzmhZYCCq3cDHR36UPpp3jHwcI4LQK5/Vy+rj0A5jEJ0o0wUSVsMAA'
        Local $Reloc = 'AwAAAAQEAAAAAAAAAAABAAG+jCcAAA=='
        Local $Symbol[] = ["getString"]

        Local $CodeBase = _BinaryCall_Create($Code, $Reloc)
        If @error Then Exit
        Local $SymbolList = _BinaryCall_SymbolList($CodeBase, $Symbol)
        If @error Then Exit
    EndIf
    Return DllCallAddress("none:cdecl", DllStructGetData($SymbolList, "getString"))
EndFunc   ;==>test

but if I call main on this, it prints it out to the console

#include <stdio.h>
const char * getString();
int main()
{
 printf("%s\n", getString());
 return 0;
}

const char * getString()
{
 const char *x = "abcstring";
 return x;
}

would it be possible to return a string value?

Link to comment
Share on other sites

I modified your script:

#include "BinaryCall.au3"
ConsoleWrite(test() & @CRLF)

Func test()
    If Not @AutoItX64 Then
        Local $Code = 'AwAAAAQnAAAAAAAAAAAzmhZYCCq3cDHR36UPpp3jHwcI4LQK5/Vy+rj0A5jEJ0o0wUSVsMAA'
        Local $Reloc = 'AwAAAAQEAAAAAAAAAAABAAG+jCcAAA=='
        Local $Symbol[] = ["getString"]

        Local $CodeBase = _BinaryCall_Create($Code, $Reloc)
        If @error Then Exit
        Local $SymbolList = _BinaryCall_SymbolList($CodeBase, $Symbol)
        If @error Then Exit
    EndIf
    Local $Ret = DllCallAddress("str:cdecl", DllStructGetData($SymbolList, "getString"))
    Return $Ret[0]
EndFunc   ;==>test

新版 _ArrayAdd 的白痴作者,不管是誰,去死一死好了

 

Link to comment
Share on other sites

Thanks, I have been using this and it is amazing, 

Could I trouble you for an example of FASM2AU3 Converter?

ASM

org 100h
mov dx,string
mov ah,9
int 21h
mov ah,4ch
int 21h
string db 'Hello, World!',0dh,0ah,'$'

Translate to 

If Not @AutoItX64 Then
    Local $Code = 'AwAAAAQcAAAAAAAAAAAzL/GkdsqKcaKrV2o/ApOiHfnqNGow+7NLQyiMVloapwA='

    Local $CodeBase = _BinaryCall_Create($Code)
    If @Error Then Exit
EndIf

But I am not sure how to call it 

Link to comment
Share on other sites

  • 1 year later...

I don't know whether this is version 1.2 but give it a try: http://www.mediafire.com/download/f8dr2jlspb3d52p/BinaryCall_v1.2.7z

Please don't send me any personal message and ask for support! I will not reply!

Selection of finest graphical examples at Codepen.io

The own fart smells best!
Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!
¯\_(ツ)_/¯  ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ

Link to comment
Share on other sites

  • 3 years later...
  • 1 year later...
  • 1 year later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...