News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests
NB: Posting URL's See here: Posted URL Change

Main Menu

What to do if there is no VirtualProtectFromApp in masm libraries?

Started by alex-rudenkiy, July 04, 2017, 08:19:25 AM

Previous topic - Next topic

alex-rudenkiy

What to do if there is no VirtualProtectFromApp in masm libraries? :(

jj2007

Don't worry, for any standard program you will never need such an exotic function 8)

hutch--


aw27


TWell

use it in dynamic way, using LoadLibrary/GetProcAddress
or make your own additional lib for kernel32 with polib.exe

example: kernel32_10.defLIBRARY KernelBase.dll
EXPORTS
_VirtualProtectFromApp@16=VirtualProtectFromApp


EDIT: fix for wrong dll

jj2007

And, most important: show us your full code. We are a curious bunch :badgrin:

Vortex

VirtualProtectFromApp :

https://msdn.microsoft.com/en-us/library/windows/desktop/mt169846%28v=vs.85%29.aspx

QuoteMinimum supported client
   
Windows 10 [desktop apps | UWP apps]

aw27

The funny part is that I don't see this VirtualProtectFromApp in the Windows 10 kernel32.dll, it is also not available in the distributed Windows 10 Kit kernel32.lib. Of course, I am missing an obvious thing, I simply don't know what.

TWell


aw27


adeyblue

Quote from: aw27 on July 05, 2017, 06:04:28 PM
Yeap  :t, but still not in the supplied libs.
It is, quite a few of them
G:\SDK\10\Lib\10.0.14393.0\um\x86>findstr /M "VirtualProtectFromApp" *
mincore.lib
OneCore.Lib
OneCoreUAP.Lib
WindowsApp.lib

aw27

Quote from: adeyblue on July 09, 2017, 06:03:08 AM
Quote from: aw27 on July 05, 2017, 06:04:28 PM
Yeap  :t, but still not in the supplied libs.
It is, quite a few of them
G:\SDK\10\Lib\10.0.14393.0\um\x86>findstr /M "VirtualProtectFromApp" *
mincore.lib
OneCore.Lib
OneCoreUAP.Lib
WindowsApp.lib


Wow, probably Microsoft <does not> know about that:
VirtualProtectFromApp function
Library: Kernel32.lib
DLL: Kernel32.dll


Vortex

What's the minimum build number of Windows 10 supporting VirtualProtectFromApp?

GetFileVersion.exe .\kernel32.dll
10.0.14393.0

\PellesC\bin\podump.exe /EXPORTS .\kernel32.dll | findstr "VirtualProtectFromApp"
No any result

jj2007

It works:include \Masm32\MasmBasic\Res\JBasic.inc ; ## builds in 32- or 64-bit mode with ML64, Uasm etc
OldProtection dd ?

jd@150 equ KernelBase ; a little hack for a missing WinAPI,
j@VirtualProtectFromApp equ jbNextApi/150:s1111 ; may be refined in the near future

Init ; OPT_64 1 ; put 0 for 32 bit, 1 for 64 bit assembly
  PrintLine Chr$("This code was assembled with ", @AsmUsed$(1), " in ", jbit$, "-bit format")
  mov rbx, rv(VirtualAlloc, 0, 4096, MEM_RESERVE or MEM_COMMIT, PAGE_NOACCESS)
  usedeb=1
  deb 4, "VirtualAlloc:", x:rbx
  jinvoke VirtualProtectFromApp, rbx, 1024, PAGE_EXECUTE_READWRITE, addr OldProtection
  deb 4, "VirtualProtectFromApp:", rax, OldProtection
  PrintLine Err$()
  Inkey Chr$(jbit$, "-bit assembly is easy, it seems...")
EndOfCode


This code was assembled with HJWasm32 in 64-bit format
VirtualAlloc:   x:rbx   1b0000h
VirtualProtectFromApp:
rax     1
OldProtection   1

Can't find the key etc.


The error message is irrelevant, since rax is non-zero.

Same for the 32-bit version. This is Windows version 10.0, build 15063.