BinaryCall UDF - Write Subroutines In C, Call In AutoIt

[Ward]

def_api_ (with the extra _) is only for msvcrt.dll. I added this because the same C standard function will be exported as different name in x84 or x64 environment (with or without extra _).

def_adr is for static variable in DLL, for example, the _iob struct in msvcrt.dll.

def_label is for generating alias to any label.

[Andreik]

 

1. Try to use "gcc", not "g++" to compile the source code. (.uleb128 pseudo-op not yet support).
2. You should use "def_api", not "def_adr". They are different.
3. You use "ws2_32.dll", so the line "def_api wsock32.dll" may need be deleted (or add ";" to set as comment)

 

 

I made all modifications and I tried to compile with gcc and with g++ also but in both cases the source use uleb128 pseudo-op so I get the same error. Can I do something different or should I try other implementation?

[Ward]

Can you tell me your GCC/MinGW version and your compile options?

Ps. On my test, only use 32-bit MinGW/g++ without -O/-O2/-Os will generate .uleb128 pseudo-op.

Maybe you can add -Os option to get rid of this problem.

 

Here is my result:

MinGW 32-bit gcc (GCC) 4.8.1

gcc -S -Os -masm=intel TCPConnect.c

expandcollapse popup

.file   "TCPConnect.c"
    .intel_syntax noprefix
    .text
    .globl  _TCPConnect
    .def    _TCPConnect;    .scl    2;  .type   32; .endef
_TCPConnect:
LFB16:
    .cfi_startproc
    push    ebp
    .cfi_def_cfa_offset 8
    .cfi_offset 5, -8
    xor eax, eax
    mov ebp, esp
    .cfi_def_cfa_register 5
    mov ecx, 8
    push    edi
    push    esi
    lea edx, [ebp-56]
    push    ebx
    .cfi_offset 7, -12
    .cfi_offset 6, -16
    .cfi_offset 3, -20
    mov edi, edx
    sub esp, 76
    rep stosd
    lea eax, [ebp-64]
    mov DWORD PTR [esp+12], eax
    mov eax, DWORD PTR [ebp+12]
    mov DWORD PTR [esp+8], edx
    mov DWORD PTR [ebp-64], 0
    mov DWORD PTR [ebp-52], 2
    mov DWORD PTR [esp+4], eax
    mov eax, DWORD PTR [ebp+8]
    mov DWORD PTR [ebp-48], 1
    mov DWORD PTR [ebp-44], 6
    mov DWORD PTR [esp], eax
    call    _getaddrinfo@16
    sub esp, 16
    test    eax, eax
    mov ebx, eax
    je  L2
L6:
    xor ebx, ebx
    jmp L3
L2:
    mov eax, DWORD PTR [ebp-64]
    mov edx, DWORD PTR [eax+12]
    mov DWORD PTR [esp+8], edx
    mov edx, DWORD PTR [eax+8]
    mov DWORD PTR [esp+4], edx
    mov eax, DWORD PTR [eax+4]
    mov DWORD PTR [esp], eax
    call    _socket@12
    sub esp, 12
    cmp eax, -1
    mov esi, eax
    mov eax, DWORD PTR [ebp-64]
    jne L4
    mov DWORD PTR [esp], eax
    jmp L8
L4:
    mov edx, DWORD PTR [eax+16]
    mov DWORD PTR [esp+8], edx
    mov eax, DWORD PTR [eax+24]
    mov DWORD PTR [esp], esi
    mov DWORD PTR [esp+4], eax
    call    _connect@12
    sub esp, 12
    test    eax, eax
    mov eax, DWORD PTR [ebp-64]
    mov DWORD PTR [esp], eax
    je  L5
L8:
    call    _freeaddrinfo@4
    push    edx
    jmp L3
L5:
    call    _freeaddrinfo@4
    mov DWORD PTR [ebp-60], 1
    push    eax
    lea eax, [ebp-60]
    mov DWORD PTR [esp+8], eax
    mov DWORD PTR [esp+4], -2147195266
    mov DWORD PTR [esp], esi
    call    _ioctlsocket@12
    sub esp, 12
    test    eax, eax
    jne L6
    mov ebx, esi
L3:
    lea esp, [ebp-12]
    mov eax, ebx
    pop ebx
    .cfi_restore 3
    pop esi
    .cfi_restore 6
    pop edi
    .cfi_restore 7
    pop ebp
    .cfi_restore 5
    .cfi_def_cfa 4, 4
    ret
    .cfi_endproc
LFE16:
    .ident  "GCC: (GNU) 4.8.1"
    .def    _getaddrinfo@16;    .scl    2;  .type   32; .endef
    .def    _socket@12; .scl    2;  .type   32; .endef
    .def    _connect@12;    .scl    2;  .type   32; .endef
    .def    _freeaddrinfo@4;    .scl    2;  .type   32; .endef
    .def    _ioctlsocket@12;    .scl    2;  .type   32; .endef
 

MinGW-w64 64-bit gcc (GCC) 4.9.1

gcc -S -Os -m32 -masm=intel TCPConnect.c

expandcollapse popup

.file   "TCPConnect.c"
    .intel_syntax noprefix
    .section    .text.unlikely,"x"
LCOLDB0:
    .text
LHOTB0:
    .globl  _TCPConnect
    .def    _TCPConnect;    .scl    2;  .type   32; .endef
_TCPConnect:
    push    ebp
    xor eax, eax
    mov ecx, 8
    mov ebp, esp
    push    edi
    push    esi
    lea edx, [ebp-56]
    push    ebx
    mov edi, edx
    sub esp, 76
    mov DWORD PTR [ebp-64], 0
    rep stosd
    lea eax, [ebp-64]
    mov DWORD PTR [ebp-52], 2
    mov DWORD PTR [ebp-48], 1
    mov DWORD PTR [ebp-44], 6
    mov DWORD PTR [esp+8], edx
    mov DWORD PTR [esp+12], eax
    mov eax, DWORD PTR [ebp+12]
    mov DWORD PTR [esp+4], eax
    mov eax, DWORD PTR [ebp+8]
    mov DWORD PTR [esp], eax
    call    [DWORD PTR __imp__getaddrinfo@16]
    sub esp, 16
    test    eax, eax
    mov ebx, eax
    je  L2
L6:
    xor ebx, ebx
    jmp L3
L2:
    mov eax, DWORD PTR [ebp-64]
    mov edx, DWORD PTR [eax+12]
    mov DWORD PTR [esp+8], edx
    mov edx, DWORD PTR [eax+8]
    mov DWORD PTR [esp+4], edx
    mov eax, DWORD PTR [eax+4]
    mov DWORD PTR [esp], eax
    call    [DWORD PTR __imp__socket@12]
    sub esp, 12
    cmp eax, -1
    mov esi, eax
    mov edi, DWORD PTR __imp__freeaddrinfo@4
    mov eax, DWORD PTR [ebp-64]
    jne L4
    mov DWORD PTR [esp], eax
    jmp L8
L4:
    mov edx, DWORD PTR [eax+16]
    mov DWORD PTR [esp+8], edx
    mov eax, DWORD PTR [eax+24]
    mov DWORD PTR [esp], esi
    mov DWORD PTR [esp+4], eax
    call    [DWORD PTR __imp__connect@12]
    sub esp, 12
    test    eax, eax
    mov eax, DWORD PTR [ebp-64]
    mov DWORD PTR [esp], eax
    je  L5
L8:
    call    edi
    push    edx
    jmp L3
L5:
    call    edi
    push    eax
    lea eax, [ebp-60]
    mov DWORD PTR [ebp-60], 1
    mov DWORD PTR [esp+8], eax
    mov DWORD PTR [esp+4], -2147195266
    mov DWORD PTR [esp], esi
    call    [DWORD PTR __imp__ioctlsocket@12]
    sub esp, 12
    test    eax, eax
    jne L6
    mov ebx, esi
L3:
    lea esp, [ebp-12]
    mov eax, ebx
    pop ebx
    pop esi
    pop edi
    pop ebp
    ret
    .section    .text.unlikely,"x"
LCOLDE0:
    .text
LHOTE0:
    .ident  "GCC: (GNU) 4.9.1 20140624 (prerelease)"

Edited August 6, 2014 by Ward

[Andreik]

I use also MinGW 32-bit gcc (GCC) 4.8.1 and seems to generate good assembly if I use -Os option.

Many thanks for your help.

[step887]

Hi Ward,

Thanks for all your work, i am not a C person, but I am learning slowly, so I was trying a simple function that return a string (char array)

c code:

const char * getString()
{
 const char *x = "abcstring";
 return x;
}

autoit:

#include "BinaryCall.au3"
ConsoleWrite(test() & @CRLF)
Func test()
    If Not @AutoItX64 Then
        Local $Code = 'AwAAAAQnAAAAAAAAAAAzmhZYCCq3cDHR36UPpp3jHwcI4LQK5/Vy+rj0A5jEJ0o0wUSVsMAA'
        Local $Reloc = 'AwAAAAQEAAAAAAAAAAABAAG+jCcAAA=='
        Local $Symbol[] = ["getString"]

        Local $CodeBase = _BinaryCall_Create($Code, $Reloc)
        If @error Then Exit
        Local $SymbolList = _BinaryCall_SymbolList($CodeBase, $Symbol)
        If @error Then Exit
    EndIf
    Return DllCallAddress("none:cdecl", DllStructGetData($SymbolList, "getString"))
EndFunc   ;==>test

but if I call main on this, it prints it out to the console

#include <stdio.h>
const char * getString();
int main()
{
 printf("%s\n", getString());
 return 0;
}

const char * getString()
{
 const char *x = "abcstring";
 return x;
}

would it be possible to return a string value?

[Ward]

I modified your script:

#include "BinaryCall.au3"
ConsoleWrite(test() & @CRLF)

Func test()
    If Not @AutoItX64 Then
        Local $Code = 'AwAAAAQnAAAAAAAAAAAzmhZYCCq3cDHR36UPpp3jHwcI4LQK5/Vy+rj0A5jEJ0o0wUSVsMAA'
        Local $Reloc = 'AwAAAAQEAAAAAAAAAAABAAG+jCcAAA=='
        Local $Symbol[] = ["getString"]

        Local $CodeBase = _BinaryCall_Create($Code, $Reloc)
        If @error Then Exit
        Local $SymbolList = _BinaryCall_SymbolList($CodeBase, $Symbol)
        If @error Then Exit
    EndIf
    Local $Ret = DllCallAddress("str:cdecl", DllStructGetData($SymbolList, "getString"))
    Return $Ret[0]
EndFunc   ;==>test

[step887]

Thanks, I have been using this and it is amazing, 

Could I trouble you for an example of FASM2AU3 Converter?

ASM

org 100h
mov dx,string
mov ah,9
int 21h
mov ah,4ch
int 21h
string db 'Hello, World!',0dh,0ah,'$'

Translate to 

If Not @AutoItX64 Then
    Local $Code = 'AwAAAAQcAAAAAAAAAAAzL/GkdsqKcaKrV2o/ApOiHfnqNGow+7NLQyiMVloapwA='

    Local $CodeBase = _BinaryCall_Create($Code)
    If @Error Then Exit
EndIf

But I am not sure how to call it 

[Ward]

You cannot call it. Your asm code is for DOS, not for Windows.

If you want to learn win32 assembly, here are some tutorials.

http://win32assembly.programminghorizon.com/tutorials.html.

[wakillon]

For an unknow reason, on 23 November Ward has edited his latests topics and removed most of his attachements.

is there anyone who have the latest BinaryCall 1.2.zip ?

 

 

Edited December 22, 2015 by wakillon

[UEZ]

I don't know whether this is version 1.2 but give it a try: http://www.mediafire.com/download/f8dr2jlspb3d52p/BinaryCall_v1.2.7z

[wakillon]

Thanks UEZ

[matwachich]

On 12/26/2015 at 10:26 PM, UEZ said:

I don't know whether this is version 1.2 but give it a try: http://www.mediafire.com/download/f8dr2jlspb3d52p/BinaryCall_v1.2.7z

Hi!

Is there any good version of this UDF? This version is missing the function: __MemoryModule_ModuleRecord

[haijie1223]

good job

Edited December 12, 2020 by haijie1223

[MattHiggs]

hhh

Edited November 17, 2022 by MattHiggs