Results 1 to 3 of 3

Thread: linking problem

  1. #1
    Registered User
    Join Date
    Feb 2004
    Location
    France
    Posts
    99

    Question [solved]linking problem

    Hello all

    I got a linking problem, here's the story...

    In one of my program (in C), I must call NtQueryInformationProcess, then rather than to obtain it by LoadLibrary and GetProcaddress (dynamically) I decided to create a lib which will enable me to call this function in a static manner.

    The NtQueryInformationProcess API is not present indeed in the supplied libraries of the SDK... I thus created a fictitious DLL in asm to recover the .lib file created with it.

    Code:
        .386
        .model flat,stdcall
        option casemap:none
        include ntdll.inc
        .data
        .code
        DllEntry proc hInstDLL:HINSTANCE, reason:DWORD, reserved1:DWORD
            mov  eax,TRUE
            ret
       DllEntry Endp
       NtQueryInformationProcess proc a1:DWORD, a2:DWORD, a3:DWORD, a4:DWORD, a5:DWORD
       NtQueryInformationProcess endp
       end DllEntry
    the .def file :

    Code:
               LIBRARY ntdll
                EXPORTS
                NtQueryInformationProcess
    In my C source code I wrote the func prototype and all the needed structs.

    Here's the proto :

    Code:
    NTSTATUS NtQueryInformationProcess(
      HANDLE ProcessHandle,
      PROCESSINFOCLASS ProcessInformationClass,
      PVOID ProcessInformation,
      ULONG ProcessInformationLength,
      PULONG ReturnLength
    );
    I then tell VC++ 7 to link against my ntdll.lib obtained with MASM, and here arises the problem:

    Code:
    ProcessParsing.obj : error LNK2019: unresolved external symbol "long __cdecl NtQueryInformationProcess(void *,enum _PROCESSINFOCLASS,void *,unsigned long,unsigned long *)" (?NtQueryInformationProcess@@YAJPAXW4_PROCESSINFOCLASS@@0KPAK@Z) referenced in function "struct _PEB * __cdecl GetRemotePEB(void *)" (?GetPEB@@YAPAU_PEB@@PAX@Z)
    Release/Process.exe : fatal error LNK1120: 1 unresolved externals
    Facing this problem, I was thinking that the linker couldn't seen my lib so i given the /VERBOSE switch to the linker. In fact it could see my .lib file while searching for imports:

    Searching F:\Program Files\microsoft Visual Studio\MyProjects\Process\ntdll.lib:
    Someone told me that it could be a calling convention problem (from linker error, we can see it's waiting for a __cdecl proc) :

    long __cdecl NtQueryInformationProcess
    I then told masm to compile with C langtype but it doesn't works also (i.e can't link from my C program):

    Code:
    	NtQueryInformationProcess  proc C a1:DWORD, a2:DWORD, a3:DWORD, a4:DWORD, a5:DWORD
    	NtQueryInformationProcess endp
    I've tried to link with a MASM program and it works ! But I don't get why I can't link with a C program... what I've done wrong ?

    Attached is the source code of the lib and the .lib file (MASM with Radasm project). If someone can link a C / C++ program with this .lib I hope to get some feedback.

    Thank you very much,

    Regards, Neitsa.
    Attached Files Attached Files
    Last edited by Neitsa; October 24th, 2005 at 07:48.
    Omne tulit punctum qui miscuit utile dulci

  2. #2
    Have a look at http://reactos.geldorp.nl/d2/dc3/winternl_8h.html

    In your C header, add WINAPI:

    NTSTATUS WINAPI NtQueryInformationProcess(
    HANDLE ProcessHandle,
    PROCESSINFOCLASS ProcessInformationClass,
    PVOID ProcessInformation,
    ULONG ProcessInformationLength,
    PULONG ReturnLength
    );

    If your code were C++, you should wrap this decl it in an extern "C".

    Also, take a look at Iczelion's tutorial on creating Import libraries in MASM.
    http://spiff.tripnet.se/~iczelion/importlib.html
    At the bottom of that page is a link called http://spiff.tripnet.se/~iczelion/files/implibtools.zip
    which contains two tools to make things go really easy, no MASM experiance required.

    Anyway, in your MASM code, you have:
    .model flat,stdcall
    which is good, but:
    NtQueryInformationProcess proc C a1: DWORD, a2: DWORD, a3: DWORD, a4: DWORD, a5: DWORD
    which isn't. Remove the "C".

    I can't recomend Iczelion's ImpLibTools enough. They are really handy.

  3. #3
    Registered User
    Join Date
    Feb 2004
    Location
    France
    Posts
    99

    Thumbs up

    I simply forget that my file extension were .cpp and therefore my code was C++...

    If your code were C++, you should wrap this decl it in an extern "C".
    I just wrapped it and it works... silly me :/ (and what a shame...)

    Thanks a lot sqdt for your help.

    Regards, Neitsa.
    Omne tulit punctum qui miscuit utile dulci

Similar Threads

  1. Watermarking by linking order
    By niaren in forum Mini Project Area
    Replies: 25
    Last Post: January 15th, 2011, 22:07
  2. Enabling "Save" function + linking to code
    By x! in forum Malware Analysis and Unpacking Forum
    Replies: 16
    Last Post: February 14th, 2001, 20:15
  3. Thanks +Tsehp, problem solve Isp problem :)
    By esther in forum Advanced Reversing and Programming
    Replies: 1
    Last Post: October 28th, 2000, 07:29

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •