|
Thanks nave,
DLL is displayed, but the DLL properties only display load address, no preferred load address. Any comments?
regards,
George
|
|
|
|
|
You can select that column also.
take the select column option by right clicking on the header of the lower pane. Select the "Base" and "Image Base" from the list. The "base" is the address at which the dll has actually loaded and "Image base" is the prefered base address.
You can also use the dependency walker to find the prefered base address.
|
|
|
|
|
Thanks nave!
I have found out, very good tool!
regards,
George
|
|
|
|
|
On my system at least,
dumpbin /headers iain.dll
then look at the image base value.
That's with VS6 - no idea if the utility is still around for later versions.
Iain.
|
|
|
|
|
Hi Iain,
Here is my output, which item do you think is the preferred load address?
Microsoft (R) COFF/PE Dumper Version 9.00.30729.01
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file TestDll2.dll
PE signature found
File Type: DLL
FILE HEADER VALUES
8664 machine (x64)
7 number of sections
48FF2B43 time date stamp Wed Oct 22 21:31:47 2008
0 file pointer to symbol table
0 number of symbols
F0 size of optional header
2022 characteristics
Executable
Application can handle large (>2GB) addresses
DLL
OPTIONAL HEADER VALUES
20B magic # (PE32+)
9.00 linker version
4800 size of code
3600 size of initialized data
0 size of uninitialized data
1520 entry point (0000000180001520) _DllMainCRTStartup
1000 base of code
180000000 image base (0000000180000000 to 000000018000CFFF)
1000 section alignment
200 file alignment
5.02 operating system version
0.00 image version
5.02 subsystem version
0 Win32 version
D000 size of image
400 size of headers
F212 checksum
2 subsystem (Windows GUI)
140 DLL characteristics
Dynamic base
NX compatible
100000 size of stack reserve
1000 size of stack commit
100000 size of heap reserve
1000 size of heap commit
0 loader flags
10 number of directories
7DB0 [ 16A] RVA [size] of Export Directory
A000 [ 3C] RVA [size] of Import Directory
B000 [ 2B8] RVA [size] of Resource Directory
9000 [ 288] RVA [size] of Exception Directory
0 [ 0] RVA [size] of Certificates Directory
C000 [ 3C] RVA [size] of Base Relocation Directory
6550 [ 1C] RVA [size] of Debug Directory
0 [ 0] RVA [size] of Architecture Directory
0 [ 0] RVA [size] of Global Pointer Directory
0 [ 0] RVA [size] of Thread Storage Directory
0 [ 0] RVA [size] of Load Configuration Directory
0 [ 0] RVA [size] of Bound Import Directory
A2A0 [ 260] RVA [size] of Import Address Table Directory
0 [ 0] RVA [size] of Delay Import Directory
0 [ 0] RVA [size] of COM Descriptor Directory
0 [ 0] RVA [size] of Reserved Directory
SECTION HEADER #1
.text name
4687 virtual size
1000 virtual address (0000000180001000 to 0000000180005686)
4800 size of raw data
400 file pointer to raw data (00000400 to 00004BFF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
60000020 flags
Code
Execute Read
SECTION HEADER #2
.rdata name
1F1A virtual size
6000 virtual address (0000000180006000 to 0000000180007F19)
2000 size of raw data
4C00 file pointer to raw data (00004C00 to 00006BFF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
40000040 flags
Initialized Data
Read Only
Debug Directories
Time Type Size RVA Pointer
-------- ------ -------- -------- --------
48FF2B43 cv 57 0000702C 5C2C Format: RSDS, {FC74C901-7889-4E77-8E4F-C81674668F9A}, 1, d:\Visual Studio 2008\Projects\TestDll2\x64\Debug\TestDll2.pdb
SECTION HEADER #3
.data name
759 virtual size
8000 virtual address (0000000180008000 to 0000000180008758)
200 size of raw data
6C00 file pointer to raw data (00006C00 to 00006DFF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
C0000040 flags
Initialized Data
Read Write
SECTION HEADER #4
.pdata name
3F0 virtual size
9000 virtual address (0000000180009000 to 00000001800093EF)
400 size of raw data
6E00 file pointer to raw data (00006E00 to 000071FF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
40000040 flags
Initialized Data
Read Only
SECTION HEADER #5
.idata name
9C1 virtual size
A000 virtual address (000000018000A000 to 000000018000A9C0)
A00 size of raw data
7200 file pointer to raw data (00007200 to 00007BFF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
C0000040 flags
Initialized Data
Read Write
SECTION HEADER #6
.rsrc name
2B8 virtual size
B000 virtual address (000000018000B000 to 000000018000B2B7)
400 size of raw data
7C00 file pointer to raw data (00007C00 to 00007FFF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
40000040 flags
Initialized Data
Read Only
SECTION HEADER #7
.reloc name
F7 virtual size
C000 virtual address (000000018000C000 to 000000018000C0F6)
200 size of raw data
8000 file pointer to raw data (00008000 to 000081FF)
0 file pointer to relocation table
0 file pointer to line numbers
0 number of relocations
0 number of line numbers
42000040 flags
Initialized Data
Discardable
Read Only
Summary
1000 .data
1000 .idata
1000 .pdata
2000 .rdata
1000 .reloc
1000 .rsrc
5000 .text
regards,
George
|
|
|
|
|
This one:
180000000 image base (0000000180000000 to 000000018000CFFF)
Simon
|
|
|
|
|
Thanks for your clarification, Simon!
regards,
George
|
|
|
|
|
George_George wrote: Here is my output, which item do you think is the preferred load address?
In the middle of the first "Lump":
180000000 image base (0000000180000000 to 000000018000CFFF)
Though I'd look at the sysinternals tool, as they're more digestible!
Iain.
|
|
|
|
|
Thanks for sharing your perspective, Iain!
regards,
George
|
|
|
|
|
HMODULE hModule=LoadLibrary("Drive:\\folder\\sth.dll");
if(!hModule)
{
MessageBox("Load sth.dll failed!);
return;
}
FARPROC address= GetProcAddress(hModule, ("Drive:\\folder\\sth.dll");
if(!address)
{
MessageBox("GetProcAddress failed!);
return;
}
|
|
|
|
|
Hi anminxin,
Sorry I disagree with your code. I am asking how to get the preferred load address, but you get the actual load address. Any comments?
regards,
George
|
|
|
|
|
Hi,
I have a C code that calls an assembly procedure with a parameter that is a pointer to a structure.
typedef struct _SOMESTRUCT {
ULONG arg1;
CHAR arg2[10];
} SOMESTRUCT, *PSOMESTRUCT;
Then in C code, im calling an assembly proc like this:
SOMESTRUCT mySomeStruct;
ret = AssemblyFunction(&mySomeStruct);
In assembly code, how can i access arg1 and arg2?
Any idea?
|
|
|
|
|
OK - it has been a long time since I did any x86 assembly (remember int 21h, everyone? )...
But presuming correct alignment, since you are passing the address of the structure, the first member of the structure (arg1 ) should be at that same address. The second member (arg2 ) should be at Address + sizeof( arg1 ) or Address + 4 , if talking about a normal Win32 build.
Note that you should be specifying the packing of that structure, and I would suggest no padding (packing of 1) to make it easier to use the structure from assembly.
Peace!
-=- James Please rate this message - let me know if I helped or not!<hr></hr> If you think it costs a lot to do it right, just wait until you find out how much it costs to do it wrong! Remember that Professional Driver on Closed Course does not mean your Dumb Ass on a Public Road! See DeleteFXPFiles
|
|
|
|
|
James R. Twine wrote: remember int 21h, everyone?
Yes! And I have hazy recollections of int 13h as well.
And, of course, int 10h was where I got my start
Mark Salsbery
Microsoft MVP - Visual C++
|
|
|
|
|
I understand that. But please be more specific. You mean BP+4 in the stack?
|
|
|
|
|
IIRC, BP (base or frame pointer) is set to the value of the stack where your parameters are. So, yes, BP should contain a value that is the address of the structure, you will need to get to that address (start of the structure) and move past the first member of the structure to get to the second one.
Peace!
-=- James Please rate this message - let me know if I helped or not!<hr></hr> If you think it costs a lot to do it right, just wait until you find out how much it costs to do it wrong! Remember that Professional Driver on Closed Course does not mean your Dumb Ass on a Public Road! See DeleteFXPFiles
|
|
|
|
|
Hai !
Is the any other function other than fopen(), to open a file and write some data into it, as fopen doesn't work in my system!!
|
|
|
|
|
kapardhi wrote: s fopen doesn't work in my system
why?
kapardhi wrote: Is the any other function other than fopen()
You can use CStdioFile (MFC) etc to do file operations and there are few others that you can try searching for
Somethings seem HARD to do, until we know how to do them.
_AnShUmAn_
|
|
|
|
|
I would say: "my application isn't able to take advantage of fopen ", because I'm pretty sure fopen works fine on your system.
If the Lord God Almighty had consulted me before embarking upon the Creation, I would have recommended something simpler.
-- Alfonso the Wise, 13th Century King of Castile.
This is going on my arrogant assumptions. You may have a superb reason why I'm completely wrong.
-- Iain Clarke
[My articles]
|
|
|
|
|
kapardhi wrote: ...fopen doesn't work in my system!!
Actually it does if used correctly. Care to show us a code snippet?
"Love people and use things, not love things and use people." - Unknown
"The brick walls are there for a reason...to stop the people who don't want it badly enough." - Randy Pausch
|
|
|
|
|
TRY.log file is what i want to create
pchFilePath = ""c:\\Documents and Settings\\Kapardhi\\Desktop\\Oct22\\\\TRY.log";
CFile *fp;
fp = fopen(pchFilePath, "a+");
it gives unhandled exception error after execution of fopen ();
|
|
|
|
|
kapardhi wrote: pchFilePath = ""c:\\Documents and Settings\\Kapardhi\\Desktop\\Oct22\\\\TRY.log";
Why are you doing this?
kapardhi wrote: it gives unhandled exception error after execution of fopen ();
So why do you not show what is happening after execution of fopen() ?
"Love people and use things, not love things and use people." - Unknown
"The brick walls are there for a reason...to stop the people who don't want it badly enough." - Randy Pausch
|
|
|
|
|
that is the path where i want to create the file
At the end there are \\\\ i.e computer takes as
"c:\Documents and Settings\Kapardhi\Desktop\Oct22\\MyTry.log"
this"\\" implies any string before "\\" is path, and string after "\\" is the name of the file to be created
|
|
|
|
|
You totally missed the question. Why are you using the 2 extra backslashes?
"Love people and use things, not love things and use people." - Unknown
"The brick walls are there for a reason...to stop the people who don't want it badly enough." - Randy Pausch
|
|
|
|
|
that is the path where i want to create the file
At the end there are \\\\ i.e computer takes as
"c:\Documents and Settings\Kapardhi\Desktop\Oct22\\MyTry.log"
this"\\" implies any string before "\\" is path, and string after "\\" is the name of the file to be created
|
|
|
|