HI <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="

The output <div class="snippet-clipboard-content notranslate position-relative ove

Yes. I Can. The dropbox link <a href="https://www.dropbox.com/s/ohludj26n4p9ojj/Fiscal

But <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url=

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

I was already running tests on that brunch <a href="https://github.com/cube0x8/loadlib

mpclient: failed to resolve function about loadlibrary HOT 16 CLOSED

Samuel-Bie commented on August 10, 2024

mpclient: failed to resolve function

from loadlibrary.

Comments (16)

taviso commented on August 10, 2024

What is the output of dumpbin.exe /exports FiscalCode.dll?

Or, if you can't use dumpbin, you can type something like: objdump -x FiscalCode.dll | awk '/The Export Tables/,/The [^E]+ Table/ { print }'

from loadlibrary.

Samuel-Bie commented on August 10, 2024

The output

$ objdump -x FiscalCode.dll | awk '/The Export Tables/,/The [^E]+ Table/ { print }'                                                                                                                       [18:38:05]
The Export Tables (interpreted .rdata section contents)

Export Flags                    0
Time/Date stamp                 5adf6e0c
Major/Minor                     0/0
Name                            00000000000036d2 FiscalCode.dll
Ordinal Base                    1
Number in:
        Export Address Table            00000001
        [Name Pointer/Ordinal] Table    00000001
Table Addresses
        Export Address Table            00000000000036c8
        Name Pointer Table              00000000000036cc
        Ordinal Table                   00000000000036d0

Export Address Table -- Ordinal Base 1
        [   0] +base[   1] 1a90 Export RVA

[Ordinal/Name Pointer] Table
        [   0] GetFiscalCode

The Function Table (interpreted .pdata section contents)

from loadlibrary.

taviso commented on August 10, 2024

I don't know, it seems okay - can you share the DLL?

from loadlibrary.

Samuel-Bie commented on August 10, 2024

Yes. I Can. The dropbox link here

from loadlibrary.

taviso commented on August 10, 2024

Oh - it's an x86-64 dll, support for x86-64 is still experimental. You can try it if you like!

#97

from loadlibrary.

Samuel-Bie commented on August 10, 2024

OK, Checking

Oh - it's an x86-64 dll, support for x86-64 is still experimental. You can try it if you like!

#97

from loadlibrary.

Samuel-Bie commented on August 10, 2024

But @taviso , how do i try x86-64, does this has its own brunch? I switched to x86-64 brunch and the last commit was 6 months ago.

from loadlibrary.

cube0x8 commented on August 10, 2024

@Samuel-Bie here the x64 branch: https://github.com/cube0x8/loadlibrary/tree/x64

from loadlibrary.

Samuel-Bie commented on August 10, 2024

Trying it Today. Let u know about any issue.

from loadlibrary.

Samuel-Bie commented on August 10, 2024

I was already running tests on that brunch https://github.com/cube0x8/loadlibrary/tree/x64 , but when running make i get the following error.

make -C peloader debug ARCH=x64
make[1]: Entering directory '/home/coder/x86/peloader'
make[1]: Nothing to be done for 'debug'.
make[1]: Leaving directory '/home/coder/x86/peloader'
cd intercept; mkdir build; cd build; cmake -DARCH:STRING=x64 -DCMAKE_BUILD_TYPE=Debug ..; make
mkdir: cannot create directory ‘build’: File exists
-- The ASM_NASM compiler identification is unknown
-- Didn't find assembler
CMake Error at CMakeLists.txt:4 (enable_language):
  No CMAKE_ASM_NASM_COMPILER could be found.

  Tell CMake where to find the compiler by setting either the environment
  variable "ASM_NASM" or the CMake cache entry CMAKE_ASM_NASM_COMPILER to the
  full path to the compiler, or to the compiler name if it is in the PATH.


-- Configuring incomplete, errors occurred!
See also "/home/coder/x86/intercept/build/CMakeFiles/CMakeOutput.log".
See also "/home/coder/x86/intercept/build/CMakeFiles/CMakeError.log".
make[1]: Entering directory '/home/coder/x86/intercept/build'
make[1]: *** No targets specified and no makefile found.  Stop.
make[1]: Leaving directory '/home/coder/x86/intercept/build'
make: *** [Makefile:27: intercept] Error 2

from loadlibrary.

Samuel-Bie commented on August 10, 2024

Hi again. @cube0x8 and @taviso .


~/x86 on  x64! ⌚ 13:40:14
$ make
cc -march=native -ggdb3 -std=gnu99 -fshort-wchar -Wno-multichar -Iinclude -Iintercept/include -Ilog -Ipeloader -mstackrealign -maccumulate-outgoing-args -O3 -D_GNU_SOURCE -I. -DNDEBUG -march=native -ggdb3 -std=gnu99 -fshort-wchar -Wno-multichar -Iinclude -Iintercept/include -Ilog -Ipeloader -mstackrealign -maccumulate-outgoing-args -O3 -lm -Wl,--dynamic-list=exports.lst -ldl  fiscalcode.c  -Wl,--whole-archive peloader/libpeloader.a -Wl,intercept/libhook.a -Wl,intercept/libZydis.a -Wl,intercept/libsubhook.a -Wl,--no-whole-archive -o fiscalcode
/usr/bin/ld: cannot find intercept/libhook.a: No such file or directory
/usr/bin/ld: cannot find intercept/libZydis.a: No such file or directory
/usr/bin/ld: cannot find intercept/libsubhook.a: No such file or directory
collect2: error: ld returned 1 exit status
make: *** [<builtin>: fiscalcode] Error 1

from loadlibrary.

Samuel-Bie commented on August 10, 2024


make
cc -march=native -ggdb3 -std=gnu99 -fshort-wchar -Wno-multichar -Iinclude -Iintercept/include -Ilog -Ipeloader -mstackrealign -maccumulate-outgoing-args -O3 -m32 -D_GNU_SOURCE -I. -DNDEBUG  -c -o mpclient.o mpclient.c
In file included from mpclient.c:42:
peloader/winnt_types.h:2190:9: error: unknown type name ‘PM128A’
 2190 |         PM128A FloatingContext[16];
      |         ^~~~~~
peloader/winnt_types.h:2192:13: error: unknown type name ‘PM128A’
 2192 |             PM128A Xmm0;
      |             ^~~~~~
peloader/winnt_types.h:2193:13: error: unknown type name ‘PM128A’
 2193 |             PM128A Xmm1;
      |             ^~~~~~
peloader/winnt_types.h:2194:13: error: unknown type name ‘PM128A’
 2194 |             PM128A Xmm2;
      |             ^~~~~~
peloader/winnt_types.h:2195:13: error: unknown type name ‘PM128A’
 2195 |             PM128A Xmm3;
      |             ^~~~~~
peloader/winnt_types.h:2196:13: error: unknown type name ‘PM128A’
 2196 |             PM128A Xmm4;
      |             ^~~~~~
peloader/winnt_types.h:2197:13: error: unknown type name ‘PM128A’
 2197 |             PM128A Xmm5;
      |             ^~~~~~
peloader/winnt_types.h:2198:13: error: unknown type name ‘PM128A’
 2198 |             PM128A Xmm6;
      |             ^~~~~~
peloader/winnt_types.h:2199:13: error: unknown type name ‘PM128A’
 2199 |             PM128A Xmm7;
      |             ^~~~~~
peloader/winnt_types.h:2200:13: error: unknown type name ‘PM128A’
 2200 |             PM128A Xmm8;
      |             ^~~~~~
peloader/winnt_types.h:2201:13: error: unknown type name ‘PM128A’
 2201 |             PM128A Xmm9;
      |             ^~~~~~
peloader/winnt_types.h:2202:13: error: unknown type name ‘PM128A’
 2202 |             PM128A Xmm10;
      |             ^~~~~~
peloader/winnt_types.h:2203:13: error: unknown type name ‘PM128A’
 2203 |             PM128A Xmm11;
      |             ^~~~~~
peloader/winnt_types.h:2204:13: error: unknown type name ‘PM128A’
 2204 |             PM128A Xmm12;
      |             ^~~~~~
peloader/winnt_types.h:2205:13: error: unknown type name ‘PM128A’
 2205 |             PM128A Xmm13;
      |             ^~~~~~
peloader/winnt_types.h:2206:13: error: unknown type name ‘PM128A’
 2206 |             PM128A Xmm14;
      |             ^~~~~~
peloader/winnt_types.h:2207:13: error: unknown type name ‘PM128A’
 2207 |             PM128A Xmm15;
      |             ^~~~~~
mpclient.c: In function ‘main’:
mpclient.c:192:25: warning: passing argument 1 of ‘setup_nt_threadinfo’ from incompatible pointer type [-Wincompatible-pointer-types]
  192 |     setup_nt_threadinfo(ExceptionHandler);
      |                         ^~~~~~~~~~~~~~~~
      |                         |
      |                         EXCEPTION_DISPOSITION (*)(struct _EXCEPTION_RECORD *, struct _EXCEPTION_FRAME *, struct _CONTEXT *, struct _EXCEPTION_FRAME **) {aka enum <anonymous> (*)(struct _EXCEPTION_RECORD *, struct _EXCEPTION_FRAME *, struct _CONTEXT *, struct _EXCEPTION_FRAME **)}
In file included from mpclient.c:43:
peloader/pe_linker.h:1121:45: note: expected ‘PEXCEPTION_HANDLER’ {aka ‘enum <anonymous> (*)(struct _EXCEPTION_RECORD *, struct _EXCEPTION_FRAME *, void **, struct _EXCEPTION_FRAME **)’} but argument is of type ‘EXCEPTION_DISPOSITION (*)(struct _EXCEPTION_RECORD *, struct _EXCEPTION_FRAME *, struct _CONTEXT *, struct _EXCEPTION_FRAME **)’ {aka ‘enum <anonymous> (*)(struct _EXCEPTION_RECORD *, struct _EXCEPTION_FRAME *, struct _CONTEXT *, struct _EXCEPTION_FRAME **)’}
 1121 | bool setup_nt_threadinfo(PEXCEPTION_HANDLER handler);
      |                          ~~~~~~~~~~~~~~~~~~~^~~~~~~
mpclient.c:240:34: warning: assignment to ‘DWORD (*)(FILE *, uint64_t,  void *, DWORD,  uint32_t *)’ {aka ‘unsigned int (*)(struct _IO_FILE *, long long unsigned int,  void *, unsigned int,  unsigned int *)’} from incompatible pointer type ‘DWORD (*)(void *, ULONGLONG,  void *, DWORD,  uint32_t *)’ {aka ‘unsigned int (*)(void *, long long unsigned int,  void *, unsigned int,  unsigned int *)’} [-Wincompatible-pointer-types]
  240 |     ScanDescriptor.Read          = ReadStream;
      |                                  ^
mpclient.c:241:34: warning: assignment to ‘DWORD (*)(FILE *, uint64_t *)’ {aka ‘unsigned int (*)(struct _IO_FILE *, long long unsigned int *)’} from incompatible pointer type ‘DWORD (*)(void *, uint64_t *)’ {aka ‘unsigned int (*)(void *, long long unsigned int *)’} [-Wincompatible-pointer-types]
  241 |     ScanDescriptor.GetSize       = GetStreamSize;
      |                                  ^
mpclient.c:242:34: warning: assignment to ‘uint16_t * (*)(FILE *)’ {aka ‘short unsigned int * (*)(struct _IO_FILE *)’} from incompatible pointer type ‘uint16_t * (*)(void *)’ {aka ‘short unsigned int * (*)(void *)’} [-Wincompatible-pointer-types]
  242 |     ScanDescriptor.GetName       = GetStreamName;
      |                                  ^
make: *** [<builtin>: mpclient.o] Error 1

from loadlibrary.

cube0x8 commented on August 10, 2024

Hello @Samuel-Bie,

first of all, thank you for reporting these issues.
I realized I left some NASM dependency which is not necessary any longer. I removed it.

Please, pull the new modification I pushed on the x64 branch, clean the workspace (make clean) and try to build your target again.

Meanwhile, I will try it on my machine too with the DLL you shared.

from loadlibrary.

cube0x8 commented on August 10, 2024

So,

I downloaded your DLL and managed to load it and link it correctly.
Then, the DLL did some call to some MSVCRT.dll (the windows runtime) API, which are not implemented in loadlibrary, so it SIGSEGVs.

Here some suggestions:

please, when you compile your DLL, link the windows runtime statically in the binary. Here is an how-to for VS:
in the GetFiscalCode prototype, replace __stdcall with WINAPI:
int WINAPI (*GetFiscalCode)(char *, char *, char *, char *, char *, char *, char *, char *, int);
You need to delcare the pe_image struct globally, so:
struct pe_image image = { .entry = NULL, .name = "engine/FiscalCode.dll", }; goes before the main, right after the include statements

Please, try the points above and let me know!

from loadlibrary.

cube0x8 commented on August 10, 2024

Hello @Samuel-Bie,

Did you manage to get your DLL working?

from loadlibrary.

cube0x8 commented on August 10, 2024

This can be considered closed, since I managed to load and link the library shared by @Samuel-Bie and there have not been other follow ups.

from loadlibrary.

mpclient: failed to resolve function about loadlibrary HOT 16 CLOSED

Comments (16)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent