Addition with pointers

P

purity

This is what I'm trying to do (written totally different but you'll get
the point)

HINSTANCE user32 = NULL;
FARPROC mbox = NULL;

user32=LoadLibrary("User32.dll"); //user32 now is i.e 0x77D10000

//I know messagebox is located at offset 0x77D31236 ( which is user32+
0x21236 );

//What I want to do is something similar to this...

mbox = ((FARPROC)user32)+0x21236;

//But I allways get conversion errors (int to int* I believe) or left
operand is int * errors.

I know I can hardcode all the offsets I want, but I want to get them
semi-dynamically (dynamically getting the dll basepointers, and then
just adding a specific value to get to the function I want).

Any help is greatly appreciated.
 
B

Bob Hairgrove

This is what I'm trying to do (written totally different but you'll get
the point)

HINSTANCE user32 = NULL;
FARPROC mbox = NULL;

user32=LoadLibrary("User32.dll"); //user32 now is i.e 0x77D10000

//I know messagebox is located at offset 0x77D31236 ( which is user32+
0x21236 );

//What I want to do is something similar to this...

mbox = ((FARPROC)user32)+0x21236;

//But I allways get conversion errors (int to int* I believe) or left
operand is int * errors.

I know I can hardcode all the offsets I want, but I want to get them
semi-dynamically (dynamically getting the dll basepointers, and then
just adding a specific value to get to the function I want).

Any help is greatly appreciated.

Your question has nothing to do with the C++ language, therefore it is
off-topic for this newsgroup. For Windows-specific questions you
should ask in a newsgroup such as microsoft.public.win32.programmer.*

But what you are trying to do is hacking, not programming. You don't
get function addresses in a DLL by adding offsets to an instance
handle, but by calling GetProcAddress. Besides, a handle is not a
pointer.
 
T

TB

purity skrev:
This is what I'm trying to do (written totally different but you'll get
the point)

HINSTANCE user32 = NULL;
FARPROC mbox = NULL;

user32=LoadLibrary("User32.dll"); //user32 now is i.e 0x77D10000

//I know messagebox is located at offset 0x77D31236 ( which is user32+
0x21236 );

//What I want to do is something similar to this...

mbox = ((FARPROC)user32)+0x21236;

mbox = (FARPROC)(user32+0x21236);
//But I allways get conversion errors (int to int* I believe) or left
operand is int * errors.

Remnants of error messages are not as helpful as the actual ones.
 
J

John Carson

purity said:
This is what I'm trying to do (written totally different but you'll
get the point)

HINSTANCE user32 = NULL;
FARPROC mbox = NULL;

user32=LoadLibrary("User32.dll"); //user32 now is i.e 0x77D10000

//I know messagebox is located at offset 0x77D31236 ( which is user32+
0x21236 );

//What I want to do is something similar to this...

mbox = ((FARPROC)user32)+0x21236;

//But I allways get conversion errors (int to int* I believe) or left
operand is int * errors.

I know I can hardcode all the offsets I want, but I want to get them
semi-dynamically (dynamically getting the dll basepointers, and then
just adding a specific value to get to the function I want).

Any help is greatly appreciated.


All of this is Windows specific and you should be asking it in, say,

microsoft.public.vc.language

Since you are here, FARPROC is a function pointer and pointer arithmetic is
not defined for function pointers. Accordingly, all arithmetic should be
done *prior* to casting the result to FARPROC. This might suggest

mbox = (FARPROC)(user32+0x21236);

However, that would be wrong because pointer arithmetic doesn't work like
normal arithmetic.

pointer + n

increments the address stored in pointer by n times the size of the object
pointed to, i.e., n*(sizeof(*pointer)). In this case, sizeof(*user32) is 4,
so you are actually adding 0x848d8, not 0x21236.

Finally, since you clearly don't have much idea about pointers, this sort of
hacking seems like a spectacularly bad idea. By the way, when I load
User32.dll, it does *not* load at 0x77D10000.
 
P

purity

If I'd be "hacking" something, there are way easier things to do than
something like this. Even though this seems simple stuff that I can't
solve.

What I'm trying to do, is make an app without using any loaded dll's
(kernel32, user32l, ntdll), but directly calling the functions in
inline asm like this. Edit: Hmm, this wouldn't really work anyways,
because I'd have to use LoadLibrary or GetModuleHandle API's to get the
handles anyways. Ah well, as long as it works on my computer I'm happy.
Doesn't happen that often that kernel32/user32/ntdll get loaded at
different offsets anyways. Anyways here's the example.

int MyMessagebox(LPSTR text, LPSTR title) {
int ret;
FARPROC addr=(FARPROC)0x77D31236;
__asm {
pushad
push MB_OK
push title
push text
push NULL
mov eax,addr
call eax
mov ret,eax
popad
}
return ret;
}
 
F

Frank Schmidt

I know I can hardcode all the offsets I want, but I want to get them
semi-dynamically (dynamically getting the dll basepointers, and then
just adding a specific value to get to the function I want).

Any help is greatly appreciated.

Who says that a handle _must_ point to the start of a "dll base" :S
Who says that the offset is the same after the next security fix :S

Why not use GetProcAddress?
 
M

Marek Vondrak

int MyMessagebox(LPSTR text, LPSTR title) {
int ret;
FARPROC addr=(FARPROC)0x77D31236;
__asm {
pushad
push MB_OK
push title
push text
push NULL
mov eax,addr
call eax
mov ret,eax
popad
}
return ret;
}

Sorry, but this works only by coincidence. You rely on the fact that
user32.dll is already loaded to your process (possibly by the C/C++ runtime
you link your application against) so that there is actually a relevant code
at 0x77d31236. If you want to make this working without the above assumption
you have to resort to making direct system calls (int 2e).

-- Marek
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,906
Latest member
SkinfixSkintag

Latest Threads

Top