Author Topic: ApiSet Stub ???  (Read 381 times)

TimoVJL

  • Member
  • ***
  • Posts: 324
ApiSet Stub ???
« on: April 13, 2019, 03:58:58 AM »
Windows 8.1 API Sets
What is the real purbose of this new DLL-hell ?
Code: [Select]
includelib "api-ms-win-core-processthreads-l1-1-0_64.lib"
includelib "api-ms-win-core-console-l1-1-0_64.lib"
includelib "api-ms-win-core-processenvironment-l1-1-0_64.lib"

extern __imp_ExitProcess :proc
extern __imp_GetStdHandle :proc
extern __imp_WriteConsoleA :proc
public mainCRTStartup

.data
msg db "Hello World",13,10,0
.code
mainCRTStartup:
sub rsp, 28h
mov ecx, 0FFFFFFF5h
call qword ptr [__imp_GetStdHandle]
mov rcx, rax
xor eax, eax
mov qword ptr [rsp+20h], rax
xor r9, r9
mov r8d, 0Ch
lea rdx, [msg]
call qword ptr [__imp_WriteConsoleA]
xor ecx, ecx
call qword ptr [__imp_ExitProcess]
add rsp, 28h
ret
end

EDIT: The API Set Schema
May the source be with you

nidud

  • Member
  • *****
  • Posts: 1697
    • https://github.com/nidud/asmc
Re: ApiSet Stub ???
« Reply #1 on: April 13, 2019, 05:51:54 AM »
The library is MinCore.lib but kernel32.lib from Win8.1SDK still works.

Code: [Select]
includelib \Win81SDK\Lib\winv6.3\um\x64\MinCore.lib

STD_OUTPUT_HANDLE   equ -11

WriteConsoleA   proto :vararg
ExitProcess     proto :dword
GetStdHandle    proto :dword

    .code

    option win64:auto

main proc

  local NumberOfCharsWritten:DWORD

    WriteConsoleA(
        GetStdHandle(STD_OUTPUT_HANDLE),
        "Hello Win8.1 MinCore.lib\n",
        lengthof(DS0000),
        &NumberOfCharsWritten,
        0)

    ExitProcess(0)

main endp

    end main

Error: missing api-ms-win-core-processenvironment-l1-2-0.dll in Win7

This works (Win7):
Code: [Select]
includelib \Win81SDK\Lib\winv6.3\um\x64\kernel32.lib

STD_OUTPUT_HANDLE   equ -11

WriteConsoleA   proto :vararg
ExitProcess     proto :dword
GetStdHandle    proto :dword

    .code

    option win64:auto

main proc

  local NumberOfCharsWritten:DWORD

    WriteConsoleA(
        GetStdHandle(STD_OUTPUT_HANDLE),
        "Hello Win8.1 kernel32.lib\n",
        lengthof(DS0000),
        &NumberOfCharsWritten,
        0)

    ExitProcess(0)

main endp

    end main

asmc64 mincore.asm kernel32.asm
linkw format windows pe file mincore
linkw format windows pe file kernel32
« Last Edit: April 13, 2019, 10:09:35 PM by nidud »

jj2007

  • Member
  • *****
  • Posts: 9513
  • Assembler is fun ;-)
    • MasmBasic
Re: ApiSet Stub ???
« Reply #2 on: April 13, 2019, 06:45:46 AM »
EDIT: The API Set Schema

Lovely:
Quote
these failing implementations have not all received great care: see for instance that CreateFileW in API-MS-Win-Core-File-L1-1-0.dll returns a hard-coded NULL (0) instead of INVALID_HANDLE_VALUE (-1)

TimoVJL

  • Member
  • ***
  • Posts: 324
Re: ApiSet Stub ???
« Reply #3 on: April 14, 2019, 09:50:44 PM »
Those stubs are interesting, like x64 version, only one stub function used
Code: [Select]
pFile Data Description Value
000004A8 00001060 Function RVA 0001 AllocConsole
000004AC 00001060 Function RVA 0002 GetConsoleCP
000004B0 00001060 Function RVA 0003 GetConsoleMode
000004B4 00001060 Function RVA 0004 GetConsoleOutputCP
000004B8 00001060 Function RVA 0005 GetNumberOfConsoleInputEvents
000004BC 00001060 Function RVA 0006 PeekConsoleInputA
000004C0 00001060 Function RVA 0007 ReadConsoleA
000004C4 00001060 Function RVA 0008 ReadConsoleInputA
000004C8 00001060 Function RVA 0009 ReadConsoleInputW
000004CC 00001060 Function RVA 000A ReadConsoleW
000004D0 00001060 Function RVA 000B SetConsoleCtrlHandler
000004D4 00001060 Function RVA 000C SetConsoleMode
000004D8 00001060 Function RVA 000D WriteConsoleA
000004DC 00001060 Function RVA 000E WriteConsoleW
x86
Code: [Select]
pFile Data Description Value
000004C8 0000105C Function RVA 0001 AllocConsole
000004CC 0000105C Function RVA 0002 GetConsoleCP
000004D0 0000106E Function RVA 0003 GetConsoleMode
000004D4 0000105C Function RVA 0004 GetConsoleOutputCP
000004D8 0000106E Function RVA 0005 GetNumberOfConsoleInputEvents
000004DC 00001064 Function RVA 0006 PeekConsoleInputA
000004E0 00001078 Function RVA 0007 ReadConsoleA
000004E4 00001064 Function RVA 0008 ReadConsoleInputA
000004E8 00001064 Function RVA 0009 ReadConsoleInputW
000004EC 00001078 Function RVA 000A ReadConsoleW
000004F0 0000106E Function RVA 000B SetConsoleCtrlHandler
000004F4 0000106E Function RVA 000C SetConsoleMode
000004F8 00001078 Function RVA 000D WriteConsoleA
000004FC 00001078 Function RVA 000E WriteConsoleW
Code: [Select]
0000005C  xor eax, eax
0000005E  ret

00000064  xor eax, eax
00000066  ret 10h

0000006E  xor eax, eax
00000070  ret 8h

00000078  xor eax, eax
0000007A  ret 14h
« Last Edit: April 15, 2019, 05:33:35 PM by TimoVJL »
May the source be with you